基于隐私风险评估的脱敏算法自适应方法

doi:10.11959/j.issn.2096-109x.2023037

Abstract

Abstract:

The financial industry deals with a vast amount of sensitive data in its business operations.However, the conventional approach of binding financial data for desensitization and using desensitization algorithms is becoming inefficient due to the fast-paced growth of financial businesses and the proliferation of data types.Additionally, manual verification and assessment of desensitized data by security experts are time-consuming and may carry potential privacy risks due to the improper selection of desensitization algorithms.While prior research has emphasized desensitization methods and privacy-preserving technologies, limited work has been conducted on desensitization algorithms from the perspective of automation.To address this issue, an adaptive recommendation framework was propose for selecting desensitization strategies that consider various factors, such as existing privacy protection technologies, data quality requirements of business scenarios, security risk requirements of financial institutions, and data attributes.Specifically, a dual-objective evaluation function was established for privacy risk and data quality to optimize the selection of desensitization algorithm parameters for different algorithms.Furthermore, the desensitization algorithm and parameters were adaptively selected by considering the data attributes through a multi-decision factor system and desensitization effect evaluation system.Compared to traditional approaches, the proposed framework effectively tackle issues of reduced data usability and inadequate personal data privacy protection that derive from manual intervention.Testing on a dataset with multiple financial institution types, the experiments show that the proposed method achieves a recommendation accuracy exceeding 95%, while the desensitized privacy risk level differed by less than 10% from the expected level.Additionally, the recommendation efficiency is 100 times faster than expert manual processing.

Key words: automatic data desensitization, privacy risk assessment, artificial intelligence, financial sensitive data

CLC Number:

TP393

Lijun ZU, Yalin CAO, Xiaohua MEN, Zhihui LYU, Jiawei YE, Hongyi LI, Liang ZHANG. Adaptive selection method of desensitization algorithm based on privacy risk assessment[J]. Chinese Journal of Network and Information Security, 2023, 9(3): 49-59.

Figures/Tables 10

References 31

[1]	王卓, 刘国伟, 王岩 ,等. 数据脱敏技术发展现状及趋势研究[J]. 信息通信技术与政策, 2020(4): 18-22.
	WANG Z , LIU G W , WANG Y ,et al. Research on the development and trend of data masking technology[J]. Information and Communications Technology and Policy, 2020,46(4): 18-22.
[2]	中华人民共和国个人信息保护法[S]. 2021.
	Personal Information Protection Law of The People's Republic of China[S]. 2021.
[3]	王茂华, 郝云力, 褚亚伟 . 具有隐私保护功能的数据加密算法[J]. 计算机工程与应用, 2014,(23): 87-90.
	WANG M H , HAO Y L , CHU Y W . Data encryption algorithm with privacy protection function[J]. Computer Engineering and Applications, 2014,0(23): 87-90.
[4]	周期律, 张旭春, 蔡仕志 . 商业银行客户姓名脱敏技术研究[J]. 中国金融电脑, 2014(6): 65-68.
	ZHOU Q L , ZHANG X C , CAI S Z . Research on commercial bank customer name desensitization technology[J]. Financial Computer of China, 2014(6): 65-68.
[5]	LATANYA S , K-ANONYMITY . A model for protecting privacy[J]. International Journal of Uncertainty,Fuzziness and Knowledgebased Systems:IJUFKS, 2002,10(5): 557-570.
[6]	WANG M , JIANG Z , ZHANG Y ,et al. T-closeness slicing:a new privacy-preserving approach for transactional data publishing[J]. INFORMS Journal on Computing, 2018,30(3): 438-453.
[7]	SORIA-COMAS J , DOMINGO-FERRER J , SANCHEZ D ,et al. t-closeness through microaggregation:Strict privacy with enhanced utility preservation[J]. IEEE Transactions on Knowledge and Data Engineering, 2015,27(11): 3098-3110.
[8]	DONG J , ROTH A , SU W J . Gaussian differential privacy[J]. Journal of the Royal Statistical Society Series B:Statistical Methodology, 2022,84(1): 3-37.
[9]	CYNTHIA D , JING L . Differential privacy and robust statistics[C]// Proceedings of the 41st Annual ACM Symposium on Theory of Computing, 2009: 371-380.
[10]	BENALOH J . Dense probabilistic encryption[C]// Proceedings of the Workshop on Selected Areas of Cryptography. 1994: 120-128.
[11]	AGGARWAL N , GUPTA C P , SHARMA I . Fully homomorphic symmetric scheme without bootstrapping[C]// Proceedings of 2014 International Conference on Cloud Computing and Internet of Things. 2014: 14-17.
[12]	VENU D , MAYURI A V R , NEELAKANDAN S ,et al. An efficient low complexity compression based optimal homomorphic encryption for secure fiber optic communication[J]. Optik, 2022,252:168545.
[13]	ZHANG X , LIU C , NEPAL S ,et al. A hybrid approach for scalable sub-tree anonymization over big data using MapReduce on cloud[J]. Journal of Computer and System Sciences, 2014,80(5): 1008-1020.
[14]	MOHAMMADIAN E , Noferesti M , JALILI R . FAST:fast anonymization of big data streams[C]// Proceedings of the 2014 International Conference on Big Data Science and Computing. 2014: 1-8.
[15]	徐李阳, 李慧芹, 赵文华 ,等. 基于卷积神经网络的敏感数据自动脱敏方法[J]. 自动化应用, 2021(10): 86-88.
	XU L Y , LI H Q , ZHAO W H ,et al. Automatic desensitization method of sensitive data based on convolutional neural network[J]. Automation Application, 2021(10): 86-88.
[16]	MADAN S , GOSWAMI P . Adaptive privacy preservation approach for big data publishing in cloud using k-anonymization[J]. Recent Advances in Computer Science and Communications, 2021,14(8): 2678-2688.
[17]	CHOROMANSKI K M , JEBARA T , TANG K . Adaptive anonymity via b-matching[J]. Advances in Neural Information Processing Systems, 2013,26: 3192-3200.
[18]	佟玲玲, 李鹏霄, 段东圣 ,等. 面向异构大数据环境的数据脱敏模型[J]. 北京航空航天大学学报, 2022,48(2): 249-257.
	TONG L L , LI P X , DUAN D S ,et al. Data masking model for heterogeneous big data environment[J]. Journal of Beijing University of Aeronautics and Astronautics, 2022,48(2): 249-257.
[19]	WAGNER , ISABEL , ECKHOFF ,et al. Technical privacy metrics:a systematic survey[J]. ACM Computing Surveys (CSUR), 2018,51(3): 1-38.
[20]	ORACLE. Oracle data masking[EB].
[21]	IBM. InfoSphere optim data privacy[EB].
[22]	INFORMATICA. Data masking[EB].
[23]	熊金波, 王敏燊, 田有亮 ,等. 面向云数据的隐私度量研究进展[J]. 软件学报, 2018,29(7): 1963-1980.
	XIONG J B , WANG M S , TIAN Y L ,et al. Research Progress on Privacy Measurement for Cloud Data[J]. Journal of Software, 2018,29(7): 1963-1980.
[24]	乔宏明, 梁奂 . 运营商面向大数据应用的数据脱敏方法探讨[J]. 移动通信, 2015(13): 17-20,24.
	QIAO H M , LIANG H . Discussion on operators' data desensitization methods for big data applications[J]. Mobile Communications, 2015(13): 17-20,24.
[25]	GB/T 42460-2023,信息安全技术个人信息去标识化效果分级评估指南[S]. 北京:中国标准出版社, 2023.
	GB/T 42460-2023,Information security technology—Gguide for evaluating the effectiveness of personal information de-identification[S]. Beijing:Standards Press of China, 2023.
[26]	XU W , YUAN K , LI W ,et al. An emerging fuzzy feature selection method using composite entropy-based uncertainty measure and data distribution[J]. IEEE Transactions on Emerging Topics in Computational Intelligence, 2023,7(1): 76-88.
[27]	FUNG B , WANG K , CHEN R ,et al. Privacy-preserving data publishing:a survey of recent developments[J]. ACM computing surveys, 2010,42(4): 1-53.
[28]	BAYARDO R J , AGRAWAL R . Data privacy through optimal k-anonymization[C]// 21st International Conference on Data Engineering, 2005: 217-228.
[29]	LU Q , WANG C , XIONG Y ,et al. Personalized privacy-preserving trajectory data publishing[J]. Chinese Journal of Electronics, 2017,26(2): 285-291.
[30]	XIAO X , TAO Y . Personalized privacy preservation[C]// Proceedings of the 2006 ACM SIGMOD International Conference on Management of Data. 2006: 229-240.
[31]	姜火文, 曾国荪, 马海英 . 面向表数据发布隐私保护的贪心聚类匿名方法[J]. 软件学报, 2017,28(2): 341-351.
	JIANG H W , ZENG G S , MA H Y . Greedy clustering-anonymity method for privacy preservation of table datapublishing[J]. Journal of Software, 2017,28(2): 341-351.

Metrics

Recommended 0

No Suggested Reading articles found!

脱敏算法分类	算法模型	参数
	取整	无
	顶部和底部编码	无
基于泛化的技术	掩码	掩码位数
	截断	截断位数
	K匿名以及扩展模型^[23]	k、l、t
	保序加密	密钥
基于密码的技术	保留格式加密	密钥
	同态加密	密钥
基于数据合成技术	—	无
	随机响应	随机概率p
基于扰动技术	交换	随机概率p
	差分隐私^[8]	epsilon

数据来源	数据类型	技术场景	主要使用场景	预期风险	涉及敏感数据类型
	员工信息数据1	数据内部共享	用于展示	0.2	员工姓名、性别、电话号码、邮编
XX 银行OA部门	员工信息数据2	对外完全公开	用于展示	0.1	员工姓名、性别、电话号码、邮编
	项目数据	数据内部共享	作为Key使用	0.1	姓名、单位名称、金额、链接等
	合同数据	数据内部共享	用于统计	0.3	姓名、合同名称、金额、币种、供应商等
XX银行交易部门	个人交易流水数据	对外领地公开	参与计算	0.1	交易方姓名账户、被交易方姓名账户、交易金额等

列名	敏感类别	敏感级别	使用方式	脱敏算法
incomeExpensesType	交易类型	2	展示使用	掩码
transAt	交易金额	3	统计使用	Laplace差分隐私
balance	余额	3	展示使用	掩码
…	…	…	…	…
outAcctName	姓名	3	作为key使用	基于密码的假名化技术

数据大小		运行时间/s	专家经验时间/s
列数	行数	运行时间/s	专家经验时间/s
51	9	0.01	1200
25	11 280	0.805	480
38	11 329	0.902	840
155	20 206	3.05	2 400
151	3 002	1.54	2 300
9	4 373	0.03	300
28	1 979	0.552	600

Adaptive selection method of desensitization algorithm based on privacy risk assessment

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 10

References 31

Related Articles 10

Metrics

Recommended 0

[1]	Peng HOU, Zhixin LI, Fei ZHANG, Xu SUN, Dan CHEN, Yihao CUI, Hanbing ZHANG, Yinan JIN, Hongfeng CHAI. Technology and practice of intelligent governance for financial data security [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 174-187.
[2]	Xiaochen SHEN, Yinhui GE, Bo CHEN, Ling YU. Research on construction technology of artificial intelligence security knowledge graph [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 164-174.
[3]	Yi XIA, Mingjng LAN, Xiaohui CHEN, Junyong LUO, Gang ZHOU, Peng HE. Survey on explainable knowledge graph reasoning methods [J]. Chinese Journal of Network and Information Security, 2022, 8(5): 1-25.
[4]	Nan WEI, Lihua YIN, Hong NING, Binxing FANG. Preliminary study on the reform of machine learning teaching [J]. Chinese Journal of Network and Information Security, 2022, 8(4): 182-189.
[5]	Qingyin TAN, Yingming ZENG, Ye HAN, Yijing LIU, Zheli LIU. Survey on backdoor attacks targeted on neural network [J]. Chinese Journal of Network and Information Security, 2021, 7(3): 46-58.
[6]	Kui REN, Quanrun MENG, Shoukun YAN, Zhan QIN. Survey of artificial intelligence data security and privacy protection [J]. Chinese Journal of Network and Information Security, 2021, 7(1): 1-10.
[7]	Gang XIONG,Yuwei GE,Yanjie CHU,Weiquan CAO. Model of cyberspace threat early warning based on cross-domain and collaboration [J]. Chinese Journal of Network and Information Security, 2020, 6(6): 88-96.
[8]	Fan ZHANG, Fan XIE, Jie JIANG. Survey on the visualization technologies of threatening security data in cyber space [J]. Chinese Journal of Network and Information Security, 2018, 4(2): 34-39.
[9]	Chao WANG,Yun-jiang WANG,Feng HU. Shaping the future of commercial quantum computer and the challenge for information security [J]. Chinese Journal of Network and Information Security, 2016, 2(3): 17-27.
[10]	Jian-hua LI. Overview of the technologies of threat intelligence sensing,sharing and analysis in cyber space [J]. Chinese Journal of Network and Information Security, 2016, 2(2): 16-29.