Abstract

Applications such as sensor network monitoring, distributed intrusion detection, and real-time analysis of financial data necessitate the processing of distributed data streams on the fly. While efficient data processing algorithms enable such applications, they require access to large amounts of often personal information, and could consequently create privacy risks. Previous works have studied how privacy risks could be mitigated through the application of differential privacy to continuous stream monitoring, focusing mostly on evaluating simple aggregates over the streams, such as counts and sums. However, many real world applications require monitoring a complex value derived from the streams, e.g., detecting that the correlation between the values of two stocks traded in different exchanges has crossed a threshold. In this paper we present a general framework that en- ables monitoring arbitrary functions over statistics derived from distributed data streams in a privacy-preserving manner. Our solution allows the monitoring of complex values derived from the streams, while preventing adversaries from learning about any particular element in the processed streams. We study the relationship between communication efficiency and privacy loss, and demonstrate that for given privacy constraints, our approach allows the system to be monitored over periods that are three orders of magnitude longer than would be possible with a naive approach. To the best of our knowledge, this work is the first to tackle privacy-preserving distributed monitoring of arbitrary functions, including non-linear functions, and to evaluate empir- ically the applicability of privacy-preserving stream monitoring in such settings.