Pattern-Level Privacy Protection in Event-Based Systems

While privacy-preserving mechanisms aim to protect sensitive information at the attribute level, distributed complex event processing (DCEP) systems remain vulnerable to privacy breaches through the detection of event patterns. Even if individual events are not inherently private, their combination into patterns can reveal sensitive knowledge. This article investigates the integration of pattern-level privacy within the APP-CEP context. We address the challenge of selectively applying obfuscation techniques to event-based systems to safeguard sensitive information. Unlike existing methods, we aim to establish event-stream-agnostic privacy by formulating queries and privacy constraints using CEP-like patterns, and constructing pattern dependency graphs to dynamically select obfuscation techniques that have no consequences on detecting other sensitive patterns, as well as non-sensitive patterns required to provide an acceptable quality of service. Additionally, we model potential adversary's knowledge that could compromise privacy and analyze its influence on the obfuscation process. We evaluated APP-CEP's performance using two real-world datasets: online retail transactions and medical records, replayed as temporally ordered event streams. Our results indicate that APP-CEP effectively balances privacy and utility. By modeling background knowledge, we also successfully prevented adversaries from detecting modifications to the input streams.