基于差分隐私的矢量地理数据脱密方法

doi:10.11947/j.AGCS.2025.20230321

摘要/Abstract

摘要：

矢量地理数据必须采用脱密方法降低几何位置精度后才能安全共享和使用，现有脱密方法均无法对方法的安全性和脱密数据的可用性进行定量分析，难以实现安全性和可用性的最优均衡。本文首次将差分隐私技术应用于矢量地理数据脱密，创新性提出一种基于差分隐私的矢量地理数据脱密方法（DP-VGS），将现有非线性变换的脱密模型和差分隐私技术结合，通过敏感区域的划分和聚合、脱密安全预算的分配，使得敏感性高的区域脱密后的安全性更高；设计一种基于函数扰动和截断拉普拉斯机制的脱密模型加噪保护方法（FM-TL），提高脱密数据可用性。理论证明DP-VGS满足ε-差分隐私，即给定脱密安全预算ε的值，能够确定脱密模型的安全性并得到脱密模型的误差上界；并且这种基于差分隐私的脱密方法能跟现有脱密模型兼容。在4个真实数据集上的试验结果表明，本文方法达到了使脱密数据安全性和可用性最优的目的。

关键词: 矢量地理数据, 差分隐私, 脱密模型, 函数扰动, 截断拉普拉斯机制

Abstract:

Vector geographic data can be shared and used only after the geometric position accuracy is reduced by decryption methods, and none of the existing decryption methods are able to quantitatively analyze the security of the methods and the utility of the decrypted data. This paper is the first to combine differential privacy technology to decryption vector geographic data, and innovatively proposes a differential privacy-based method for vector geographic data decryption (DP-VGS), which combines the existing decryption model of nonlinear transformation and differential privacy. Firstly, through the division and aggregation of sensitive regions and the allocation of the decryption security budget, the regions with high sensitivity are made more secure after decryption. Secondly, a decryption model noise protection method based on function perturbation and TrunLap mechanism (FM-TL) is designed to improve the utility of decrypted data. Theoretical analysis demonstrates that DP-VGS satisfies differential privacy, which means that the security and error upper bound can be obtained by giving the decryption security budget, and DP-VGS is compatible with most of the existing decryption models. Experimental results on four real datasets show that the security of DP-VGS achieves the goal of optimizing the security and availability of the decrypted data.

Key words: vector geographic data, differential privacy, decryption model, function perturbation, truncated Laplace mechanism

中图分类号:

P208

徐雅鑫, 徐彦彦, 欧阳雪, 徐正全. 基于差分隐私的矢量地理数据脱密方法[J]. 测绘学报, 2025, 54(2): 356-370.

Yaxin XU, Yanyan XU, Xue OUYANG, Zhengquan XU. Decryption method for vector geographic data based on differential privacy[J]. Acta Geodaetica et Cartographica Sinica, 2025, 54(2): 356-370.

图/表 15

图1

图2

表1

符号说明"

符号	说明
D，D^*	脱密前的矢量数据集，脱密后的矢量数据集
ε	脱密安全预算，控制脱密模型的保护程度
（x，y），r	原始经纬度坐标，坐标的脱密精度范围r
f_x（x），f_y（y）	坐标x和y的原始脱密模型
i∈[g]，j∈[s]	索引i的取值为{1，2，…，g}，索引j的取值为{1，2，…，s}
g，h_i	空间网格划分的个数为g，第i个网格的敏感信息量记为h_i且i∈[g]
s	将g个网格进行区域聚合的个数为s
H_j，ε_j	第j个区域的敏感信息量为H_j，分配脱密安全预算为ε_j且j∈[s]
D_j，	第j个区域内数据集记为D_j，与D_j仅有一个数据不同且最大相差r
h_Lsens，h_Asens	敏感位置Lsens的信息量，敏感属性Asens的信息量
f_j（x），f_j（y）	第j个区域构建的原始脱密模型
f_j（x'）	根据D_j的近邻数据集得到的原始脱密模型
A={a₁，a₂，…}	原始脱密模型的系数集合，集合A中的元素个数为\|A\|
ϕ（a）	原始脱密模型的系数组合形式集合Φ_k，ϕ（a）∈Φ_k
，	第j个区域的原始脱密模型f_x（x）和f_y（y）的多项式形式
	根据D_j的近邻数据集得到的原始脱密模型f_j（x'）的多项式形式
k	和中包含的多项式项数
{ω₁，ω₂，…}	多项式系数集合，ω_i为第i个元素且
Δf_j	第j个区域的脱密模型多项式形式的函数上界
Δf_jx，Δf_jy	和的模型上界
，	第j个区域满足差分隐私的脱密模型
	添加噪声后的多项式系数集合，为第i个元素且
ϕ（a）^*	添加噪声后的ϕ（a）记为ϕ（a）^且ϕ（a）^∈Φ_k
	使用满足差分隐私的脱密模型对s个区域脱密后的数据集合
{E₁，E₂，…，E_s}	s个区域的脱密数据与原始数据{D₁，D₂，…，D_s}之间的误差
[r_left，r_right]	r_left至r_right之间的实数
v，μ，σ	随机变量v且服从位置参数为μ和尺度参数为σ的拉普拉斯分布
P_n	在[r_left，r_right]范围内对拉普拉斯分布截断后，分布概率的归一化系数

表1

图3

表2

表3

图4

图5

图6

图7

图8

图9

图10

表4

表5

参考文献 35

[1]	周卫, 朱长青, 吴卫东. 地理信息的安全特征综述[J]. 测绘通报, 2015(10): 122-125.
	ZHOU Wei, ZHU Changqing, WU Weidong. Review of the security features of geographic information[J]. Bulletin of Surveying and Mapping, 2015(10): 122-125.
[2]	ZHU Jianjun, WANG Leyang, HU Jun, et al. Recent advances in the geodesy data processing[J]. Journal of Geodesy and Geoinformation Science, 2023, 6(3): 33-45.
[3]	LIU Jingnan, ZHAN Jiao, GUO Chi, et al. Data logic structure and key technologies on intelligent high-precision map[J]. Journal of Geodesy and Geoinformation Science, 2020, 3(3): 1-17.
[4]	朱长青, 任娜, 徐鼎捷. 地理信息安全技术研究进展与展望[J]. 测绘学报, 2022, 51(06): 1017-1028. DOI:. doi: 10.11947/j.AGCS.2022.20220172
	ZHU Changqing, REN Na, XU Dingjie. Geo-information security technology: progress and prospects[J]. Acta Geodaetica et Cartographica Sinica, 2022, 51(6): 1017-1028. DOI:. doi: 10.11947/j.AGCS.2022.20220172
[5]	LU Z, WEI Z, LI J, et al. Grid model for high-accuracy coordinate transformation of China geodetic coordinate system 2000[J]. Journal of Geodesy and Geoinformation Science, 2019, 2(1): 17-25, 36.
[6]	江栋华, 周卫. 一种基于Chebyshev多项式的矢量数据几何精度脱密模型[J]. 测绘科学技术学报, 2018, 35(3): 321-325.
	JIANG Donghua, ZHOU Wei. Decryption model for vector geographic data based on Chebyshev polynomials[J]. Journal of Geomatics Science and Technology, 2018, 35(3): 321-325.
[7]	郭金运, 朱明法, 徐泮林. 地图数据几何纠正时仿射变换与相似变换的对比分析[J]. 测绘通报, 2001(4): 23-24.
	GUO Jinyun, ZHU Mingfa, XU Panlin. Comparition between the affine transformation and the similarity transformation and its analysis[J]. Bulletin of Surveying and Mapping, 2001(4): 23-24.
[8]	江栋华. 顾及整体变换与随机扰动的矢量数据组合脱密模型研究[D]. 南京: 南京师范大学, 2018.
	JIANG Donghua. Research of combination decryption model for vector geographic data considering overall transformation and random disturbance[D]. Nanjing: Nanjing Normal University, 2018.
[9]	于辉, 周卫, 马心念. 一种基于三角函数的矢栅地理数据可逆几何脱密模型[J]. 测绘通报, 2017(10): 89-94.
	YU Hui, ZHOU Wei, MA Xinnian. A reversible decryption model for vector and raster integration based on trigonometric function[J]. Bulletin of Surveying and Mapping, 2017(10): 89-94.
[10]	崔翰川. 面向共享的矢量地理数据安全关键技术研究[D]. 南京: 南京师范大学, 2013.
	CUI Hanchuan. Research on the sharing security of vector geography data[D]. Nanjing: Nanjing Normal University, 2013.
[11]	彭达豪. 基于区域划分的数字地图非线性变换研究[D]. 哈尔滨: 哈尔滨工程大学, 2019.
	PENG Dahao. Research on the sharing security of vector geography data[D]. Harbin: Harbin Engineering University, 2019.
[12]	谢年. 基于双线性内插模型的地理空间数据保密技术研究[J]. 测绘与空间地理信息, 2016, 39(3): 143-145, 148.
	XIE Nian. Research on the security of geospatail data based on the bilinear interpolation model[J]. Geomatics & Spatial Information Technology, 2016, 39(3): 143-145, 148.
[13]	张寿选. 基于格网坐标转换法的矢量数据脱密方法研究[J]. 地理空间信息, 2022, 20(3): 88-91.
	ZHANG Shouxuan. Research on vector data decryption method based on grid coordinate transformation[J]. Geospatial Information, 2022, 20(3): 88-91.
[14]	LYU Haiyang, ZHOU Wei, SHENG Yehua, et al. Topology and shape preservable geometric decryption method for vector geographic data[J]. Journal of China University of Mining & Technology, 2017, 46(3): 648-654.
[15]	李安波, 吴雪荣, 解宪丽, 等. 精度可控的矢量地理数据脱密方法[J]. 中国矿业大学学报, 2016, 45(5): 1050-1057.
	LI Anbo, WU Xuerong, XIE Xianli, et al. A precision alterable declassification technique for vector geo-data[J]. Journal of China University of Mining & Technology, 2016, 45(5): 1050-1057.
[16]	DWORK C. Differential privacy[C]//Proceedings of the 33rd International Conference on Automata, Languages and Programming. Berlin: Springer, 2006.
[17]	DWORK C, ROTH A. The algorithmic foundations of differential privacy[J]. Foundations and Trends in Theoretical Computer Science, 2014, 9: 211-407.
[18]	ERLINGSSON Ú, PIHUR V, KOROLOVA A. Rappor: randomized aggregatable privacy-preserving ordinal response[C]//Proceedings of 2014 ACM SIGSAC Conference on Computer and Communications Security. New York: ACM Press, 2014: 1054-1067.
[19]	Differential Privacy Team. Learning with privacy at scale[EB/OL]. [2023-05-05]. https://machinelearning.apple.com/2017/12/06/learning-with-privacy-at-scale.html.
[20]	CORMODE G, PROCOPIUC C, SRIVASTAVA D, et al. Differentially private spatial decompositions[C]//Proceedings of 2012 IEEE International Conference on Data Engineering. Arlingto: IEEE, 2012: 20-31.
[21]	QARDAJI W, YANG Weining, LI Ninghui. Differentially private grids for geospatial data[C]//Proceedings of 2013 IEEE International Conference on Data Engineering (ICDE). Brisbane: IEEE, 2013: 757-768.
[22]	黄泗勇, 陈婷婷, 卢清, 等. 基于kd-树的差分隐私二维空间数据划分发布方法[J]. 山东大学学报(工学版), 2015, 45(1): 24-29.
	HUANG Siyong, CHEN Tingting, LU Qing, et al. Differentially privacy two-dimensional dataset partitioning publication algorithm based on kd-tree[J]. Journal of Shandong University (Engineering Science), 2015, 45(1): 24-29.
[23]	ZHAO Xiaodong, DONG Yulan, PI Dechang. Novel trajectory data publishing method under differential privacy[J]. Expert Systems with Applications, 2019, 138: 112791.
[24]	HUANG Hongyu, NIU Xin, CHEN Chao, et al. A differential private mechanism to protect trajectory privacy in mobile crowd-sensing[C]//Proceedings of 2019 IEEE Wireless Communications and Networking Conference. Marrakesh: IEEE, 2019: 1-6.
[25]	CHATZIKOKOLAKIS K, PALAMIDESSI C, STRONATI M. A predictive differentially-private mechanism for mobility traces[C]//Proceedings of 2014 International Symposium on Privacy Enhancing Technologies Symposium. Berlin: Springer, 2014: 21-41.
[26]	WANG Tianhao, BLOCKI J, LI Ninghui, et al. Locally differentially private protocols for frequency estimation[C]//Proceedings of the 26th USENIX Conference on Security Symposium. Vancouver: ACM Press, 2017: 729-745.
[27]	WANG Hao, XU Zhengquan. CTS-DP: publishing correlated time-series data via differential privacy[J]. Knowledge-Based Systems, 2017, 122: 167-179.
[28]	李安波, 陈楹, 姚蒙蒙, 等. 涉密矢量数字地图中敏感要素几何信息量的测度方法[J]. 地球信息科学学报, 2018, 20(1): 7-16.
	LI Anbo, CHEN Ying, YAO Mengmeng, et al. Quantitative measurement of geometrical information for sensitive features in secret-related vector digital maps[J]. Journal of Geo-information Science, 2018, 20(1): 7-16.
[29]	吴赛松. 涉密矢量数字地图敏感信息量测度方法研究[D]. 南京: 南京师范大学, 2014.
	WU Saisong. Research on the measurement methods of the amount of sensitive information for confidential vector digital map[D]. Nanjing: Nanjing Normal University, 2014.
[30]	LI Zhilin, GAO Peichao, XU Zhu. Information theory of cartography: an information-theoretic framework for cartographic communication[J]. Journal of Geodesy and Geoinformation Science, 2021, 4(1): 1-16.
[31]	CROFT W, SACK J R, SHI Wei. Differential privacy via a truncated and normalized Laplace mechanism[J]. Journal of Computer Science and Technology, 2022, 37(2): 369-388.
[32]	ZHANG Jun, ZHANG Zhenjie, XIAO Xiaokui, et al. Functional mechanism: regression analysis under differential privacy[J]. Proc. VLDB Endow, 2012, 5(11): 1364-1375.
[33]	马心念. 矢量地理数据脱密模型的抗攻击性评价方法研究[D]. 南京: 南京师范大学, 2017.
	MA Xinnian. Research on evaluation of anti-attack description model of vector geographic data[D]. Nanjing: Nanjing Normal University, 2017.
[34]	MALING D H. Coordinate systems and map projections[M]. George Philip: Elsevier, 1973.
[35]	MALING D H. Coordinate systems and map projections for GIS[J]. Geographical Information Systems: Principles and Applications, 1991, 1: 135-136.

编辑推荐 0

Metrics

阅读次数

全文

HTML			PDF

最新录用	在线预览	正式出版	最新录用	在线预览	正式出版
0	0	4	0	0	23

来源	本网站	其他网站

次数	27	0
比例	100%	0%

摘要

最新录用	在线预览	正式出版

0	0	46

	来源	本网站

	次数	46
	比例	100%

数据集名称	数据要素层	数据量	经纬度范围
2020年武汉市POI数据	点	23 872	（113.711 991°E，30.017 505°N），（114.996 201°E，31.329 067°N）
2022年全国路网数据	线	3 138 902	（73.926599°E，18.223476°N），（134.733 230°E，53.421 386°N）
2022年中国行政区数据	面	359 571	（73.445 450°E，3.833 843°N），（135.086 349°E，53.555 284°N）
2022年台湾省矢量数据	点、线、面	72 288	（118.162 776°E，21.905 835°N），（122.107 026°E，26.378 825°N）

原始脱密模型（VGS）	随机值保护脱密（VGS_RV）	拉普拉斯机制脱密（DP-VGS_FM-L）	DP-VGS脱密（DP-VGS_FM-TL）
三角函数（VGS_cos）	VGS_RVcos	DP-VGS_FM-Lcos	DP-VGS_FM-TLcos
多项式（VGS_poly）	VGS_RVpoly	DP-VGS_FM-Lpoly	DP-VGS_FM-TLpoly
双线性内插（VGS_bi）	VGS_RVbi	DP-VGS_FM-Lbi	DP-VGS_FM-TLbi
椭球面（VGS_el）	VGS_RVel	DP-VGS_FM-Lel	DP-VGS_FM-TLel

衡量标准	r=10 m				r=50 m
衡量标准	RMSE	S/（%）	P/（%）	T/（%）	RMSE	S/（%）	P/（%）	T/（%）
VGS_{RV cos}	4.325	99.849	98.588	97.765	20.258	90.503	90.341	89.837
DP-VGS_FM-TLcos	3.481	99.994	99.832	98.113	17.229	94.089	94.012	93.461
VGS_cos	3.381	99.996	100	98.387	16.853	94.351	100	93.989
VGS_{RV ploy}	4.479	99.833	98.664	97.793	21.601	90.452	90.078	89.523
DP-VGS_FM-TLploy	3.605	99.994	99.416	98.146	18.310	94.197	92.997	92.982
VGS_ploy	3.504	99.995	99.932	98.427	17.766	94.601	93.405	93.154
VGS_{RV bi}	6.025	99.376	98.046	96.741	23.182	85.761	85.706	85.216
DP-VGS_FM-TLbi	4.819	99.694	99.475	97.939	19.395	87.826	87.531	87.792
VGS_bi	4.688	99.696	99.749	98.135	18.979	88.272	89.743	88.040
VGS_RVel	4.795	99.901	98.707	97.788	22.049	90.321	90.352	89.718
DP-VGS_FM-TLel	3.865	99.996	99.831	98.545	18.686	94.021	94.059	93.142
VGS_el	3.767	99.997	99.998	99.182	17.711	94.290	94.476	93.486

衡量标准	r=10 m				r=50 m
衡量标准	RMSE	S/（%）	P/（%）	T/（%）	RMSE	S/（%）	P/（%）	T/（%）
VGS_{RV cos}	7.403	99.228	98.110	97.072	34.599	86.622	86.085	85.551
DP-VGS_FM-TLcos	5.975	99.852	99.702	98.014	29.229	90.015	89.511	89.703
VGS_cos	5.696	99.873	100	98.258	28.195	90.562	100	90.154
VGS_{RV ploy}	7.394	99.173	98.002	97.075	36.503	86.262	85.941	85.935
DP-VGS_FM-TLploy	5.949	99.823	99.277	98.083	30.846	89.615	89.282	89.263
VGS_ploy	5.672	99.853	99.826	98.357	29.787	90.377	89.931	90.014
VGS_{RV bi}	8.825	97.683	97.266	96.039	40.116	78.512	78.062	77.568
DP-VGS_FM-TLbi	7.078	98.135	98.973	97.666	33.904	81.852	82.019	82.087
VGS_bi	6.741	99.211	99.295	97.935	32.863	82.489	82.500	82.734
VGS_RVel	7.937	99.205	98.087	97.109	37.667	86.917	86.09	86.033
DP-VGS_FM-TLel	6.462	99.850	99.702	98.384	31.878	90.621	89.476	90.026
VGS_el	6.289	99.878	99.917	98.991	30.847	91.032	89.917	90.317