^{1}

^{1}

^{*}

^{2}

^{3}

The frequent use of location query services in location-based services will come out a large amount of space-time data related to users. Attackers infer information of location or track based on these rich background knowledge. Therefore, aiming at the problem of trajectory privacy, the context adds instant traffic monitoring based on user behavior patterns, trajectory similarity and other background information. According to the idea of
*k* anonymity, proposed a method combined with traffic condition to protect the trajectory privacy. First, the user randomly selects a time point of the real trajectory to rotate to generate dummy trajectory, and then repeat the above process on the real trajectory and dummy trajectory. Up to the generation of
*k*
− 1 dummy trajectory, and according to the actual road conditions and trajectory leakage probability, traversing dummy trajectory to adjust. Finally, it is further proved through experiments that the method will be more efficient and protect privacy well.

In recent years, the mobile Internet has brought the development of information technology into a new era, has changed people’s traditional way of life, and has affected the medical, entertainment, finance, politics, education and other fields. With the popularity of 4G era, mobile devices such as smart phones have become more portable and real-time, and mobile communication technology is changing with each passing day. Location-Based Service (LBS) is one of the most important service models in the mobile Internet. It integrates positioning technology, mobile communication technology, internet technology and geographic information system (GIS) technology, and is the most frequently used service used by a mobile internet user. LBS query is divided into two types: snapshot query and continuous query [

At present, researchers put forward many methods for the protection of location privacy, but most of them are to solve the privacy protection of location in snapshot queries, which involves fewer problems in continuous queries. The researchers found that in continuous queries, despite the privacy protection of every position in the trajectory, the attacker can still obtain the approximate trajectory of the user based on the rich background knowledge and the behavior pattern of the user, and thus obtain the approximate trajectory of the user, resulting in leakage of sensitive locations and trajectory. Therefore, the correlation between the location of the locus and its background information becomes an urgent problem to be solved.

The existing methods to protect trajectory privacy can be divided into four categories [

Trajectory privacy protection technology based on hybrid region [

The probability of request refers to the probability of users sending LBS service requests in a location or a region. The probability of user’s service request is predicted by historical trajectory. The map model is divided into a grid of size n × n, and the probability of service request of a grid is:

q i = numberofhistoryservicerequestsingird i numberofhistoryservicerequestsinallgirds (1)

The real trajectory can be represented as U 0 = [ ( x 1 , y 1 ) , ( x 2 , y 2 ) , ( x 3 , y 3 ) , ⋯ , ( x m , y m ) ] , (x_{i}, y_{i}) represents the location of the user at the time of the snapshot query at i time. Trajectory leak probability is the degree of overlap between the location of the request for service at each snapshot query by the user and the position on the corresponding perturbed trajectory. The request probabilities of grids where the ith ( 1 ≤ i ≤ m ) position (x_{i}, y_{i}) of the real trajectory and its corresponding jth ( 1 ≤ j ≤ k − 1 ) thrashing position (x_{ij}, y_{ij}) are respectively q_{i} and q_{ij}. When the request probability of these disturbed locations is very close to the request probability of the real location, the attacker can not distinguish the real location. In order to achieve trajectory k anonymity and disrupt the effective position, need to meet the following two conditions:

1) the ith position of the real trajectory does not coincide with the corresponding jth disturbing position, that is, ( x i , y i ) ≠ ( x i j , y i j ) for any j ( 1 ≤ j ≤ k − 1 ).

2) the difference between the request probability of the ith position of the real trajectory and the corresponding jth disturbance position is less than δ, that is, for any j ( 1 ≤ j ≤ k − 1 ), | q i − q i j | = δ is satisfied. δ is user defined, the closer δ is to 0, the closer the probability of request is.

For each snapshot query, the more the effective scrambling location, the smaller the leakage probability. When k − 1 positions are valid, the leakage probability is the least. The less the effective scrambling location, the greater the leakage probability. When all the k − 1 positions are invalid, that is, when the k positions are overlapped at one point, the true location information is leaked. Thus, the probability of location leakage is defined as:

p i = 1 thevaliddisturbedpositionofthe i realpositioninthesnapshot (2)

The probability of leakage of the trajectory is:

P r = ∑ i = 1 m p i m (3)

Considering the user’s behavior habits and the true degree of trajectory, the degree of privacy protection is measured by trajectory similarity, and the higher the similarity between real trajectory and disturbed trajectory, the less discernibility. The real trajectory can be represented as

U 0 = [ ( x 1 , y 1 ) , ( x 2 , y 2 ) , ( x 3 , y 3 ) , ⋯ , ( x m , y m ) ] , assuming that the user’s position at i time is (x_{i}, y_{i}) at an angle θ_{i} to the initial location (x_{1}, y_{1}), so tan θ i = y i − y 1 x i − x 1 . It can be deduced that θ i = arctan y i − y 1 x i − x 1 . Then the real trajectory of the user can be expressed as U 0 = [ ( x 1 , y 1 ) , 〈 θ 1 , θ 2 , θ 3 , ⋯ , θ m 〉 ] . Similarly, the generated disturbance trajectory is T j = [ ( x 1 j , y 1 j ) , ( x 2 j , y 2 j ) , ( x 3 j , y 3 j ) , ⋯ , ( x m j , y m j ) ] , which θ i j = arctan y i j − y 1 j x i j − x 1 j . The trajectory similarity is:

σ 2 = ∑ j = 1 k E m [ θ i j − θ i 2 π ] k = ∑ j = 1 k ∑ i = 1 m ( θ i j − θ i 2 π ) k m (4)

When the value range of the σ^{2} is [0, 1] and the trajectory similarity is higher, the more similar the disturbing trajectory and the contour of the real trajectory, the worse the resolution.

The algorithm based on client-server model is mainly composed of mobile end-user LBS server. Mobile end-user accesses LBS server through mobile network to obtain map background knowledge and services. The architecture of the system is shown in

The mobile device user is composed of a location/communication module and an intelligent path planning module and trajectory privacy module. The function of the location/communication module is to communicate with the LBS server to obtain the user’s position. The path between the user’s starting position and the terminating position is the responsibility of the path planning module. To meet the personalized needs of users such as the shortest path avoid congestion avoid the limited area and so on. The work of the trajectory privacy protection module is to rotate the planned path nodes and offset to generate k − 1 dummy trajectories. Privacy processing of the user’s planning path.

The algorithm proposed in this paper is composed of two main processes: the generation of dummy trajectory and the adjustment of disturbance trajectory. The specific steps are as follows:

1) Random selection of a time point on a real trajectory and rotate θ_{i} degree around this point, according to the map model, the rotation point is taken as the datum to offset and generate a dummy trajectory T ′ 1 .

2) Choose a random location at all time points of U_{0} and T ′ 1 , then repeat step 1 to generate the second dummy trajectory.

3) Repeat step 1 ~ 2 until a k − 1 piece dummy trajectories are generated.

4) Taking into account real-time traffic conditions, traversing all sampling points of dummy trajectories. If the dummy trajectory passes through a congested section, it is shifted to a near non-congested section.

5) Traversing all the sampling points perturbed the trajectory whether they landed in a valid position (the invalid location is rivers, lakes, seas, buildings, etc.). If the sampling point is in the invalid position it will be offset to a valid position. And determine the probability of the request of the corresponding point on the fake track and the real track, if the difference is larger, the point will be offset.

The process of generating dummy trajectories is shown in

In this paper, we set up k = 3, the gray grid in the diagram represents the valid location, that is, the area where the user can communicate with the LBS service or the area that the user can reach or pass through (it is usually a city road). In the picture, the white grid represents the invalid position, that is, the area where the user cannot reach or pass through, such as lakes, tall buildings, etc. The red grid in the picture represents a section of road where traffic is congested at a certain time.

Step 1: According to the starting point and the end point combined with the real-time traffic conditions to avoid congestion planning the trajectory U_{0}. According to a certain time interval the trajectory is divided into a number of sampling points. The location of the sampling point can be determined according to the moving speed of the user. The interval can be set to 5 s or 10 s. Then the system sends a query request and receives the result of the query every certain interval. As shown in

Step 2: Randomly select a time point in the real trajectory U_{0}, the corresponding point in time for the center of rotation θ_{1} degree. According to the map model, the rotation point is used as the datum to generate the dummy trajectory T ′ 1 . Then, a random position point is selected at all time points corresponding to U_{0} and T ′ 1 , taking this position as the center of rotation θ_{2} degree. According to the map model, the rotation point is used as the basis for migration to generate the second disturbance trajectory T ′ 2 , until the k − 1 disturbance trajectory is generated. The k = 3 is set up in this paper, so there are two disturbing trajectories. As shown in

Combined with the actual road condition information and map background knowledge, the location points of the generated dummy trajectory are adjusted appropriately to achieve the target of disturbing the attacker. Better protect the user’s trajectory privacy. The main process is shown in Figures 3(a)-(c) below.

Step 1: Because of the real trajectory is to avoid congestion, the dummy trajectory should also conform to the behavior habits of the user, according to the actual road information, traversing the k − 1 dummy trajectory of all sampling points corresponding to the location. If the location point is in the congested section, the location point is shifted to the non-congestion effective point near the nearest request probability (gray grid area). As shown in

Step 2: Combining the background information of the map, traversing all the sampling time points corresponding to the k − 1 dummy trajectory. If its position is in an invalid area, move its location point to the valid location that closest its probabilistic request. As shown in

Step 3: According to the service request probability of each sampling time point corresponding to the user’s real trajectory, the position of all sampling time points corresponding to the k − 1 dummy trajectory is traversed. If the service request with the real path corresponding to the position of the service request probability is greater than the threshold value of δ, then the center of the service request is the center of that position and the deviation is carried out in the region with radius r. The location based on the map background information should be the position closest to the probability of the true trajectory service request in the virtual circle. As shown in

The location of the dummy trajectory is adjusted so that the final disturbance trajectory is closer to the user’s behavior habits and can resist all kinds of attacks based on background knowledge.

The experiment set up the network to complete, in Inter Core i5-7200 CPU 2.7 GHz. In order to make the experimental data sufficient and the experimental results true and reliable, and verify the privacy protection degree and efficiency of this method. The experiment adopts Borlange data set [

The effectiveness of privacy protection is mainly evaluated by trajectory similarity and leak probability. Trajectory similarity is the contour similarity between dummy trajectory and real trajectory. To a certain extent, it reflects the probability of real trajectory identification. This paper is based on the map knowledge, trajectory similarity and other background information under the premise of adding real-time traffic considerations. In order to test its privacy protection, we compare the similarity of trajectory and the probability of leakage between Li scheme [

Randomly select 2000 users as the experimental object, repeat the algorithm 100 times.

Li algorithm decreases with the increase of k value and gradually becomes stable. The trajectory similarity algorithm proposed in this paper with the k value increasing. Although the trajectory similarity of Li algorithm is less than the trajectory similarity of this paper, but the trajectory similarity of this algorithm is less than 0.02. Because this algorithm adds to the actual road conditions, when dummy trajectory passes through the crowded road, the trajectory is adjusted. So the trajectory similarity will be slightly higher than the Li algorithm. When considering the actual conditions, with the increase of k, the time point at which the dummy trajectory generated needs to be moved increases, and the difference from the contour of the real trajectory increases, but a lot.

The operation time of this paper mainly considers two aspects: dummy trajectory generation and dummy trajectory adjustment. The dummy trajectory needs three operations, including the selection, rotation and translation of the time point. Generate a dummy trajectory requires O(3) operations, there for generate k − 1 dummy trajectory requires time complexity of O(3k − 3). The three disturbance trajectory adjustment includes three ergodic processes, and the time complexity is O(3k − 3), so the time complexity of the whole algorithm is O(6k − 6).

process is added in this paper, which makes the running time of the algorithm increase.

Aiming at the problem of trajectory privacy based on location service. Based on the user behavior patterns and background information, this paper adds the consideration of the actual road conditions and puts forward the real-time traffic rotation k anonymous privacy protection method based on trajectory. Combining with the actual conditions, the user first planned trajectory, then k − 1 trajectories are generated by rotation, and adjusted it according to the actual conditions and the probability of leakage. Finally complete the trajectory k anonymity. The performance of this algorithm is tested on the Borlange dataset, which proves that this algorithm has high privacy protection and operating efficiency.

At present, there is no effective way to measure the degree of privacy protection for the trajectory privacy protection in location based service. So the next step is to consider the measurement of privacy protection.

Liu, Z.P., Zhao, X., Dong, Y.W. and Zhang, B. (2018) Trajectory Rotation Privacy Protection Algorithm Based on k Anonymity. Journal of Computer and Communications, 6, 36-47. https://doi.org/10.4236/jcc.2018.62004