摘要
金融行业业务处理中含大量的敏感数据。金融业务的快速发展导致数据种类激增,目前绑定待脱敏金融数据以及脱敏算法的方式效率较低,依靠安全专家经验对脱敏数据进行人工检查与风险评估耗时长。脱敏算法的选择不当导致脱敏处理后的金融数据存在潜在隐私泄露风险。国内外研究大多侧重脱敏方法的实现和隐私保护技术,极少从自动化角度对脱敏算法进行研究。为提高脱敏效率和隐私保护透明度,通过梳理现有隐私保护技术特点、业务场景对数据质量需求、金融机构对安全风险要求、数据属性等因素,搭建自适应选择脱敏策略推荐框架,建立通用隐私风险和数据质量双目标评估函数,基于多决策因素体系和脱敏效果评估,实现脱敏算法和参数的自适应选择。相较于传统数据脱敏方式,所提方法能有效解决人工干预带来的脱敏数据可用性差和个人数据隐私保护性不足等问题,在多类金融机构数据测试集实验下,所提方法推荐准确率达到95%以上,脱敏后的隐私风险非常接近预期隐私风险水平,差距小于10%,推荐效率相较于专家人工处理时间提升100倍。
The financial industry deals with a vast amount of sensitive data in its business operations.However,the conventional approach of binding financial data for desensitization and using desensitization algorithms is becoming inefficient due to the fast-paced growth of financial businesses and the proliferation of data types.Additionally,manual verification and assessment of desensitized data by security experts are time-consuming and may carry potential privacy risks due to the improper selection of desensitization algorithms.While prior research has emphasized desensitization methods and privacy-preserving technologies,limited work has been conducted on desensitization algorithms from the perspective of automation.To address this issue,an adaptive recommendation framework was propose for selecting desensitization strategies that consider various factors,such as existing privacy protection technologies,data quality requirements of business scenarios,security risk requirements of financial institutions,and data attributes.Specifically,a dual-objective evaluation function was established for privacy risk and data quality to optimize the selection of desensitization algorithm parameters for different algorithms.Furthermore,the desensitization algorithm and parameters were adaptively selected by considering the data attributes through a multi-decision factor system and desensitization effect evaluation system.Compared to traditional approaches,the proposed framework effectively tackle issues of reduced data usability and inadequate personal data privacy protection that derive from manual intervention.Testing on a dataset with multiple financial institution types,the experiments show that the proposed method achieves a recommendation accuracy exceeding 95%,while the desensitized privacy risk level differed by less than 10% from the expected level.Additionally,the recommendation efficiency is 100 times faster than expert manual processing.
作者
祖立军
曹雅琳
门小骅
吕智慧
叶家炜
李泓一
张亮
ZU Lijun;CAO Yalin;MEN Xiaohua;LYU Zhihui;YE Jiawei;LI Hongyi;ZHANG Liang(School of Financial Technology,Fudan University,Shanghai 200433,China;China UnionPay Co.,Ltd,Shanghai 201210,China;Huawei Technologies Co.,Ltd,Nanjing 210012,China)
出处
《网络与信息安全学报》
2023年第3期49-59,共11页
Chinese Journal of Network and Information Security
基金
国家重点研发计划(2021YFC330060)。
关键词
自动脱敏
隐私风险评估
人工智能
金融敏感数据
automatic data desensitization
privacy risk assessment
artificial intelligence
financial sensitive data
