Abstract
Although privacy-preserving mechanisms endeavor to safeguard sensitive information at the attribute level, detected event patterns can still disclose privacy-sensitive knowledge in distributed complex event processing systems (DCEP). Events might not be inherently sensitive, but their aggregation into a pattern could still breach privacy. In this paper, we study in the context of APP-CEP the problem of integrating pattern-level privacy in event-based systems by selective assignment of obfuscation techniques to conceal private information. Compared to state-of-the-art techniques, we seek to enforce privacy independent of the actual events in streams. To support this, we acquire queries and privacy requirements using CEP-like patterns. The protection of privacy is accomplished through generating pattern dependency graphs, leading to dynamically appointing those techniques that have no consequences on detecting other sensitive patterns, as well as non-sensitive patterns required to provide acceptable Quality of Service. Besides, we model the knowledge that might be possessed by potential adversaries to violate privacy and its impacts on the obfuscation procedure. We assessed the performance of APP-CEP in a real-world scenario involving an online retailer’s transactions. Our evaluation
results demonstrate that APP-CEP successfully provides a privacy-utility trade-off. Modeling the background knowledge also effectively prevents adversaries from realizing the modifications in the input streams.
results demonstrate that APP-CEP successfully provides a privacy-utility trade-off. Modeling the background knowledge also effectively prevents adversaries from realizing the modifications in the input streams.
Original language | English |
---|---|
Title of host publication | 10th International Conference on Information Systems Security and Privacy (ICISSP’24) |
Publisher | SCITEPRESS – Science and Technology Publications |
Number of pages | 12 |
Publication status | Accepted/In press - 5-Dec-2023 |
Event | International Conference on Information Systems Security and Privacy (ICISSP'24) - Rome, Italy Duration: 26-Feb-2024 → 28-Feb-2024 Conference number: 10 http://icissp.scitevents.org |
Conference
Conference | International Conference on Information Systems Security and Privacy (ICISSP'24) |
---|---|
Abbreviated title | ICISSP |
Country/Territory | Italy |
City | Rome |
Period | 26/02/2024 → 28/02/2024 |
Internet address |
Keywords
- Distributed Complex Event Processing
- Stream Processing
- Privacy
- Pattern
- Adaptation