Preserving Privacy for Interesting Location Pattern Mining from Trajectory Data

One main concern for individuals participating in the data collection of personal location history records (i.e., trajectories) is the disclosure of their location and related information when a user queries for statistical or pattern mining results such as frequent locations derived from these records. In this paper, we investigate how one can achieve the privacy goal that the inclusion of his location history in a statistical database with interesting location mining capability does not substantially increase risk to his privacy. In particular, we propose a ( , δ)-differentially private interesting geographic location pattern mining approach motivated by the sample-aggregate framework. The approach uses spatial decomposition to limit the number of stay points within a localized spatial partition and then followed by density-based clustering. The ( , δ)-differential privacy mechanism is based on translation and scaling insensitive Laplace noise distribution modulated by database instance dependent smoothed local sensitivity. Unlike the database independent -differential privacy mechanism, the output perturbation from a ( , δ)-differential privacy mechanism depends on a lower (local) sensitivity resulting in a better query output accuracy and hence, more useful at a higher privacy level, i.e., smaller . We demonstrate our ( , δ)-differentially private interesting geographic location discovery approach using the region quadtree spatial decomposition followed by the DBSCAN clustering. Experimental results on the real-world GeoLife dataset are used to show the feasibility of the proposed ( , δ)-differentially private interesting location mining approach.