Abstract
Smartphones and wearable devices have been integrated into our daily lives, offering personalized services. However, many apps become overprivileged as their collected sensing data contains unnecessary sensitive information. For example, mobile sensing data could reveal private attributes (e.g., gender and age) and unintended sensitive features (e.g., hand gestures when entering passwords). To prevent sensitive information leakage, existing methods must obtain private labels and users need to specify privacy policies. However, they only achieve limited control over information disclosure. In this work, we present Hippo to dissociate hierarchical information including private metadata and multi-grained activity information from the sensing data. Hippo achieves fine-grained control over the disclosure of sensitive information without requiring private labels. Specifically, we design a latent guidance-based diffusion model, which generates multi-grained versions of raw sensor data conditioned on hierarchical latent activity features. Hippo enables users to control the disclosure of sensitive information in sensing data, ensuring their privacy while preserving the necessary features to meet the utility requirements of applications. Hippo is the first unified model that achieves two goals: perturbing the sensitive attributes and controlling the disclosure of sensitive information in mobile sensing data. Extensive experiments show that Hippo can anonymize personal attributes and transform activity information at various resolutions across different types of sensing data.
Abstract (translated)
智能手机和可穿戴设备已经成为了我们日常生活的一部分,为我们的生活提供了个性化服务。然而,许多应用程序在收集到足够多的传感器数据后,会变得过于亲密,包含不必要的敏感信息。例如,移动传感器数据可能会揭示私人的属性(例如性别和年龄)和意外的敏感功能(例如输入密码时的手势)。为了防止敏感信息泄露,现有方法需要获取私有标签,用户还需要指定隐私政策。然而,它们只能对信息披露实现有限控制。在这项工作中,我们提出了Hippo,以从传感器数据中区分包括私有元数据和多粒度活动信息在内的分层信息。Hippo在不需要私有标签的情况下,实现了对敏感信息披露的精细控制。具体来说,我们设计了一个基于潜在指导的扩散模型,根据分层活动特征生成多粒度的原始传感器数据的变体。Hippo使用户能够控制传感器数据中敏感信息的披露,同时保留满足应用程序有用需求所需的功能。Hippo是第一个实现两个目标的统一模型:扰动敏感属性并控制移动传感器数据中敏感信息的披露。大量的实验结果表明,Hippo可以隐匿个人属性,在各种类型的传感器数据中变换活动信息。
URL
https://arxiv.org/abs/2409.03796