Real-Time Compliance Monitoring Engine Based on eBPF: Privacy-Enabled Data Tracking for Edge Computing

This research focuses on the data compliance requirements of heterogeneous edge nodes, creating a real-time privacy compliance monitoring system and model based on eBPF. It primarily targets two typical scenarios: intelligent connected vehicles and the Internet of Things in healthcare. The system deploys various probes such as eBPF/XDP, tracepoint, kprobe, and uprobe in a Linux 6. x environment, capturing system calls and network session metadata at the millisecond level. User-space acquisition processes aggregate events through buses such as Kafka to the policy engine and compliance data storage. In healthcare scenarios, the system can dynamically label and conduct compliance reviews of sensitive identifiers such as subjectᵢd and hadmᵢd in electronic medical record access logs, image transmissions, and monitoring data streams. In intelligent vehicle scenarios, the system focuses on vehicle gateways, domain controllers, roadside units, and charging facilities, performing fine-grained monitoring and policy management of data streams containing VIN-type identifiers, refined trajectories, telemetry data, and billing records. Under MIMIC-IV medical workloads and near-production-level vehicle-to-everything (V2X) telemetry workloads, this system maintains event capture latency below 5 ms and compliance detection accuracy above 99. 5% under high concurrency conditions, while keeping CPU/memory overhead low. Compared with general solutions such as Cilium and Elastic Beats, this method is superior in terms of policy hot update capability, evidence chain integrity, and scalability for large-scale fleets and multi-hospital clusters. This demonstrates that real-time privacy compliance monitoring based on eBPF has engineering feasibility and promotional significance in security-critical edge scenarios such as healthcare and smart cars.