Quantifying the Re-identification Risk in Published Process Models.

Karim Maatouk; Felix Mannhardt

doi:10.1007/978-3-030-98581-3_28

Quantifying the Re-identification Risk in Published Process Models.

Karim Maatouk, Felix Mannhardt

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

3 Citations (Scopus)

Abstract

Event logs are the basis of process mining operations such as process discovery, conformance checking, and process optimization. Sensitive information may be obtained by adversaries when re-identifying individuals that relate to the traces of an event log. This re-identification risk is dependent on the assumed background information of an attacker. Multiple techniques have been proposed to quantify the re-identification risks for published event logs. However, in many scenarios there is no need to release the full event log, a discovered process model annotated with frequencies suffices. This raises the question on how to quantify the re-identification risk in published process models. We propose a method based on generating sample traces to quantify this risk for process trees annotated with frequencies. The method was applied on several real-life event logs and process trees discovered by Inductive Miner. Our results show that there can be still a significant re-identification risk when publishing a process tree; however, this risk is often lower than that for releasing the original event log.

Original language	English
Title of host publication	Process Mining Workshops - ICPM 2021 International Workshops, Eindhoven, The Netherlands, October 31 - November 4, 2021, Revised Selected Papers
Editors	Jorge Munoz-Gama, Xixi Lu
Publisher	Springer
Pages	382-394
Number of pages	13
Volume	433
ISBN (Electronic)	978-3-030-98580-6
ISBN (Print)	9783030985806
DOIs	https://doi.org/10.1007/978-3-030-98581-3_28
Publication status	Published - 2022

Publication series

Name	Lecture Notes in Business Information Processing (LNBIP)
ISSN (Print)	1865-1348
ISSN (Electronic)	1865-1356

Bibliographical note

DBLP's bibliographic metadata records provided through http://dblp.org/search/publ/api are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.

Keywords

Process discovery
Process mining
Re-identification Risk

Access to Document

10.1007/978-3-030-98581-3_28

https://dblp.org/rec/conf/icpm/MaatoukM21

Cite this

Maatouk, K., & Mannhardt, F. (2022). Quantifying the Re-identification Risk in Published Process Models. In J. Munoz-Gama, & X. Lu (Eds.), Process Mining Workshops - ICPM 2021 International Workshops, Eindhoven, The Netherlands, October 31 - November 4, 2021, Revised Selected Papers (Vol. 433, pp. 382-394). (Lecture Notes in Business Information Processing (LNBIP)). Springer. https://doi.org/10.1007/978-3-030-98581-3_28

Maatouk, Karim ; Mannhardt, Felix. / Quantifying the Re-identification Risk in Published Process Models. Process Mining Workshops - ICPM 2021 International Workshops, Eindhoven, The Netherlands, October 31 - November 4, 2021, Revised Selected Papers. editor / Jorge Munoz-Gama ; Xixi Lu. Vol. 433 Springer, 2022. pp. 382-394 (Lecture Notes in Business Information Processing (LNBIP)).

@inproceedings{29224244db00416589f36666a37baeb7,

title = "Quantifying the Re-identification Risk in Published Process Models.",

abstract = "Event logs are the basis of process mining operations such as process discovery, conformance checking, and process optimization. Sensitive information may be obtained by adversaries when re-identifying individuals that relate to the traces of an event log. This re-identification risk is dependent on the assumed background information of an attacker. Multiple techniques have been proposed to quantify the re-identification risks for published event logs. However, in many scenarios there is no need to release the full event log, a discovered process model annotated with frequencies suffices. This raises the question on how to quantify the re-identification risk in published process models. We propose a method based on generating sample traces to quantify this risk for process trees annotated with frequencies. The method was applied on several real-life event logs and process trees discovered by Inductive Miner. Our results show that there can be still a significant re-identification risk when publishing a process tree; however, this risk is often lower than that for releasing the original event log.",

keywords = "Process discovery, Process mining, Re-identification Risk",

author = "Karim Maatouk and Felix Mannhardt",

note = "DBLP's bibliographic metadata records provided through http://dblp.org/search/publ/api are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.",

year = "2022",

doi = "10.1007/978-3-030-98581-3_28",

language = "English",

isbn = "9783030985806",

volume = "433",

series = "Lecture Notes in Business Information Processing (LNBIP)",

publisher = "Springer",

pages = "382--394",

editor = "Jorge Munoz-Gama and Xixi Lu",

booktitle = "Process Mining Workshops - ICPM 2021 International Workshops, Eindhoven, The Netherlands, October 31 - November 4, 2021, Revised Selected Papers",

address = "Germany",

}

Maatouk, K & Mannhardt, F 2022, Quantifying the Re-identification Risk in Published Process Models. in J Munoz-Gama & X Lu (eds), Process Mining Workshops - ICPM 2021 International Workshops, Eindhoven, The Netherlands, October 31 - November 4, 2021, Revised Selected Papers. vol. 433, Lecture Notes in Business Information Processing (LNBIP), Springer, pp. 382-394. https://doi.org/10.1007/978-3-030-98581-3_28

Quantifying the Re-identification Risk in Published Process Models. / Maatouk, Karim; Mannhardt, Felix.
Process Mining Workshops - ICPM 2021 International Workshops, Eindhoven, The Netherlands, October 31 - November 4, 2021, Revised Selected Papers. ed. / Jorge Munoz-Gama; Xixi Lu. Vol. 433 Springer, 2022. p. 382-394 (Lecture Notes in Business Information Processing (LNBIP)).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Quantifying the Re-identification Risk in Published Process Models.

AU - Maatouk, Karim

AU - Mannhardt, Felix

N1 - DBLP's bibliographic metadata records provided through http://dblp.org/search/publ/api are distributed under a Creative Commons CC0 1.0 Universal Public Domain Dedication. Although the bibliographic metadata records are provided consistent with CC0 1.0 Dedication, the content described by the metadata records is not. Content may be subject to copyright, rights of privacy, rights of publicity and other restrictions.

PY - 2022

Y1 - 2022

N2 - Event logs are the basis of process mining operations such as process discovery, conformance checking, and process optimization. Sensitive information may be obtained by adversaries when re-identifying individuals that relate to the traces of an event log. This re-identification risk is dependent on the assumed background information of an attacker. Multiple techniques have been proposed to quantify the re-identification risks for published event logs. However, in many scenarios there is no need to release the full event log, a discovered process model annotated with frequencies suffices. This raises the question on how to quantify the re-identification risk in published process models. We propose a method based on generating sample traces to quantify this risk for process trees annotated with frequencies. The method was applied on several real-life event logs and process trees discovered by Inductive Miner. Our results show that there can be still a significant re-identification risk when publishing a process tree; however, this risk is often lower than that for releasing the original event log.

AB - Event logs are the basis of process mining operations such as process discovery, conformance checking, and process optimization. Sensitive information may be obtained by adversaries when re-identifying individuals that relate to the traces of an event log. This re-identification risk is dependent on the assumed background information of an attacker. Multiple techniques have been proposed to quantify the re-identification risks for published event logs. However, in many scenarios there is no need to release the full event log, a discovered process model annotated with frequencies suffices. This raises the question on how to quantify the re-identification risk in published process models. We propose a method based on generating sample traces to quantify this risk for process trees annotated with frequencies. The method was applied on several real-life event logs and process trees discovered by Inductive Miner. Our results show that there can be still a significant re-identification risk when publishing a process tree; however, this risk is often lower than that for releasing the original event log.

KW - Process discovery

KW - Process mining

KW - Re-identification Risk

UR - http://www.scopus.com/inward/record.url?scp=85127658066&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-98581-3_28

DO - 10.1007/978-3-030-98581-3_28

M3 - Conference contribution

SN - 9783030985806

VL - 433

T3 - Lecture Notes in Business Information Processing (LNBIP)

SP - 382

EP - 394

BT - Process Mining Workshops - ICPM 2021 International Workshops, Eindhoven, The Netherlands, October 31 - November 4, 2021, Revised Selected Papers

A2 - Munoz-Gama, Jorge

A2 - Lu, Xixi

PB - Springer

ER -

Maatouk K, Mannhardt F. Quantifying the Re-identification Risk in Published Process Models. In Munoz-Gama J, Lu X, editors, Process Mining Workshops - ICPM 2021 International Workshops, Eindhoven, The Netherlands, October 31 - November 4, 2021, Revised Selected Papers. Vol. 433. Springer. 2022. p. 382-394. (Lecture Notes in Business Information Processing (LNBIP)). doi: 10.1007/978-3-030-98581-3_28

Quantifying the Re-identification Risk in Published Process Models.

Abstract

Publication series

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this