CN103761485A

CN103761485A - Privacy protection method

Info

Publication number: CN103761485A
Application number: CN201410015268.2A
Authority: CN
Inventors: 刘云浩; 张善丰
Original assignee: Tsinghua University
Current assignee: Tsinghua University
Priority date: 2014-01-13
Filing date: 2014-01-13
Publication date: 2014-04-30
Anticipated expiration: 2034-01-13
Also published as: CN103761485B

Abstract

The invention provides a privacy protection method. The method includes: pre-defining a privacy location set: S={s1, s2, s...}, and setting a user's actual location information: ={L1, L2,...,LT}, an uploaded strategy: ={P1, P2,...PT}, and uploaded crowd sensing data of certain time: ={O1, O2,...,OT}. In the uploaded strategy: ={P1, P2,...PT}, expectation maximum of utility( )=|{t|Ot=/empty}|/T is required while Pr[Lt=sj| ]-Pr[Lt=sj]<=8 is met. The method has the advantages that information quantity of uploaded data is maximally kept and meanwhile the uploaded group sensing data resists powerful attack.

Description

A kind of method for secret protection

Technical field

The present invention relates to field of computer technology, be specifically related to a kind of method for secret protection.

Background technology

In recent years, along with the sensor being equipped with on smart mobile phone is more and more, gunz cognition technology develops rapidly.Because gunz cognition technology can obtain large-scale statistics and carry out the measurement in all scales, gunz cognition technology has been applied to the every field in people's life, as publilc health, and public safety, traffic monitoring etc.Typical gunz aware application is comprised of great amount of terminals cellphone subscriber, they spread over each corner in city, by the various kinds of sensors (as acceleration transducer, optical sensor, gyroscope, GPS etc.) being equipped with on mobile phone, record the characteristic of present position, and the data that real-time uploading comprises positional information are to gunz aware services device, server is after obtaining the sensing data of great amount of terminals user in different location, carry out data processing and data analysis, thereby user is provided needed respective services.There is at present the application of a large amount of gunz perception, although then a user wants to obtain the service that application provides, be unwilling to provide some privacy informations, as positional information.Due to such worry, how user protects privacy positional information to become an important problem when uploading sensing data.

At present; the method of protection privacy positional information is mainly based on upsetting; in the information of namely uploading user; add independently noise; this class technology is proved to be to be attacked; an assailant can adopt filtering technique to rebuild the distribution of raw data, thereby can obtain user's privacy positional information.

Summary of the invention

For the deficiencies in the prior art, the invention provides a kind of method for secret protection, can make data that user uploads when resisting powerful attack, maximize the quantity of information that keeps uploading data.

For achieving the above object, the present invention is achieved by the following technical programs:

A method for secret protection, the method comprises:

Pre-defined privacy location sets if the positional information of user's reality is

the strategy of uploading is

certain gunz perception data of uploading is

the strategy of wherein uploading

need to be to all gunz perception datas of uploading

\overset{&RightArrow;}{O} = {O_{1}, O_{2}, . . ., O_{T}}

Meeting

\Pr [L_{t} = s_{j}^{i} | \overset{&RightArrow;}{O}] - \Pr [L_{t} = s_{j}^{i}] \leq δ

Prerequisite under, make

utility (\overset{&RightArrow;}{O}) = | {t | O_{t} &NotEqual; empty} | / T

Expectation maximum;

Wherein, L _texpression optional position,

represent any privacy position, be illustrated in the probability of successfully inferring privacy position in the situation of known uploading data,

mean the probability of inferring privacy position without any Given information in the situation that, value for presetting, δ represents to protect the degree of privacy, it is less that δ arranges, and more can protect privacy;

Described

utility (\overset{&RightArrow;}{O}) = | {t | O_{t} &NotEqual; empty} | / T

Represent the gunz perception data that user uploads

the Information Availability amount comprising, the sum of position when T uploads gunz perception data for user;

Described

\Pr = [L_{t} = s_{j}^{i} | \overset{&RightArrow;}{O}]

For

\Pr [L_{t} = s_{j}^{i} | \overset{&RightArrow;}{O}] = \underset{L_{t} = s_{j}^{i}}{Σ} \Pr [\overset{&RightArrow;}{L} | \overset{&RightArrow;}{O}]

Wherein,

\Pr [\overset{&RightArrow;}{L} | \overset{&RightArrow;}{O}] = \frac{1}{Z (\overset{&RightArrow;}{O})} \exp {Σ_{t = 1}^{T} (Σ_{k = 1}^{K_{1}} λ_{k} f_{k} (\overset{&RightArrow;}{L}) + Σ_{k = 1}^{K_{2}} β_{k} h_{k} (\overset{&RightArrow;}{L}, \overset{&RightArrow;}{O}) + Σ_{k = 1}^{K_{3}} γ_{k} r_{k} (\overset{&RightArrow;}{L}, \overset{&RightArrow;}{O}) + Σ_{k = 1}^{K_{4}} θ_{k} g_{k} (L_{t}, O_{t}))}

Wherein, λ _k, β _k, γ _kand θ _kfor characteristic parameter;

for fundamental function, represent property time correlation between positional information,

represent positional information and upload the spatial correlation between gunz perception data,

represent positional information and upload the feature association between gunz perception data, g _k(L _t, O _t) represent positional information and upload the decision-making relevance between gunz perception data, normalization factor is:

Z (\overset{&RightArrow;}{O}) = \underset{L}{Σ} \exp {Σ_{t = 1}^{T} (Σ_{k = 1}^{K_{1}} λ_{k} f_{k} (\overset{&RightArrow;}{L}) + Σ_{k = 1}^{K_{2}} β_{k} h_{k} (\overset{&RightArrow;}{L}, \overset{&RightArrow;}{O}) + Σ_{k = 1}^{K_{3}} γ_{k} r_{k} (\overset{&RightArrow;}{L}, \overset{&RightArrow;}{O}) + Σ_{k = 1}^{K_{4}} θ_{k} g_{k} (L_{t}, O_{t}))} .

Preferably, described positional information and upload the decision-making Relating Characteristic function g between gunz perception data _k(L _t, O _t) be:

g_{kl} (L_{t} . O_{t}) = δ (L_{t} = l_{j}^{i}, O_{t} = e)

g_{k 2} (L_{t}, O_{t}) = δ (L_{t} = l_{j}^{i}, O_{t} = D_{t})

Wherein, e represents empty empty, O _t=e is illustrated in current location uploading data for empty, O _t=D _tbe illustrated in the data that current location uploading data is gunz perception,

represent the position that some users pass by, δ (w) is when w condition is for really equaling 1, otherwise equals 0.

Preferably, the property time correlation fundamental function between described positional information

for

f_{k} (\overset{&RightArrow;}{L}) = δ (L_{1}, = {l_{i}}_{1}, L_{2} = {l_{i}}_{2}, . . ., L_{t} = {l_{i}}_{t})

Wherein represent t related position.

Preferably, described positional information and upload the spatial correlation fundamental function between gunz perception data

for

h_{k} (L_{t}, L_{t - 1}, O_{t}, O_{t - 1}) = δ (L_{t} = S, L_{t - 1} = C, O_{t} = e, O_{t - 1} = e) .

Preferably, described positional information and upload the feature association fundamental function between gunz perception data

for

r_{k 1} (L_{t}, L_{t - 1}, O_{t}, O_{t - 1}) = δ (dir (L_{t}, L_{t - 1}) = ahead) \times δ (dis (O_{t} . rss, O_{t - 1} . rss) \leq R)

r_{k 1} (L_{t}, L_{t - 1}, O_{t}, O_{t - 1}) = δ (dir (L_{t}, L_{t - 1}) = turn) \times δ (dis (O_{t} . rss, O_{t - 1} . rss) > R)

If user is from L _t-1go to L _tdo not turn, so dir (L _t, L _t-1)=ahead, otherwise dir (L _t, L _t-1)=turn; Dis (O _t.rss, O _t-1.rss) for calculating Euler's distance of the received signal strength RSS reading of two location points.

Preferably, the characteristic parameter θ of described decision-making linked character function _kfor

θ_{k 1} = \log P_{j}^{i}

θ_{k 1} = \log (1 - P_{j}^{i})

Wherein

be illustrated in j position and upload the probability of gunz perception data.

Preferably, described time correlation fundamental function feature parameter"λ" _kfor

The maximized objective function of method that adopts maximal condition likelihood to estimate is:

l (λ) = \underset{j}{Σ} \log \Pr [{\overset{&RightArrow;}{L}}^{i (j)} | {\overset{&RightArrow;}{O}}^{i (j)}]

To λ _kdo local derviation:

\frac{&PartialD; l (λ)}{&PartialD; λ_{k}} = Σ_{j = 1}^{N} Σ_{t = 1}^{T} f_{k} (L_{t}^{i (j)}, L_{t - 1}^{i (j)}, L_{t - 2}^{i (j)} - Σ_{J = 1}^{N} Σ_{T = 1}^{T} \underset{l . l', l''}{Σ} f_{k} (l, l', l'') \Pr (l, l', l'' | {\overset{&RightArrow;}{O}}^{i (j)})

Adopt L-BFGS to carry out regularization, obtain λ _k.

Preferably, the characteristic parameter β of described space correlation fundamental function _kfor

β _k=logPr(L _t=s ⁱ _j|L _t-t'=l _j)

L wherein _t-t'be illustrated in the position of t ' before the moment.

Preferably, the characteristic parameter γ of described feature association fundamental function _kfor

Given

first trained threshold value R:

R = \arg \max \underset{j}{Σ} \underset{t = 1}{Σ} \begin{matrix} {r_{k 1} (L_{t}^{i (j)}, L_{t - 1}^{i (j)}, L_{t}^{i (f)} . rss, L_{t - 1}^{i (j)} . rss) \\ + r_{k 2} (L_{t}^{i (j)}, L_{t - 1}^{i (j)}, L_{t}^{i (j)} . rss, L_{t - 1}^{i (j)} . rss} \end{matrix}

After determining threshold value R, obtain characteristic parameter:

γ_{k 1} = \log (R - dis (x_{t} . rss, x_{t - 1} . rss)) / R

γ_{k 2} = \log (dis (x_{t} . rss, x_{t - 1} . rss) - R) / R .

The present invention at least has following beneficial effect:

The invention provides a kind of method for secret protection; by condition random field, portray positional information and property time correlation, spatial correlation, feature association and the decision-making relevance of uploading gunz perception data; thereby make the data of uploading based on this method for secret protection when resisting powerful attack, to maximize the quantity of information of uploading data.

Accompanying drawing explanation

In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, to the accompanying drawing of required use in embodiment or description of the Prior Art be briefly described below, apparently, accompanying drawing in the following describes is some embodiments of the present invention, for those of ordinary skills, do not paying under the prerequisite of creative work, can also obtain according to these accompanying drawings other accompanying drawing.

Fig. 1 is the process flow diagram of method for secret protection in the embodiment of the present invention 1;

Fig. 2 is the process flow diagram of method for secret protection in the embodiment of the present invention 2;

Fig. 3 is that the fundamental function of the embodiment of the present invention 2 conditional random fields is described;

Fig. 4 is that in the embodiment of the present invention 2, property time correlation is described;

Fig. 5 is that in the embodiment of the present invention 2, spatial correlation is described;

Fig. 6 is that in the embodiment of the present invention 2, RSS feature association is described.

Embodiment

For making object, technical scheme and the advantage of the embodiment of the present invention clearer, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is carried out to clear, complete description, obviously, described embodiment is the present invention's part embodiment, rather than whole embodiment.Embodiment based in the present invention, those of ordinary skills, not making the every other embodiment obtaining under creative work prerequisite, belong to the scope of protection of the invention.

Embodiment 1

The embodiment of the present invention 1 has proposed a kind of method for secret protection, referring to Fig. 1, comprises the steps:

Step 101: pre-defined privacy location sets

Step 102: find certain data upload strategy, make the gunz perception data of uploading under the prerequisite of protection privacy of user, maximum data quantity of information.

If the positional information of user's reality is the strategy of uploading is

certain gunz perception data of uploading is

the strategy of wherein uploading

need to be to all uploading datas meeting

\Pr [L_{t} = s_{j}^{i} | \overset{&RightArrow;}{O}] - \Pr [L_{t} = s_{j}^{i}] \leq δ

Prerequisite under, make

utility (\overset{&RightArrow;}{O}) = | {t | O_{t} &NotEqual; empty} | / T

Expectation maximum;

In this step, L _texpression optional position, represent any privacy position,

be illustrated in the probability of successfully inferring privacy position in the situation of known uploading data,

mean the probability of inferring privacy position without any Given information in the situation that,

value for presetting, δ represents to protect the degree of privacy, it is less that δ arranges, and more can protect privacy;

Described

utility (\overset{&RightArrow;}{O}) = | {t | O_{t} &NotEqual; empty} | / T

Represent the gunz perception data that user uploads

the Information Availability amount comprising, the sum of position during data that T uploads for user.

Described

\Pr [L_{t} = s_{j}^{i} | \overset{&RightArrow;}{O}]

For

\Pr [L_{t} = s_{j}^{i} | \overset{&RightArrow;}{O}] = \underset{L_{t} = s_{j}^{i}}{Σ} \Pr [\overset{&RightArrow;}{L} | \overset{&RightArrow;}{O}]

Wherein

\Pr [\overset{&RightArrow;}{L} | \overset{&RightArrow;}{O}] = \frac{1}{Z (\overset{&RightArrow;}{O})} \exp {Σ_{t = 1}^{T} (Σ_{k = 1}^{K_{1}} λ_{k} f_{k} (\overset{&RightArrow;}{L}) + Σ_{k = 1}^{K_{2}} β_{k} h_{k} (\overset{&RightArrow;}{L}, \overset{&RightArrow;}{O}) + Σ_{k = 1}^{K_{3}} γ_{k} r_{k} (\overset{&RightArrow;}{L}, \overset{&RightArrow;}{O}) + Σ_{k = 1}^{K_{4}} θ_{k} g_{k} (L_{t}, O_{t}))}

Wherein, λ _k, β _k, γ _kand θ _kfor characteristic parameter;

for fundamental function,

represent property time correlation between positional information, represent positional information and upload the spatial correlation between gunz perception data,

Z (\overset{&RightArrow;}{O}) = \underset{L}{Σ} \exp {Σ_{t = 1}^{T} (Σ_{k = 1}^{K_{1}} λ_{k} f_{k} (\overset{&RightArrow;}{L}) + Σ_{k = 1}^{K_{2}} β_{k} h_{k} (\overset{&RightArrow;}{L}, \overset{&RightArrow;}{O}) + Σ_{k = 1}^{K_{3}} γ_{k} r_{k} (\overset{&RightArrow;}{L}, \overset{&RightArrow;}{O}) + Σ_{k = 1}^{K_{4}} θ_{k} g_{k} (L_{t}, O_{t}))} .

Visible; in embodiments of the present invention; by condition random field, portray property time correlation, spatial correlation, feature association and the decision-making relevance of uploading data; thereby make the data of uploading based on this method for secret protection when resisting powerful attack, to maximize the quantity of information of uploading data.

Embodiment 2

Below by a concrete example, carry out the implementation procedure of a more detailed explanation preferred embodiment of the present invention.Referring to Fig. 2, this process comprises the steps:

Step 201: pre-defined privacy location sets

Step 202: set up secret protection model.

In this step, establish the claimed privacy of intimacy protection system and be called as δ-privacy.Be defined as follows: for a user, the gunz perception data of uploading is

defined the set of a privacy position simultaneously

say

protected δ-privacy, if for any position L _t, for any privacy position

meet:

\Pr [L_{t} = s_{j}^{i} | \overset{&RightArrow;}{O}] - \Pr [L_{t} = s_{j}^{i}] \leq δ

From this formula, can see, δ is the ability of attack of resisting for portraying system.What in system of defense, the value of δ arranged is less, and assailant is just more difficult infers the privacy information that user.

For Information Availability amount, be defined as follows, the gunz perception data of uploading as a user is

this group is uploaded comprised Information Availability amount and is so:

The problem of uploading data, can be modeled as a decision problem, namely for single at position L _tgather the data D of gunz perception _t, with probability P _tretain this data, namely do not upload these data.And with 1-P _tupload this data.In order to protect privacy information to be obtained by attacker, one intuitively idea be exactly with larger probability P _tretain the data relevant to privacy information, and in order to maximize Information Availability amount, with smaller probability P _tretain and the incoherent data of privacy information.

According to the theory of condition random field, and the space-time relationship that may exist in actual life, a given output data set assailant infers and real positional information

\overset{&RightArrow;}{L} = {L_{1}, L_{2}, . . ., L_{T}}

Probability be:

\Pr [\overset{&RightArrow;}{L} | \overset{&RightArrow;}{O}] = \frac{1}{Z (\overset{&RightArrow;}{O})} \exp {Σ_{t = 1}^{T} (Σ_{k = 1}^{K_{1}} λ_{k} f_{k} (\overset{&RightArrow;}{L}) + Σ_{k = 1}^{K_{2}} β_{k} h_{k} (\overset{&RightArrow;}{L}, \overset{&RightArrow;}{O}) + Σ_{k = 1}^{K_{3}} γ_{k} r_{k} (\overset{&RightArrow;}{L}, \overset{&RightArrow;}{O}) + Σ_{k = 1}^{K_{4}} θ_{k} g_{k} (L_{t}, O_{t}))}

for fundamental function,

represent property time correlation between positional information, h _k(L, O) represent positional information and upload the spatial correlation between gunz perception data,

represent positional information and upload the feature association between gunz perception data, g _k(L _t, O _t) represent positional information and upload the decision-making relevance between gunz perception data, and normalization factor is:

Z (\overset{&RightArrow;}{O}) = \underset{L}{Σ} \exp {Σ_{t = 1}^{T} (Σ_{k = 1}^{K_{1}} λ_{k} f_{k} (\overset{&RightArrow;}{L}) + Σ_{k = 1}^{K_{2}} β_{k} h_{k} (\overset{&RightArrow;}{L}, \overset{&RightArrow;}{O}) + Σ_{k = 1}^{K_{3}} γ_{k} r_{k} (\overset{&RightArrow;}{L}, \overset{&RightArrow;}{O}) + Σ_{k = 1}^{K_{4}} θ_{k} g_{k} (L_{t}, O_{t}))} .

To describe one by one the definition of fundamental function in detail below:

For decision-making linked character function g _k(L _t, O _t), its essence is and join in condition random field uploading strategy.This fundamental function has two parts to form:

g_{kl} (L_{t} . O_{t}) = δ (L_{t} = l_{j}^{i}, O_{t} = e)

g_{k 2} (L_{t}, O_{t}) = δ (L_{t} = l_{j}^{i}, O_{t} = D_{t})

Characteristic parameter directly portray into:

θ_{k 1} = \log P_{j}^{i}

θ_{k 1} = \log (1 - P_{j}^{i})

Like this, just the decision-making technique of intimacy protection system is portrayed into the system of condition random field.

For portraying the fundamental function of property time correlation

be used for the transfer that may exist between possible adjacent position.Such as in Fig. 4, from C, B, A, may be portrayed by such fundamental function to the transfer of next position F:

f_{k} (\overset{&RightArrow;}{L}) = δ (L_{1}, = {l_{i}}_{1}, L_{2} = {l_{i}}_{2}, . . ., L_{t} = {l_{i}}_{t})

By that analogy, for the transfer between any t position, can pass through fundamental function f _k(L ₁, L ₂..., L _t) portray:

f_{k} (L_{1}, L_{2}, . . ., L_{t}) = δ (L_{1}, = {l_{i}}_{1}, L_{2} = {l_{i}}_{2}, . . ., L_{t} = {l_{i}}_{t})

Wherein represent t related position.

Fundamental function

user portrays spatial correlation.Such as in Fig. 5, S is privacy position, and B is highly associated with S.If user goes to B from A, he probably can go to S, so B should be retained with higher probability.From another one aspect, if user gathers C from A, he can select to go to S or go to D, so need to not retain C with higher probability.For a kind of like this relevance, by following characteristics function, portray:

h _k(L _t,L _t-1,O _t,O _t-1)=δ(L _t=S,L _t-1=C,O _t=e,O _t-1=e)。

For general situation, can set a fundamental function, for portray a privacy information S set ' and one with the S' location sets L' that is mutually related.For, in explanation and calculate easyly, only consider the interdependence between a privacy position and a relevant position here:

h_{k} (L_{t}, L_{t - 1}, O_{t}, O_{t - 1}) = δ (L_{t} = S, L_{t - 1} = C, O_{t} = e, O_{t - 1} = e) .

Corresponding characteristic parameter β _kbe used for portraying a kind of like this correlation degree.Such as in figure tri-, the fundamental function between S and B should have larger characteristic parameter, and the characteristic parameter between S and C is less.

representation feature relevance, the here relevance of received signal strength RSS data namely.As shown in Figure 6, when user is toward AP walking time, the value of RSSI can respond increase, and if turn round halfway, the value of RSSI will sharply decline.A kind of like this feature of association is also likely utilized by attacker, infers the path that user truly passes by.In order to portray a kind of like this relevance, just defined

If user is from L _t-1go to L _tdo not turn, so dir (L _t, L _t-1)=ahead, otherwise dir (L _t, L _t-1)=turn.Dis (O _t.rss, O _t-1.rss) for calculating Euler's distance of two location point RSS readings.

Step 203: the characteristic parameter in training pattern.

In this step, for spatial correlation, needing the parameter of study is β _k, according to probability, shifting, training patterns is as follows:

β _k=logPr(L _t=s ⁱ _j|L _t-t'=L _j

That is to say, if there is stronger relevance a positional information and a privacy position, he just should go with larger probability to retain so.

For the relevance of RSS feature, first to train threshold value R, given

R = \arg \max \underset{j}{Σ} \underset{t = 1}{Σ} \begin{matrix} {r_{k 1} (L_{t}^{i (j)}, L_{t - 1}^{i (j)}, L_{t}^{i (f)} . rss, L_{t - 1}^{i (j)} . rss) \\ + r_{k 2} (L_{t}^{i (j)}, L_{t - 1}^{i (j)}, L_{t}^{i (j)} . rss, L_{t - 1}^{i (j)} . rss} \end{matrix}

After determining threshold value R, characteristic parameter can directly calculate:

γ _k1=log(R-dis(x _t.rss,x _t-1.rss))/R

γ _k2=log(dis(x _t.rss,x _t-1.rss)-R)/R

Finally, train the characteristic parameter of space correlation fundamental function, comparatively complicated.The method that adopts maximal condition likelihood to estimate, needs maximized objective function to be:

l (λ) = \underset{j}{Σ} \log \Pr [{\overset{&RightArrow;}{L}}^{i (j)} | {\overset{&RightArrow;}{O}}^{i (j)}]

To some specific parameter lambda _kafter writing and directing, obtain:

\frac{&PartialD; l (λ)}{&PartialD; λ_{k}} = Σ_{j = 1}^{N} Σ_{t = 1}^{T} f_{k} (L_{t}^{i (j)}, L_{t - 1}^{i (j)}, L_{t - 2}^{i (j)} - Σ_{J = 1}^{N} Σ_{T = 1}^{T} \underset{l . l', l''}{Σ} f_{k} (l, l', l'') \Pr (l, l', l'' | {\overset{&RightArrow;}{O}}^{i (j)})

Can adopt L-BFGS to carry out regularization, solve this optimization problem.

Step 204: choose optimum data upload strategy, realize the protection of user privacy information.

In this step, after training a condition random field, remaining is how to choose the optimum strategy of uploading, and namely, for the gunz perception data gathering on each position, with what kind of probability, retains or uploads.Such strategy can directly affect the probability that assailant infers privacy information.So, need to travel through all possible strategy of uploading, find out and meet δ-privacy, one of utility maximum simultaneously.

For example, in the teaching building of Tsing-Hua University, totally 1600 square metres, include totally 16498 records of 4 users.For each user, first by his the first half data, carry out the study of system, by the data of later half, test.In training part, we travel through all possible retention strategy P.For each P, we can train a correspondingly conditional random field models, as shown in Figure 1.Based on this conditional random field models, can calculate assailant and infer whether the possibility that privacy information meets δ-privacy.Finally, we are from meeting the retention strategy of δ-privacy, choose a utility maximum.

Above embodiment only, for technical scheme of the present invention is described, is not intended to limit; Although the present invention is had been described in detail with reference to previous embodiment, those of ordinary skill in the art is to be understood that: its technical scheme that still can record aforementioned each embodiment is modified, or part technical characterictic is wherein equal to replacement; And these modifications or replacement do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.

Claims

1. a method for secret protection, is characterized in that, the method comprises:

Pre-defined privacy location sets

if the positional information of user's reality is

the strategy of uploading is

certain gunz perception data of uploading is

the strategy of wherein uploading need to be to all gunz perception datas of uploading

\overset{&RightArrow;}{O} = {O_{1}, O_{2}, . . ., O_{T}}

Meeting

\Pr [L_{t} = s_{j}^{i} | \overset{&RightArrow;}{O}] - \Pr [L_{t} = s_{j}^{i}] \leq δ

Prerequisite under, make

utility (\overset{&RightArrow;}{O}) = | {t | O_{t} &NotEqual; empty} | / T

Expectation maximum;

Wherein, L _texpression optional position,

represent any privacy position,

Described

utility (\overset{&RightArrow;}{O}) = | {t | O_{t} &NotEqual; empty} | / T

Represent the gunz perception data that user uploads

Described

\Pr [L_{t} = s_{j}^{i} | \overset{&RightArrow;}{O}]

For

\Pr [L_{t} = s_{j}^{i} | \overset{&RightArrow;}{O}] = \underset{L_{t} = s_{j}^{i}}{Σ} \Pr [\overset{&RightArrow;}{L} | \overset{&RightArrow;}{O}]

Wherein,

\Pr [\overset{&RightArrow;}{L} | \overset{&RightArrow;}{O}] = \frac{1}{Z (\overset{&RightArrow;}{O})} \exp {Σ_{t = 1}^{T} (Σ_{k = 1}^{K_{1}} λ_{k} f_{k} (\overset{&RightArrow;}{L}) + Σ_{k = 1}^{K_{2}} β_{k} h_{k} (\overset{&RightArrow;}{L}, \overset{&RightArrow;}{O}) + Σ_{k = 1}^{K_{3}} γ_{k} r_{k} (\overset{&RightArrow;}{L}, \overset{&RightArrow;}{O}) + Σ_{k = 1}^{K_{4}} θ_{k} g_{k} (L_{t}, O_{t}))}

Wherein, λ _k, β _k, γ _kand θ _kfor characteristic parameter;

for fundamental function,

represent property time correlation between positional information,

Z (\overset{&RightArrow;}{O}) = \underset{L}{Σ} \exp {Σ_{t = 1}^{T} (Σ_{k = 1}^{K_{1}} λ_{k} f_{k} (\overset{&RightArrow;}{L}) + Σ_{k = 1}^{K_{2}} β_{k} h_{k} (\overset{&RightArrow;}{L}, \overset{&RightArrow;}{O}) + Σ_{k = 1}^{K_{3}} γ_{k} r_{k} (\overset{&RightArrow;}{L}, \overset{&RightArrow;}{O}) + Σ_{k = 1}^{K_{4}} θ_{k} g_{k} (L_{t}, O_{t}))} .

2. method according to claim 1, is characterized in that, described positional information and upload the decision-making Relating Characteristic function g between gunz perception data _k(L _t, O _t) be:

g_{kl} (L_{t} . O_{t}) = δ (L_{t} = l_{j}^{i}, O_{t} = e)

g_{k 2} (L_{t}, O_{t}) = δ (L_{t} = l_{j}^{i}, O_{t} = D_{t})

3. method according to claim 1, is characterized in that, the property time correlation fundamental function between described positional information

for

f_{k} (\overset{&RightArrow;}{L}) = δ (L_{1}, = {l_{i}}_{1}, L_{2} = {l_{i}}_{2}, . . ., L_{t} = {l_{i}}_{t})

Wherein

represent t related position.

4. method according to claim 1, is characterized in that, described positional information and upload the spatial correlation fundamental function between gunz perception data

for

h_{k} (L_{t}, L_{t - 1}, O_{t}, O_{t - 1}) = δ (L_{t} = S, L_{t - 1} = C, O_{t} = e, O_{t - 1} = e) .

5. method according to claim 1, is characterized in that, described positional information and upload the feature association fundamental function between gunz perception data

for

r_{k 1} (L_{t}, L_{t - 1}, O_{t}, O_{t - 1}) = δ (dir (L_{t}, L_{t - 1}) = ahead) \times δ (dis (O_{t} . rss, O_{t - 1} . rss) \leq R)

r_{k 1} (L_{t}, L_{t - 1}, O_{t}, O_{t - 1}) = δ (dir (L_{t}, L_{t - 1}) = turn) \times δ (dis (O_{t} . rss, O_{t - 1} . rss) > R)

6. method according to claim 1, is characterized in that, the characteristic parameter θ of described decision-making linked character function _kfor

θ_{k 1} = \log P_{j}^{i}

θ_{k 1} = \log (1 - P_{j}^{i})

Wherein

7. method according to claim 1, is characterized in that, described time correlation fundamental function feature parameter"λ" _kfor

l (λ) = \underset{j}{Σ} \log \Pr [{\overset{&RightArrow;}{L}}^{i (j)} | {\overset{&RightArrow;}{O}}^{i (j)}]

To λ _kdo local derviation:

\frac{&PartialD; l (λ)}{&PartialD; λ_{k}} = Σ_{j = 1}^{N} Σ_{t = 1}^{T} f_{k} (L_{t}^{i (j)}, L_{t - 1}^{i (j)}, L_{t - 2}^{i (j)} - Σ_{J = 1}^{N} Σ_{T = 1}^{T} \underset{l . l', l''}{Σ} f_{k} (l, l', l'') \Pr (l, l', l'' | {\overset{&RightArrow;}{O}}^{i (j)})

Adopt L-BFGS to carry out regularization, obtain λ _k.

8. method according to claim 1, is characterized in that, the characteristic parameter β of described space correlation fundamental function _kfor

β _k=logPr(L _t=s ⁱ _j|L _t-t'=l _j)

L wherein _t-t'be illustrated in the position of t ' before the moment.

9. method according to claim 1, is characterized in that, the characteristic parameter γ of described feature association fundamental function _kfor

Given

first trained threshold value R:

R = \arg \max \underset{j}{Σ} \underset{t = 1}{Σ} \begin{matrix} {r_{k 1} (L_{t}^{i (j)}, L_{t - 1}^{i (j)}, L_{t}^{i (f)} . rss, L_{t - 1}^{i (j)} . rss) \\ + r_{k 2} (L_{t}^{i (j)}, L_{t - 1}^{i (j)}, L_{t}^{i (j)} . rss, L_{t - 1}^{i (j)} . rss} \end{matrix}

After determining threshold value R, obtain characteristic parameter:

γ_{k 1} = \log (R - dis (x_{t} . rss, x_{t - 1} . rss)) / R

γ_{k 2} = \log (dis (x_{t} . rss, x_{t - 1} . rss) - R) / R .