Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Releasing Differentially Private Event Logs Using Generative Models

Frederik Wangelik, Majid Rafiei, Mahsa Pourbafrani, Wil M. P. van der Aalst

TL;DR

This paper tackles privacy gaps in process mining by releasing differentially private trace variants through two generative pipelines: TraVaG, a GAN-based autoencoder approach, and a privately trained DDPM framework. Both methods operate on one-hot-encoded variant distributions and rely on DP-SGD with Renyi DP-based privacy accounting to provide $(\epsilon,\delta)$-DP guarantees while avoiding the drawbacks of prefix-based methods. Empirical results on real logs (Sepsis, BPIC-2013, BPIC-2012-App) show superior data utility and robust process-discovery performance compared to state-of-the-art baselines, especially in regimes of low $\delta$ and high variant infrequency. The work demonstrates that DP-based generative approaches can efficiently generate anonymized, high-fidelity trace variants at industry scale, enabling privacy-preserving process mining without resorting to artificial variants or fixed-length constraints.

Abstract

In recent years, the industry has been witnessing an extended usage of process mining and automated event data analysis. Consequently, there is a rising significance in addressing privacy apprehensions related to the inclusion of sensitive and private information within event data utilized by process mining algorithms. State-of-the-art research mainly focuses on providing quantifiable privacy guarantees, e.g., via differential privacy, for trace variants that are used by the main process mining techniques, e.g., process discovery. However, privacy preservation techniques designed for the release of trace variants are still insufficient to meet all the demands of industry-scale utilization. Moreover, ensuring privacy guarantees in situations characterized by a high occurrence of infrequent trace variants remains a challenging endeavor. In this paper, we introduce two novel approaches for releasing differentially private trace variants based on trained generative models. With TraVaG, we leverage \textit{Generative Adversarial Networks} (GANs) to sample from a privatized implicit variant distribution. Our second method employs \textit{Denoising Diffusion Probabilistic Models} that reconstruct artificial trace variants from noise via trained Markov chains. Both methods offer industry-scale benefits and elevate the degree of privacy assurances, particularly in scenarios featuring a substantial prevalence of infrequent variants. Also, they overcome the shortcomings of conventional privacy preservation techniques, such as bounding the length of variants and introducing fake variants. Experimental results on real-life event data demonstrate that our approaches surpass state-of-the-art techniques in terms of privacy guarantees and utility preservation.

Releasing Differentially Private Event Logs Using Generative Models

TL;DR

This paper tackles privacy gaps in process mining by releasing differentially private trace variants through two generative pipelines: TraVaG, a GAN-based autoencoder approach, and a privately trained DDPM framework. Both methods operate on one-hot-encoded variant distributions and rely on DP-SGD with Renyi DP-based privacy accounting to provide -DP guarantees while avoiding the drawbacks of prefix-based methods. Empirical results on real logs (Sepsis, BPIC-2013, BPIC-2012-App) show superior data utility and robust process-discovery performance compared to state-of-the-art baselines, especially in regimes of low and high variant infrequency. The work demonstrates that DP-based generative approaches can efficiently generate anonymized, high-fidelity trace variants at industry scale, enabling privacy-preserving process mining without resorting to artificial variants or fixed-length constraints.

Abstract

In recent years, the industry has been witnessing an extended usage of process mining and automated event data analysis. Consequently, there is a rising significance in addressing privacy apprehensions related to the inclusion of sensitive and private information within event data utilized by process mining algorithms. State-of-the-art research mainly focuses on providing quantifiable privacy guarantees, e.g., via differential privacy, for trace variants that are used by the main process mining techniques, e.g., process discovery. However, privacy preservation techniques designed for the release of trace variants are still insufficient to meet all the demands of industry-scale utilization. Moreover, ensuring privacy guarantees in situations characterized by a high occurrence of infrequent trace variants remains a challenging endeavor. In this paper, we introduce two novel approaches for releasing differentially private trace variants based on trained generative models. With TraVaG, we leverage \textit{Generative Adversarial Networks} (GANs) to sample from a privatized implicit variant distribution. Our second method employs \textit{Denoising Diffusion Probabilistic Models} that reconstruct artificial trace variants from noise via trained Markov chains. Both methods offer industry-scale benefits and elevate the degree of privacy assurances, particularly in scenarios featuring a substantial prevalence of infrequent variants. Also, they overcome the shortcomings of conventional privacy preservation techniques, such as bounding the length of variants and introducing fake variants. Experimental results on real-life event data demonstrate that our approaches surpass state-of-the-art techniques in terms of privacy guarantees and utility preservation.

Paper Structure

This paper contains 22 sections, 3 theorems, 10 equations, 8 figures, 2 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Releasing Differentially Private Event Data
  4. Generating Differentially Private Synthetic Data
  5. Preliminaries
  6. Event Data (Log)
  7. Differential Privacy (DP)
  8. Generative Adversarial Networks (GANs)
  9. Autoencoders
  10. Denoising Diffusion Probabilistic Models (DDPMs)
  11. Approach
  12. Differentially Private GANs and Autoencoders
  13. Differentially Private Denoising Diffusion Probabilistic Models
  14. Differentially Private - Stochastic Gradient Descent (DP-SGD)
  15. Privacy Accounting
  16. ...and 7 more sections

Key Result

proposition thmcounterproposition

If $\mathcal{M}_1$ and $\mathcal{M}_2$ are two $(\alpha, \epsilon_1)$-RDP and $(\alpha,\epsilon_2)$-RDP mechanisms for $\alpha > 1$, respectively. Then, the composition of $\mathcal{M}_1$ and $\mathcal{M}_2$ satisfies $(\alpha,\epsilon_1 +\epsilon_2)$-RDP.

Figures (8)

  • Figure 1: Simplified workflow of the TraVaG training and application process rafiei_travag.
  • Figure 2: Simplified workflow of the DDPM training and application process.
  • Figure 3: The relative log similarity and absolute log difference results of anonymized BPIC-2013 logs generated by DDPM, TraVaG, TraVaS, and the benchmark. Each value represents the mean of 100 generations for DDPM, TraVaG, and 10 algorithm runs for TraVaS and the benchmark.
  • Figure 4: The relative log similarity and absolute log difference results of anonymized Sepsis logs generated by DDPM, TraVaG, TraVaS, and the benchmark. Each value represents the mean of 100 generations for DDPM, TraVaG, and 10 algorithm runs for TraVaS and the benchmark.
  • Figure 5: The relative log similarity and absolute log difference results of anonymized BPIC-2012-App logs generated by DDPM, TraVaG, TraVaS, and the benchmark. Each value represents the mean of 100 generations for DDPM, TraVaG, and 10 algorithm runs for TraVaS and the benchmark.
  • ...and 3 more figures

Theorems & Definitions (6)

  • definition thmcounterdefinition: Simple Event Log
  • definition thmcounterdefinition: ($\epsilon$,$\delta$)-DP for Event Logs
  • definition thmcounterdefinition: ($\alpha, \epsilon$)-RDP for Event Logs
  • proposition thmcounterproposition: Composition of RDP
  • proposition thmcounterproposition: RDP Parameter Conversion
  • theorem thmcountertheorem: $(\epsilon, \delta)$-DP Mechanism Composition for Event Logs