Abstract: Trajectory data play an increasing important role on city planning, intelligent transportation and mobile business analysis, etc. However, publishing raw trajectory data will threat individuals’ privacy. The (k,δ)-anonymity is an effective model for trajectory privacy preservation, but it is vulnerable to spatio-temporal point linkage attack. To address the problem, this paper proposes a (k,δ,l)-anonymity model. The (k,δ,l)-anonymity model makes sure that each published trajectory is indistinguishable with at least other k-1 trajectories within a δ-radius cylinder, and each spatio-temporal point of the center trajectory of the cylinder is passed by at least l trajectories. This paper also proposes an AGG-NWA algorithm to implement the (k,δ,l)-anonymity model. The performance of the proposed (k,δ,l)-anonymity model is evaluated from two aspects: utility and security. The experimental results show that the proposed model can reserve similar utility as the (k,δ)-anonymity model, and outperforms the (k,δ)-anonymity model with respect to security.

Key words: trajectory, privacy preservation; (k,δ,l)-anonymity model, spatio-temporal point

摘要： 轨迹数据对城市规划、智能交通、移动业务分析等都具有重要的意义，然而直接发布原始轨迹数据会泄露个人的隐私信息。(k,δ)-匿名是轨迹数据发布隐私保护的重要方法，但它易受时空位置点链接攻击。为此，提出了(k,δ,l)-匿名模型，该模型要求发布数据中任一轨迹在其半径为δ的圆柱范围内至少包含其他k-1条轨迹，并且发布数据中的任一时空位置点通过的轨迹至少有l条。提出了实现(k,δ,l)-匿名模型的AGG-NWA算法。从匿名轨迹的可用性和安全性两个方面与现有的工作进行了比较分析，实验结果表明，在匿名轨迹可用性方面，(k,δ,l)-匿名模型与(k,δ)-匿名模型相似，但在安全性方面，(k,δ,l)-匿名模型比(k,δ)-匿名模型安全。

关键词: 轨迹, 隐私保护, (k, &delta, , l)-匿名模型, 时空位置点