网络与信息安全学报 ›› 2023, Vol. 9 ›› Issue (3): 49-59.doi: 10.11959/j.issn.2096-109x.2023037

• 学术论文 • 上一篇    下一篇

基于隐私风险评估的脱敏算法自适应方法

祖立军1,2, 曹雅琳3, 门小骅2, 吕智慧1, 叶家炜1, 李泓一1, 张亮3   

  1. 1 复旦大学金融科技研究院,上海 200433
    2 中国银联股份有限公司,上海 201210
    3 华为技术有限公司,江苏 南京 210012
  • 修回日期:2023-05-30 出版日期:2023-06-25 发布日期:2023-06-01
  • 作者简介:祖立军(1986- ),男,江苏扬州人,复旦大学博士生,中国银联股份有限公司高级工程师,主要研究方向为开放银行场景下的金融科技研究与应用
    曹雅琳(1991- ),女,安徽宿州人,华为技术有限公司高级工程师,主要研究方向AI通信、数据安全和隐私保护
    门小骅(1990- ),女,河北邯郸人,博士,中国银联股份有限公司工程师,主要研究方向为开放银行、金融数据安全
    吕智慧(1975- ),男,内蒙古人,复旦大学教授、博士生导师,主要研究方向为大数据架构、区块链分布式系统、网络安全技术
    叶家炜(1977- ),男,上海人,复旦大学工程师,主要研究方向为网络与信息安全、敏感信息保护、金融科技安全
    李泓一(2000- ),女,江西南昌人,复旦大学硕士生,主要研究方向为金融科技安全
    张亮(1982- ),男,山东淄博人,博士,华为技术有限公司高级工程师,主要研究方向为网络 AI 算法、IP协议与转发
  • 基金资助:
    国家重点研发计划(2021YFC330060)

Adaptive selection method of desensitization algorithm based on privacy risk assessment

Lijun ZU1,2, Yalin CAO3, Xiaohua MEN2, Zhihui LYU1, Jiawei YE1, Hongyi LI1, Liang ZHANG3   

  1. 1 School of Financial Technology, Fudan University, Shanghai 200433, China
    2 China UnionPay Co., Ltd, Shanghai 201210, China
    3 Huawei Technologies Co., Ltd, Nanjing 210012, China
  • Revised:2023-05-30 Online:2023-06-25 Published:2023-06-01
  • Supported by:
    The National Key R&D Program of China(2021YFC330060)

摘要:

金融行业业务处理中含大量的敏感数据。金融业务的快速发展导致数据种类激增,目前绑定待脱敏金融数据以及脱敏算法的方式效率较低,依靠安全专家经验对脱敏数据进行人工检查与风险评估耗时长。脱敏算法的选择不当导致脱敏处理后的金融数据存在潜在隐私泄露风险。国内外研究大多侧重脱敏方法的实现和隐私保护技术,极少从自动化角度对脱敏算法进行研究。为提高脱敏效率和隐私保护透明度,通过梳理现有隐私保护技术特点、业务场景对数据质量需求、金融机构对安全风险要求、数据属性等因素,搭建自适应选择脱敏策略推荐框架,建立通用隐私风险和数据质量双目标评估函数,基于多决策因素体系和脱敏效果评估,实现脱敏算法和参数的自适应选择。相较于传统数据脱敏方式,所提方法能有效解决人工干预带来的脱敏数据可用性差和个人数据隐私保护性不足等问题,在多类金融机构数据测试集实验下,所提方法推荐准确率达到 95%以上,脱敏后的隐私风险非常接近预期隐私风险水平,差距小于 10%,推荐效率相较于专家人工处理时间提升100倍。

关键词: 自动脱敏, 隐私风险评估, 人工智能, 金融敏感数据

Abstract:

The financial industry deals with a vast amount of sensitive data in its business operations.However, the conventional approach of binding financial data for desensitization and using desensitization algorithms is becoming inefficient due to the fast-paced growth of financial businesses and the proliferation of data types.Additionally, manual verification and assessment of desensitized data by security experts are time-consuming and may carry potential privacy risks due to the improper selection of desensitization algorithms.While prior research has emphasized desensitization methods and privacy-preserving technologies, limited work has been conducted on desensitization algorithms from the perspective of automation.To address this issue, an adaptive recommendation framework was propose for selecting desensitization strategies that consider various factors, such as existing privacy protection technologies, data quality requirements of business scenarios, security risk requirements of financial institutions, and data attributes.Specifically, a dual-objective evaluation function was established for privacy risk and data quality to optimize the selection of desensitization algorithm parameters for different algorithms.Furthermore, the desensitization algorithm and parameters were adaptively selected by considering the data attributes through a multi-decision factor system and desensitization effect evaluation system.Compared to traditional approaches, the proposed framework effectively tackle issues of reduced data usability and inadequate personal data privacy protection that derive from manual intervention.Testing on a dataset with multiple financial institution types, the experiments show that the proposed method achieves a recommendation accuracy exceeding 95%, while the desensitized privacy risk level differed by less than 10% from the expected level.Additionally, the recommendation efficiency is 100 times faster than expert manual processing.

Key words: automatic data desensitization, privacy risk assessment, artificial intelligence, financial sensitive data

中图分类号: 

No Suggested Reading articles found!