The need for privacy in intrusion detection data, such as audit logs is widely recognized. The prevalent method for privacy protection in audit logs is pseudonymization (and suppression). There is a clear trade-off between the privacy of a pseudonymization technique and its utility for intrusion detection. E.g., for IP addresses a method for prefixpreserving pseudonymization has been developed, that allows pseudonymized IP addresses to be still grouped into subnets. This paper describes a

more »

... nymization technique for timestamps that is distance preserving. I.e. given two pseudonymized timestamps one can compute the distance δ, if δ is below or equal to an agreed threshold d and one cannot compute δ if δ ≥ 2d. We extend our technique for twodimensional spatial data, e.g. location of objects or persons. We also evaluate the privacy any such distance-preserving technique can provide for timestamps theoretically and on real-world log data.