Human mobility data have been ubiquitously collected through cellular networks and mobile applications, and publicly released for academic research and commercial purposes for the last decade. Since releasing individual's mobility records usually gives rise to privacy issues, data sets owners tend to only publish aggregated mobility data, such as the number of users covered by a cellular tower at a specific timestamp, which is believed to be sufficient for preserving users' privacy. However, in this paper, we argue and prove that even publishing aggregated mobility data could lead to privacy breach in individuals' trajectories. We develop an attack system that is able to exploit the uniqueness and regularity of human mobility to recover individual's trajectories from the aggregated mobility data without any prior knowledge. By conducting experiments on two real-world data sets collected from both the mobile application and cellular network, we reveal that the attack system is able to recover users' trajectories with an accuracy of about 73%similar to 91% at the scale of thousands to ten thousands of mobile users, which indicates severe privacy leakage in such data sets. Our extensive analysis also reveals that by generalization and perturbation, this kind of privacy leakage can only be mitigated. Through the investigation on aggregated mobility data, this paper recognizes a novel privacy problem in publishing statistic data, which appeals for immediate attentions from both the academy and industry.

• 出版日期2018-6
• 单位清华大学