On the Robustness of LDP Protocols for Numerical Attributes under Data Poisoning Attacks
Xiaoguang Li
Network and Distributed System Security (NDSS) Symposium 2025 · Day 3 · Privacy Preservation
This talk, presented by Buhan from Purdue University, delves into a critical and emerging threat to **Local Differential Privacy (LDP)** protocols: **data poisoning attacks**. While LDP is a cornerstone for privacy-preserving data collection, enabling servers to gather aggregate statistics without ever seeing individual raw data, this research uncovers a significant vulnerability. The traditional LDP threat model assumes honest users, but in reality, attackers can compromise a small fraction of users to inject manipulated data, thereby skewing the final statistical results. This talk addresses the profound implications of such attacks, which can lead to server distrust in LDP mechanisms and even suppress the opinions of legitimate users.
AI review
Legitimate academic security research on an underexplored threat surface — LDP poisoning for numerical attributes — with a clean evaluation framework and a genuinely useful zero-shot detection contribution. Competent NDSS-grade work, but it's an incremental step in a niche subfield rather than a finding that reshapes how practitioners deploy privacy infrastructure tomorrow.