A REAL-TIME AGGREGATE DATA PUBLISHING SCHEME WITH ADAPTIVE ω -EVENT DIFFERENTIAL PRIVACY

. Although massive real-time data collected from users can provide beneﬁts to improve the quality of human daily lives, it is possible to expose users’ privacy. (cid:15) -diﬀerential privacy is a notable model to provide strong privacy preserving in statistics. The existing works highlight ω -event diﬀerential privacy with a ﬁxed window size, which may not be suitable for many practical scenarios. In view of this issue, we explore a real-time scheme with adaptive ω -event for diﬀerentially private time-series publishing (ADP) in this paper. In speciﬁc, we deﬁne a novel notion, Quality of Privacy (QoP) to measure both the utility of the released statistics and the performance of privacy preserving. According to this, we present an adaptive ω -event diﬀerential privacy model that can provide privacy protection with higher accuracy and better privacy protection eﬀect. In addition, we also design a smart grouping mechanism to improve the grouping performance, and then improve the availability of publishing statistics. Finally, comparing with the existing schemes, we exploit real-world and synthetic datasets to conduct several experiments to demonstrate the superior performance of the ADP scheme.


Introduction.
Recently, context-aware smart devices are experiencing an unprecedented surge in smart cyber-physical networks [39]. These devices can achieve ubiquitous connectivity and powerful raw data-gathering capabilities via humancentric and device-to-device (D2D)-based applications [31]. Using data mining technologies, we then can discover knowledge from huge amounts of raw data. Accordingly, we learn that the technology may provides great benefits to push against our cognition of human behavior and to improve the quality of our lives.
Although this technology provides great benefits, sensitive and private information mined from raw data (e.g., social relationships and financial transactions) is also exposed to the risk of disclosure [6]. For example, more than 400, 000 electronic eyes in Beijing may lead to privacy leakage (e.g., vehicle location information) by data sharing in vehicular ad hoc networks (VANETs) [18,30,32]. Similarly, we can also illegal access personal health datasets gathered from various sensors of physical sign in body sensor networks (BSNs) and publish these private data without permission [34]. As a result, data security has become an issue that cannot be ignored.
In general, data mining based threats may occur in three phases of data processing and transmission, i.e., cloud server attacks, data communication wiretap, and data inference [21]. The first two threats can be solved by cryptography based higher-layer security measures as well as emerging physical layer based secure transmit technologies. Comparing to the previous two attack modes, privacy leakage resulted from data analysis at servers is more serious for users. Therefore, our objective is to enable data publishers to share meaningful data in real-time while protecting their privacy.
The current state-of-the-art convincing model for providing privacy in data publishing is -differential privacy [9,12]. The model requires perturbing the aggregate data prior to their publish [11]. In this model, statistics are collected and released by publishers and analyzed by data miners continually. In this way, we can protect sensitive information about the individuals that used for data mining based on the model. This model has been gradually applied to various streaming scenarios, e.g., disease surveillance [5] and real-time traffic monitoring [1]. These scenarios can be divided into two types protection modes to address the issue of real-time data publishing with -differential privacy guarantee: event-level privacy protection and user-level privacy protection [14]. The former one may protect a single event occurred by users at specific timestamps while the latter may hide all the events of users throughout the entire stream. So far, most of the state-of-the-art strategies focuses on either event-level privacy model over infinite streams [23,24] or user-level privacy model over finite streams [17].
Considering the above two privacy protection models, Kellaris et al. propose an ω-event -differential privacy model in [26] to analyze and compare their inherent strengths and weaknesses. For infinite data streams, Wang et al. [36] design a scheme to accomplish ω-event privacy model. They employ a fixed size sliding window via ignoring time series changes, which should not be suitable for the scenario of changeable and irregular data. In addition, their scheme also introduce large errors in the grouping and perturbation mechanism due to the use of average operation. To solve these challenges, we present a real-time aggregate publishing framework with adaptive ω-event differential privacy (ADP). The ADP framework is composed of a quality of privacy (QoP)-based adaptive ω-event mechanism, a smart grouping-based perturbation mechanism, and a filtering mechanism. Using these mechanisms in cooperation, the proposed integrated framework can protect privacy of publishing statistics over infinite timestamps.
The main contributions of the paper are summarized as follows. Taking the window size ω and errors of the published statistics into consideration, we pioneer a novel metric, i.e., quality of privacy (QoP). Using this metric, we intend to adjust the size of window ω adaptively by dint of the design of QoP-based adaptive ωevent mechanism. Next, in order to improve the grouping effect when achieve differential privacy, we exploit a machine learning based technology to design a smart grouping scheme. Moreover, considering the high correlation among each event in the temporal dimension, we utilize the Kalman filter to reduce errors of released data. Finally, we prove that our proposed ADP can satisfy differential privacy and demonstrate its high utility and security through a large number of practical experiments.
The rest of the paper is organized as follows. In Section 2, we review previous works related to differential privacy on static data and streams. The whole ADP framework and the corresponding common applications are illustrated in Section 3. Next, we present QoP-based adaptive ω-event privacy algorithm in Section 4, including a dynamical adjustment method of the window size ω. Moreover, Section 5 introduces a smart grouping-based perturbation algorithm, which can reduce the noise added to data significantly. In Section 6, we analyze whether the ADP framework meets differential privacy and then provide several simulation results to discuss the performance of each mechanism in our framework. Finally, Section 7 concludes our paper and states promising directions for future work.
2. Related work. In this section, we survey the latest studies about differential privacy on both static data and data streams briefly.
2.1. Differential privacy on static data. For privacy of static data, Dwork et al. first proposed a standard method in [16], which introduced the Laplace noise into aggregate queries to guarantee differential privacy.
Ever since, various methods have been designed to enhance the accuracy of released data with extra noise. In [4], Blum et al. demonstrated that privacypreserving databases could be released for all queries in a discrete domain but not in continuous domains. Then, in order to release useful information for halfspace queries, they designed a privacy-preserving polynomial time algorithm. Dwork et al. further proposed more efficient algorithms in [15] to release private sanitization of a data set with hardness results obtained. The work of Hay et al. exploited consistency check to improve the accuracy of a tree of counting queries. Specifically, they introduced constrained inference techniques to transform the differentially private output into a consistent one in a post-processing procedure. This hierarchical structure of queries was finally referred to as a histogram mode, e.g., in [22,28,33,38], where each level in the tree is an increasingly fine-grained summary of data. In a recent work [37], the authors designed a scheme that injected different amount of the Laplace noise to different query results. In this case, we could employ correlated noises to improve data utility. Furthermore, several other works [2,8,10,20,29] investigated different protection schemes for particular kinds of data with differential privacy, such as search logs, sparse data and set-valued data.
According to the above analysis, the above methods were all designed to perturb static data, so they are not applicable for time-series data with high self-correlation.
2.2. Differential privacy on streams. Considering privacy of data streams, Dwork et al. in [14] improved upon the counter publishing schemes of [13]. They focused on a stream with the fixed length T and built a full binary tree over stream update. Every node in the tree stored noise values with scale logarithmic in T. Then, at the ith update, these nodes identified the subtrees they belonged to and reported the current counter after adding the noise values stored in the roots of these subtrees. Similarly, Chan et al. proposed an -differentially private continual counter with small errors in [23]. Specifically, they guaranteed Ø( 1 · (logt) 1.5 · log 1 σ ) errors for each t ∈ N . Moreover, the great improvement in [23] was that their mechanism did not require a priori knowledge of an upper bound on the time for which it ran and provided guarantee even when it ran indefinitely.
Different from the counter-based setting, Cao et al. in [7] studied a protection method for sensitive streams within a window instead of the whole infinite stream. Considering window-based applications, they explored a stream-based management system to cope with numerous aggregate queries simultaneously. In [17], Fan and Xiong intended to hide all events of users and designed a user-level privacy strategy for a finite stream. For the received perturbing data, they employed the Kalman filter [3] in their strategy to improve accuracy of differentially private data release.
Considering multiple events occurring at continuous time segments, Kellaris et al. presented an ω-event -differential privacy model in [26]. This model combined the advantages of event-level privacy model and user-level privacy model skillfully. In the model, they employed a sliding window to capture a wide range of ω-event privacy, and designed a scheme to distribute and absorb the privacy budget on the assumption of not significantly changeable statistics. On this basis, Wang and Zhang further designed an online aggregate monitoring scheme (called as RescueDP) for infinite streams in [36]. Their scheme integrated adaptive sampling and budget mechanism as well as dynamic grouping and perturbation to provide privacy-preserving statistics.
Despite the ongoing research having played a vital role for differential privacy on streams,there still exist challenges to be handled. We point out that, the fixed sliding windows employed in most existing frameworks may not be practical. In addition, existing metrics are for static data, but very little for streaming media. Motivated by these challenge, in this paper, we present adaptive ω-event -differential privacy model and quality of privacy (QoP).
3. The framework of adaptive ω-event differential privacy. In this paper, we consider a universal scenario where the statistics (e.g., trajectories of vehicles and personal health data) of each region are published continually. Fig. 1 explains a trustful cloud server that gathers data from a large number of data contributors and publishes the sanitized data to a data mining-enabled system. In the model, we assume that the server and data transmission links are secure absolutely. In other words, the only possibility to disclose sensitive information is published data in the process of data mining [40]. Thus, the goal of our research is enable these data contributors to share useful information continuously under the premise of protecting their privacy.
For the goal of our research, we propose a privacy preserving solution based on adaptive ω-event differential privacy (ADP). This solution, shown in Fig. 2, consists of three parts. For the first part, we employ adaptive sampling and the result of QoP to achieve the QoP-based adaptive ω-event privacy mechanism. Then, the smart grouping-based perturbation is designed by the smart grouping and perturbation mechanism. Moreover, we also adopt the FAST mechanism in [17] to reduce errors of published data.
For the Fig. 2, we provide the detailed procedures of the proposed ADP. At first, we propose quality of privacy (QoP) to measure privacy quality, with the consideration of window size ω and errors of published statistics. By using QoP as metric, we can obtain the optimal number of sampling points in successive ω timestamps. Besides, we also employ adaptive sampling to adjust the sampling interval dynamically. These steps are described in the red dashed box in the Fig. 2. In these steps, the private budget will not be allocated to non-sampled points and the statistics of non-sampled points is approached by sampled points. As a result, the size of the Laplace noise adding to row statistics could be reduced while the utility of the released statistics could be increased. Finally, the window size can be adjusted adaptively due to artificially determined number of samples and sampling interval. In other words, the size of windows can be reduced when data increases rapidly, and vice versa.  For the RescueDP strategy in [36], the grouping mechanism may destroy the spatial correlation of regions due to lack of the consideration of the overall data changes. Besides, the mechanism may be not enough effective with a fixed threshold in most practical scenarios. Therefore, we design a new smart grouping mechanism to aggregate regions based on the properties of predicted data, which is shown in the blue dashed box in the Fig. 2. All in all, we introduce the auto-regressive integrated moving average model (ARIMA) into the smart grouping to dynamically predict predict statistics of current timestamp on the basis of historical statistics. In addition, the affinity propagation (AP) algorithm [19] is exploited to aggregate regions smartly. Then, a Laplace mechanism is applied to perturb true values of statistics base on proposed grouping mechanism.
Here, we first elaborate the complete procedures of the ADP strategy in Algorithm 1. Then the detailed design of every components is illustrated in next sections.

Algorithm 1
The Adaptive ω-event Differential Privacy Input: A predefined raw database X i at the timestamp i Output: Released statistics R i 1: Find out the optimal number of sampling points N with the use of QoP as a measure standard 2: Find out the set of sampling regions at the current timestamp 3: Obtain the grouping strategy G ki with the smart grouping mechanism on sampling regions 4: Allocate budgets for all sampling regions 5: Introduce the Laplace noises into the group G ki with the allocated budget at the perturbation mechanism 6: Employ the filtering mechanism to improve the accuracy of perturbed statistics and release sanitized statistics R i . 7: Update the sampling interval using the adaptive sampling mechanism 4. QoP-based adaptive ω-event privacy. For privacy protection on infinite streams publishing, ω-event privacy is a convincing model. The objective is to make a trade off between utility and privacy to protect all event sequences that occur within all windows of ω timestamps. However, it is not applicable to many realistic scenarios due to the fixed size of the sliding window. The key issue of the unrealistic assumption is that most real-time aggregate data streams generated from monitoring application are significantly different in various time periods. For example, within successive timestamps, it can be seen that traffic data varies sharply in the daytime but is relatively stable at night. Thus, we introduce a new QoPbased adaptive ω-event privacy mechanism in this section to dynamically adjust the window size ω within different timestamps. Following three subsections describe the key parts to achieve this mechanism, including the QoP definition, the adaptive sampling design and the adaptive ω-event privacy design. 4.1. Quality of privacy. Considering the window size ω and errors of published statistics, QoP is proposed to measure the corresponding privacy quality. Assume x = {x 1 , · · · , x k } and r = {r 1 , · · · , r k } represent the raw time series in a window and the sanitized time series, respectively. Then, we exploit mean absolute error (MAE) to measure difference between these two time series.
Yet, we employ a sampling mechanism in the proposed ADP. It may perturb statistics at selected timestamps and approximate the non-sampled statistics with perturbed sampled statistics. Thus, (1) can be rewritten as follows.
As a result, QoP in a window is defined as where ω is a window size and θ is a pre-defined scale factor to adjust the weight between ω and M AE(x, r). Intuitively, as the events occurred in contiguous timestamps are not independent, there is close correlation among these events when data changes slowly. Meanwhile, with the possibility that sensitive information may be disclosed, the windows size ω should be increased when data changes slowly.

4.2.
The adaptive sampling design. In general, the release of noisy data denotes the expenditure of fixed budget . If the window size ω is large, the publishing of noisy data will emerge gigantic errors. This problem can be addressed by using a sampling mechanism. This mechanism can perturb sampled statistics while skipping non-sampled statistics 1 . In this case, we can employ skipping a point to save budget for future perturbation. Inspired by the RescueDP strategy, we exploit a proportional-integral-derivative (PID) controller to change the sampling rate based on dynamic historical data. In the RescureDP algorithm, the authors uses non-fixed sampling points but may result in the fact that the budget may not be fully utilized. Different from the RescureDP algorithm, we adopt the optimal number of sampling points. As a result, the budget allocation strategy is equal to each of the sampling points. The measurement of feedback errors in the region j is defined as follows.
where k n and k n−1 indicate the current sampling point and the last sampling point, respectively. It shows that data changes rapidly when the error E j kn increases. Then, the full PID error δ j of region j is defined as below.
where C p , C d , and C i denote proportional gain, integral gain and derivative gain, respectively. Intuitively, the sampling interval needs to be small with rapid data change. Thus, a new sampling interval I is defined as follows.
In (6), I and I l denote the existing and the last sampling interval of region j, respectively. Unlike the RescueDP strategy, the PID error is the only factor that influences the sampling interval. The reason is that the budget is equally allocated at all sampling points. In other words, Therefore, data dynamics in the adaptive sampling design can be better characterized by the sampling interval.

4.3.
The adaptive ω-event privacy design. Suppose that the starting and ending points of the window are both sampling points, the size of window ω is determined as follows, where n is the number of sampling points in current window. I k represents the sampling interval. For example, I 0 is the interval between the first and the second sampling point in current window. Obviously, the size of the window is determined by n and I k . I k is adaptive adjust by Adaptive Sampling Mechanism and n can be obtained as follows. According to (1), (3), and (7), QoP in a window can be calculated as follows.
QoP (x, r) = θ n−1 Then the optimal number of sampling points N that maximizes QoP is defined as max QoP where ω is the mean of all window size over all timestamps. As a result, the optimal number of sampling points N can be obtained if the sampling interval I k and perturbed statistics is known. After obtaining N , we enable n identical to N . Next, the procedures of the adaptive ω-event privacy mechanism are described as follows. Note that N can be obtained by machine learning from history data and I k can be obtained by an adaptive sampling mechanism. Assume that the next sampling point is I and I 0 , · · · , I N −1 are sampling intervals in the current window, respectively. When the window slides to the next sampling point, we first observe the number of sampling point n. If N > n, we should increase the size of the window when I > I 0 , i.e., ω = ω l + ∆, where ω and ω l are the next and last window, respectively. ∆ is the difference between I and I 0 . Here, N ≥ n holds because the ending point of the window can slide to the next sampling point while the starting point of the window cannot slide to the second point when I < I 0 . In this case, we should decrease the window size by moving the starting point of the window to the second point. In addition, ω l is not changeable when I = I 0 .

The smart grouping algorithm.
A naive method to achieve differential privacy is to inject the Laplace noises to statistics. Nonetheless, it is likely to introduce more perturbation errors, especially in statistics with small values. Therefore, the authors in [36] present a dynamic grouping algorithm to aggregate regions with small statistics together in a dynamic way with the change of statistics. Yet, dynamic grouping algorithms also show limitations in some aspects. First, the method to predict statistics at the sampling point t i in region j may not be accurate, which can lead to greater errors. Second, it may not be suitable to employ fixed thresholds of τ 1 , τ 2 , and τ 3 to achieve dynamic grouping in realistic scenarios. Therefore, we present a smart grouping algorithm in this subsection. The proposed grouping algorithm can smartly aggregate regions with small statistics in the noise scenarios. Different from the RescueDP strategy, our grouping algorithm is mainly based on machine learning algorithm. Thus, the ARIMA model is firstly used to predict statistics at the existing sampling point t i in region j, i.e., r j ti . Then, we just use one threshold τ that can be dynamically generated according to the budget allocated to each sampling point i . It is shown in this research that the inverse proportion could better represent the relationship between the anti-noise threshold τ and the allocation budget for each timestamp i . At last, we implement the affinity propagation (AP) algorithm [19] to aggregate regions, where the predict statistics r j ti is less than the anti-noise threshold τ . The smart grouping algorithm is presented in Algorithm 2. It can be seen that only the regions that need to be sampled (denoted by S) can be grouped at timestamps. We can divide Algorithm 2 into four parts. The first one called as region filtering is from line 1 to line 7, which can filter out the candidate regions based on r j ti > τ . Next, we initialize three parameters that are used to represent data characteristics, i.e., similarity s(i, k) = − r j ti − r k ti 2 , responsibility r(i, k), and availability a(i, k) 2 . In the third step (from line 11 to line 16), we can find the cluster center x i for each region i and determine the corresponding clusters C xi when r(i, k) and a(i, k) converge (i.e., do not change significantly within a fixed number of iterations). Finally, we can achieve the grouping results through line 17 of Algorithm 2.

Algorithm 2 Smart Grouping Algorithm
Input:S ti : the regions that need to be sampled at t i Output: G ti : The grouping strategy at t i 1: for each region i in S ti do 2: Predict statistics (denoted by r i ti ) using the ARIMA model 3: if r i ti > τ then 4: Let the region i itself as a group

5:
Add the group to G ti 6: else 7: Add the region into Φ 8: Calculate the similarities s(i, j) between pairs of regions in Φ; 9: Initialize all a(i, j) to be zero; 10: Initialize r(i, j) = Σi,j s(i,j) N 2 ; 11: while not convergent do 12: Cluster result: P = {C j | j is a cluster center} 17: Group the regions in Φ according P and add each group to G ki 18: return The grouping strategy G ti 5.2. Smart grouping-based perturbation. Based on the design of adaptive sampling, we intend to deliberately inject additional noises into publishing statistics by using the Laplace mechanism [16]. These publishing statistics do not include the non-sampled statistics that can be approximated by the last publishing statistics. To achieve the additional noises loading, we present a method of smart groupingbased perturbation. This method consists a perturbation step and an allocation step. In the perturbation step, the Laplace mechanism is applied in each group rather than in each region due to the utilization of the grouping algorithm. Here, we first provide the definition of the Laplace mechanism as follows.
where the noise follow a Laplace distribution with mean zero and scale ∆(f )/ .
And the ∆(f ) is sensitivity of f , which defined as the maximum L 1 norm for all neighboring dataset 3 D , D ∈ D.
The RescueDP strategy may not make full use of the total budget. The reason is that it takes the smallest budget of a region in a group as the budget of the entire group for the purpose of avoiding exceeding the total budget. Different from this, we fix the number of sampling points and allocate the total budget to each sampling point uniformly in our algorithm. As a result, the budget used for a group is the anyone in the budget of each region. The total budget can be utilized fully.
We assume that a group g has κ regions, i.e., g is composed of κ columns of D i (g ⊆ D i ). In addition, f (g) represents a function to aggregate the number of data contributors in g. Intuitively, because all contributors can only appear in one region at one timestamp, the sensitivity of the function f is equal to 1, i.e., ∆(f ) = 1. Then, the Laplace mechanism can be employed in group g as follows, where g[j] is the jth region of the group g and λ(g) represents the scale of Laplace noises injected into f (g).
In the allocation step, we allocate the group perturbed statistic to each region according to the predicted statistics of each region. In this way, we can avoid errors resulted from the average operation adopted in the RescueDP strategy. Our allocation method is shown as follows.
where α j is the weight of each region. It can be calculated by the predicted statistics of each region, i.e., In this way, the perturbed statistics of each region is more accurate.
6. Performance discussion. In this section, we first analyze the privacy of our proposed ADP framework in theory, then provide several numerical simulation results to study the performance of our framework in terms of MAE as well as QoP.
Theorem 6.1. The proposed ADP framework satisfies -differential privacy.
Proof. In the ADP framework, perturbation is the only possible mechanism to disclose private information because it is the only one to access raw data. As a result, if we prove that the perturbation mechanism satisfies -differential privacy, the ADP framework can meet the requirement of -differential privacy subsequently. On the basis of the smart grouping strategy G ti , each group includes several disjoint regions. We assume that g i with κ i regions is an arbitrary group of G ti . According to (8), the laplace mechanism on group g i is as follows, where g i [j] is the jth region of g i and ∆(f ) = 1. Based on Definition 5.1, R(g i ) satisfies i -differential privacy. According to Axiom 2.1.1 in [27], post-processing sanitized data will not reveal privacy as long as the sensitive information is not available directly in the post-processing algorithm. As a result, R(g i [j]), ∀j = 1, ···, κ i , also satisfies i -differential privacy. Assume that i and i represent the budget used for perturbation and the budget by the budget allocation mechanism for a region at timestamp i, respectively. If all allocated budget is employed for perturbation in our algorithm, then i = i holds.
Based on Theorem 3 in [26], the perturbation mechanism of a region satisfies -differential privacy for every t and k ∈ [t], if it holds that This means that the budget allocation mechanism can ensure k i=k−ω+1 i ≤ for any sliding window ω timestamps for the reason that i = i holds. Thus, the perturbation mechanism on each group can satisfy -differential privacy. In other words, the ADP algorithm also satisfies -differential privacy.
6.2. Numerical simulation results. We compare the performance of our ADP algorithm with the RescueDP strategy and the BA scheme over real and synthetic data sets. The RescueDP and the BA are two latest schemes that provide -event privacy for real time aggregate data publishing. We employ MAE and QoP as metrics to study the performance of the three schemes. The specific calculation of these metrics is given by (1) and (8). Our experiment is conducted in Python environment in Windows 7 operating system.
In our experiment, we use two real-world data sets, i.e., Capital [42] and CTR [41], to discuss the performance. The dataset of Capital provides an accurate data containing the bikeshare trip in Washington D.C. for one year from January 1, 2016 to December 31, 2016. It contains a total of 3,333,791 bikeshare trajectories. Each of them consists of the bike number, the end station and time, and the start station and time. The dataset of CTR consists of ad click records between October 21,2014 and October 30,2014. It contains 40,428,967 records and each record includes an ad ID, a device IP and a timestamp, etc. And then, the number of clicks of each ad is published per hour. In addition, we also exploit a famous moving users generator, named as San, by Brinkhoff in [35] to generate a synthetic dataset. Also, the map of San Joaquin is also used in our experiments. More detailed settings can refer to [36].
6.2.1. Utility v.s. privacy. In Fig. 3, we compare our ADP scheme, the RescueDP scheme, and the BA scheme in terms of the trade-off between utility and privacy. It is clear that when increases, the QoP of three schemes grow gradually while the MAE decreases. The reason is that the larger means the smaller noise need to be injected. Moreover, for three data sets, the ADP scheme outperforms the RescueDP scheme and the BA scheme greatly, especially in a small privacy budget. The superior performance of the ADP scheme results from the following three aspects. First, due to the design of the optimal number of sampling points and the corresponding privacy budget allocation mechanism, the privacy budget is fully used for private perturbation. Second, the adaptive ω-event privacy mechanism in the ADP scheme satisfies the privacy window adaptively and improves the practicability of the scheme. Finally, the smart grouping-based perturbation mechanism can provide better grouping results to reduce the error introduced by Laplace mechanism.
6.2.2. Effect of adaptive ω-event privacy mechanism. In order to highlights the advantages of adaptive ω-event privacy mechanism, we compare our ADP scheme with a variant version, ADP (f ), which only adapts fixed ω-event privacy mechanism. Fig. 4 demonstrates the comparison results in terms of MAE and QoP. It can be clearly seen that the adaptive ω mechanism can increase QoP while decrease MAE significantly in both real-world and synthetic datasets. Therefore, we can draw the conclusion that the adaptive ω-event privacy mechanism advances the quality of release data considerably and it is more down-to-earth for many real-world scenarios.  6.2.3. Effect of smart grouping mechanism. In this part, we investigate the performance of our smart grouping mechanism as well as the traditional grouping mechanism proposed in the RescueDP scheme [36]. As shown in Fig. 5, both MAE and QoP of the smart grouping mechanism is exceed the traditional grouping mechanism. The excellent performance of smart grouping is chiefly benefit from the application of machine learning algorithms.  7. Conclusion. In this paper, we present a real-time scheme with adaptive ω-event for differentially private time-series publishing (ADP). This scheme is composed of a QoP-based adaptive ω-event privacy mechanism, a smart grouping-based perturbation mechanism, and a filtering mechanism. The key innovation is that we propose adaptive ω-event privacy that can adjust the size of the protection window adaptively. It can be more adapted to practical scenarios. In order to evaluate privacy quality more comprehensively, we present QoP with the protection window size. Moreover, an affinity propagation (AP)-based new grouping mechanism is designed to make accurate grouping. Finally, we provide a theory to prove that ADP satisfies differential privacy in theoretical. Extensive experiments over real-world and synthetic datasets show that the ADP scheme outperforms existing methods and improves the utility of real-time data publishing with strong privacy preserving.