Privacy-Preserving Continuous Event Data Publishing

TL;DR

This paper examines privacy risks in continuous event data publishing for process mining, demonstrating how correspondence attacks can degrade privacy protections and analyzing real-life logs to assess vulnerability.

Contribution

It identifies and analyzes correspondence attacks against group-based privacy preservation in continuous event data publishing for process mining.

Findings

Correspondence attacks can significantly reduce privacy guarantees.

Real-life event logs show vulnerability to these attacks.

Privacy degradation is quantifiable using anonymity indicators.

Abstract

Process mining enables organizations to discover and analyze their actual processes using event data. Event data can be extracted from any information system supporting operational processes, e.g., SAP. Whereas the data inside such systems is protected using access control mechanisms, the extracted event data contain sensitive information that needs to be protected. This creates a new risk and a possible inhibitor for applying process mining. Therefore, privacy issues in process mining become increasingly important. Several privacy preservation techniques have been introduced to mitigate possible attacks against static event data published only once. However, to keep the process mining results up-to-date, event data need to be published continuously. For example, a new log is created at the end of each week. In this paper, we elaborate on the attacks which can be launched against continuously publishing anonymized event data by comparing different releases, so-called correspondence attacks. Particularly, we focus on group-based privacy preservation techniques and show that provided privacy requirements can be degraded exploiting correspondence attacks. We apply the continuous event data publishing scenario to existing real-life event logs and report the anonymity indicators before and after launching the attacks.