Data privacy protection management system for network security

The modularly designed network security data privacy protection system utilizes semantic graph structures and multimodal feature fusion to solve the problems of insufficient recognition accuracy and rigid response strategies in existing technologies, achieving efficient and flexible data privacy protection in complex scenarios.

WO2026118362A1PCT designated stage Publication Date: 2026-06-11SHANDONG HUAYU UNIV OF TECH

Patent Information

Authority / Receiving Office
WO · WO
Patent Type
Applications
Current Assignee / Owner
SHANDONG HUAYU UNIV OF TECH
Filing Date
2025-04-28
Publication Date
2026-06-11

Smart Images

  • Figure CN2025091728_11062026_PF_FP_ABST
    Figure CN2025091728_11062026_PF_FP_ABST
Patent Text Reader

Abstract

The present application relates to the field of network security. Disclosed is a data privacy protection management system for network security. The system comprises: a data access and preprocessing module; a sensitivity analysis module, which is connected to the data access and preprocessing module; a representation learning module, which is connected to the data access and preprocessing module; a sensitivity identification module, which is respectively connected to the sensitivity analysis module and the representation learning module; a risk assessment module, which is connected to the sensitivity identification module; a policy decision-making module, which is connected to the risk assessment module; and an auditing feedback module, which is respectively connected to the policy decision-making module and the sensitivity identification module. By means of a closed-loop architecture involving identification, assessment, decision-making and auditing, full-process automatic control of data sensitivity identification and response policy execution is achieved by using a modular decoupling design, thereby effectively overcoming the problems of a delayed policy response and limited coverage, and improving the overall response accuracy and processing efficiency of the system.
Need to check novelty before this filing date? Find Prior Art

Description

A network security data privacy protection management system Technical Field

[0001] This invention relates to the field of network security technology, specifically to a network security data privacy protection and management system. Background Technology

[0002] In the current field of data security and privacy protection, various technical solutions have been widely adopted for the identification and processing of sensitive information. Common methods include sensitive identification mechanisms based on regular expressions, entity dictionaries, or classification models, supplemented by static response strategies such as field masking, encrypted storage, or access control. In actual deployments, these solutions often rely on preset templates for policy configuration, achieving risk interception and data protection by setting identification thresholds or rule mappings. Some systems introduce deep learning models to improve semantic recognition capabilities, while others attempt to achieve policy refinement through tag systems or permission annotations. These technical approaches have a certain degree of adaptability in general business scenarios, can complete basic privacy identification and protection tasks, and have been applied in multiple data platforms, security gateways, and interface management products.

[0003] As the boundaries of data applications continue to expand, and the diversification of data structures and the dynamic nature of usage scenarios become increasingly prominent, existing technologies are gradually revealing some unavoidable challenges in practical operation. First, traditional sensitive identification mechanisms are limited by their contextual understanding capabilities. When faced with complex language expressions, unstructured information, or semantic ambiguity, the risk of misjudgment and missed judgment increases, making it difficult to guarantee identification accuracy. Second, policy response methods are mostly static mappings, lacking the ability to perceive processing costs, business importance, or system load, resulting in simplistic response measures and an inability to dynamically adjust policy combinations. Furthermore, current systems mostly employ linear processing flows, lacking the ability to optimize response paths. In scenarios with complex processing strategies and high operational coupling, the efficiency and maintainability of policy chain execution face bottlenecks. On the other hand, user behavior feedback and processing results have not been effectively incorporated into model adjustment mechanisms, lacking closed-loop learning capabilities. This makes it difficult for the system to self-iterate and adapt to environmental changes during long-term operation, affecting the flexibility and sustainability of the overall privacy protection system. Summary of the Invention

[0004] To address the shortcomings of existing technologies, this invention provides a network security data privacy protection and management system that solves the problems of existing management systems in network environments, such as difficulty in accurately identifying sensitive data, lack of dynamic optimization of response strategies, rigidity of processing links, and lack of closed-loop feedback optimization.

[0005] To achieve the above objectives, the present invention provides the following technical solution: a network security data privacy protection management system, comprising:

[0006] The data access and preprocessing module is used to receive data input from multiple data sources, perform standardized preprocessing on the data, and generate data blocks to be analyzed.

[0007] The sensitivity analysis module, connected to the data access and preprocessing module, is used to construct a semantic graph structure for the data block to be analyzed, and to calculate the structural entropy score of each data block based on the semantic similarity between nodes.

[0008] The representation learning module, connected to the data access and preprocessing module, is used to extract the multimodal semantic feature vectors of the data block and achieve semantic alignment of the multimodal features;

[0009] The sensitivity identification module is connected to the sensitivity analysis module and the representation learning module respectively. It is used to fuse the structural entropy score and semantic feature vector, classify the data block according to the sensitivity level based on the variational bottleneck mechanism, and output the corresponding sensitivity label and confidence value.

[0010] The risk assessment module, connected to the sensitive identification module, is used to establish a game model between the model identification strategy and the response strategy based on the identification results and a preset risk cost function, and output a jointly optimized response strategy suggestion.

[0011] The strategy decision module, connected to the risk assessment module, is used to construct a response strategy graph and search for the minimum cost path on the graph based on the response strategy recommendations, and output a response execution chain including de-identification, encryption and blocking operations.

[0012] The audit feedback module is connected to both the strategy decision module and the sensitivity identification module. It is used to record response execution logs, collect user feedback information, and update the model parameters of the sensitivity identification module based on Bayesian rules.

[0013] Preferably, the data access and preprocessing module includes:

[0014] A data acquisition unit is used to receive input from multiple structured or unstructured data sources;

[0015] The data cleaning unit is used to remove noise and complete missing data;

[0016] Format standardization units are used to convert data from different sources into a unified format for subsequent processing.

[0017] Preferably, the sensitivity analysis module includes:

[0018] Graph structure building unit, used to abstract input data blocks into nodes and build graph structures based on semantic relevance;

[0019] The feature extraction unit is used to extract the semantic edge weights between nodes;

[0020] The sensitivity calculation unit is used to calculate the structural entropy score of a data block based on node weights and connectivity to determine its sensitivity potential.

[0021] Preferably, the representation learning module includes:

[0022] Text feature encoding unit, used to extract data embedding representations in text modalities;

[0023] Image feature coding unit, used to extract representation vectors under image modalities;

[0024] The multimodal alignment unit is used to map different modal embeddings to a unified semantic space to achieve cross-modal semantic fusion.

[0025] Preferably, the representation learning module includes:

[0026] Text feature encoding unit, used to extract data embedding representations in text modalities;

[0027] Image feature coding unit, used to extract representation vectors under image modalities;

[0028] The multimodal alignment unit is used to map different modal embeddings to a unified semantic space to achieve cross-modal semantic fusion.

[0029] Preferably, the classification unit is based on a variational bottleneck optimization objective:

[0030] Where β(x) is a moderating factor used to control the trade-off between information compression and retention of sensitive features; p(z) is the prior distribution of the latent variables; x is the model input; y is the model supervision target; and z is the latent variable.

[0031] Preferably, the risk assessment module includes:

[0032] The risk strategy modeling unit is used to model the identification model and response strategy as a multi-objective game problem.

[0033] The risk quantification unit is used to calculate the false recognition rate, false recognition rate, and strategy cost.

[0034] The joint optimization unit is used to generate the joint policy output with minimum cost.

[0035] Preferably, the game optimization objective established by the risk strategy modeling unit is: L(m,s)=λ1·FP(m)+λ2·FN(m)+δ·C(s);

[0036] Where m is the identification model strategy; s is the response strategy; C(s) represents the response cost; and λ1, λ2, δ are adjustment coefficients.

[0037] Preferably, the strategy decision module includes:

[0038] The response map generation unit is used to construct response maps based on different sensitivity levels.

[0039] Path planning unit, used to search for the path with minimum total cost in the graph;

[0040] The response control unit is used to perform de-identification, encryption, and access control operations according to the selected path.

[0041] Preferably, the audit feedback module includes:

[0042] The log recording unit is used to record the behavioral trajectory of the identification and response process;

[0043] The user feedback collection unit is used to collect user operation feedback information;

[0044] The model update unit is used to dynamically adjust the sensitive identification module based on feedback data.

[0045] This invention provides a network security data privacy protection and management system. It has the following beneficial effects:

[0046] 1. This invention, through a closed-loop architecture of identification, evaluation, decision-making, and auditing, and employing a modular decoupled design, achieves fully automated control of the entire process of data sensitivity identification and response strategy execution. Compared to existing technologies that rely on static rule configuration and manual intervention, it effectively overcomes the problems of untimely policy response and limited coverage, improving the overall response accuracy and processing efficiency of the system.

[0047] 2. This invention employs a joint optimization modeling approach using risk cost functions, integrating multiple loss functions such as false positive rate, false negative rate, and strategy execution cost to achieve automatic selection of the minimum cost path for response strategies. Compared to the existing single-factor decision-making mechanism based on confidence levels, this invention solves the problem of the disconnect between processing results and actual business risks, enabling quantitative and refined strategy selection.

[0048] 3. This invention introduces a directed policy graph model and combines it with a dynamic path search algorithm to achieve dynamic generation and real-time adjustment of policy combination schemes. Compared with existing technologies where the response process relies on preset links and has a rigid structure, this design significantly improves the system's adaptability and policy combination flexibility in various data scenarios, and effectively reduces the cost of manual configuration and maintenance.

[0049] 4. Through audit feedback and incremental learning mechanisms, this invention continuously collects user feedback and processing results, adjusts model parameters and response rules in real time, and achieves online adaptive optimization of system performance. Unlike existing technologies where model training and policy configuration are disconnected and lack update mechanisms, this solution effectively solves the problems of declining model timeliness and policy aging, ensuring recognition accuracy and policy effectiveness during long-term operation. Attached Figure Description

[0050] Figure 1 is a system module architecture diagram of the present invention;

[0051] Figure 2 is a schematic diagram of the data access and preprocessing module of the present invention;

[0052] Figure 3 is a schematic diagram of the sensitivity analysis module of the present invention;

[0053] Figure 4 is a schematic diagram of the representation learning module of the present invention;

[0054] Figure 5 is a schematic diagram of the sensitive identification module of the present invention;

[0055] Figure 6 is a schematic diagram of the risk assessment module of the present invention;

[0056] Figure 7 is a schematic diagram of the strategy decision-making module of the present invention;

[0057] Figure 8 is a schematic diagram of the audit feedback module of the present invention. Detailed Implementation

[0058] The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort are within the scope of protection of the present invention.

[0059] Please refer to Figure 1. An embodiment of the present invention provides a network security data privacy protection management system, comprising:

[0060] The data access and preprocessing module is used to receive data input from multiple data sources, perform standardized preprocessing on the data, and generate data blocks to be analyzed.

[0061] The sensitivity analysis module, connected to the data access and preprocessing module, is used to construct a semantic graph structure for the data block to be analyzed, and to calculate the structural entropy score of each data block based on the semantic similarity between nodes.

[0062] The representation learning module, connected to the data access and preprocessing module, is used to extract the multimodal semantic feature vectors of the data block and achieve semantic alignment of the multimodal features;

[0063] The sensitivity identification module is connected to the sensitivity analysis module and the representation learning module respectively. It is used to fuse the structural entropy score and semantic feature vector, classify the data block according to the sensitivity level based on the variational bottleneck mechanism, and output the corresponding sensitivity label and confidence value.

[0064] The risk assessment module, connected to the sensitive identification module, is used to establish a game model between the model identification strategy and the response strategy based on the identification results and a preset risk cost function, and output a jointly optimized response strategy suggestion.

[0065] The strategy decision module, connected to the risk assessment module, is used to construct a response strategy graph and search for the minimum cost path on the graph based on the response strategy recommendations, and output a response execution chain including de-identification, encryption and blocking operations.

[0066] The audit feedback module is connected to both the strategy decision module and the sensitivity identification module. It is used to record response execution logs, collect user feedback information, and update the model parameters of the sensitivity identification module based on Bayesian rules.

[0067] Please refer to Figure 2. The data access and preprocessing module includes:

[0068] A data acquisition unit is used to receive input from multiple structured or unstructured data sources;

[0069] The data cleaning unit is used to remove noise and complete missing data;

[0070] Format standardization units are used to convert data from different sources into a unified format for subsequent processing.

[0071] Specifically, the data access and preprocessing module is responsible for the initial task of the overall system data flow. The main function of this module is to standardize and adapt the data from multiple sources, ensuring that subsequent modules have a unified semantic basis and structural format when receiving data.

[0072] Generally, the overall data processing flow of the system follows the sequence of "access-analysis-identification-response". Therefore, the data access and preprocessing module is not just a data channel module, but also an important guarantee for ensuring data quality, reducing information redundancy, and enhancing the accuracy of downstream judgment.

[0073] In this invention, the data access and preprocessing module communicates with the sensitivity analysis module and the representation learning module via a system bus. The preprocessed data structure object is simultaneously sent to subsequent modules for graph structure construction and semantic feature extraction, with the two paths running in parallel and independent of each other.

[0074] In this embodiment, the data access and preprocessing module includes, but is not limited to, the following processing steps:

[0075] This module first includes a data access interface submodule for connecting to various data sources. These include structured data sources (such as enterprise databases and business logs), semi-structured data (such as JSON logs and HTML page fragments), and unstructured data (such as text fields, image data, and audio input). Alternatively, the system supports real-time data stream access via RESTful API, WebSocket, or MQ message queues.

[0076] In one possible implementation, the data access interface submodule is internally configured with a data source recognition engine, capable of automatically identifying data types based on metadata and allocating them to different data channels. For example, if the data is identified as text, it is sent to the natural language processing path; if it is identified as an image, it is stored in a temporary cache and enters the asynchronous feature extraction process.

[0077] In some embodiments, the system employs a dual mechanism of rule templates and model recognition to perform data cleaning and judgment. The rule templates include common data format matching rules (e.g., ID numbers should be 18 digits and the checksum should conform to the rules, mobile phone numbers should be 11 digits and match the communication operator's number segment, etc.). The model recognition path introduces a lightweight classification model to perform signal-to-noise ratio analysis on the data to determine whether it is invalid or maliciously injected data.

[0078] As an alternative, the cleaning submodule in the system can also combine behavioral statistics and frequency analysis mechanisms to automatically identify and remove abnormal high-frequency fields, duplicate submission records, and segments with concentrated outliers.

[0079] After initial data cleaning, the system proceeds to the format standardization submodule. This submodule performs standardized structure encoding on data fields. For example, it converts dates in different formats to a unified UNIX timestamp format. For fields such as currency units or geographical addresses, it also performs standardized conversions or hierarchical parsing to ensure accurate extraction of entity elements during the semantic analysis phase.

[0080] In one possible implementation, the system performs sub-segment segmentation on the text field, that is, divides the original sentence into multiple semantic segments based on punctuation marks or language model segmentation points, with each segment serving as a node for subsequent graph structure construction.

[0081] To enhance the structure awareness capabilities in subsequent analysis stages, this module also introduces a local semantic compression mechanism. This mechanism reduces the complexity of subsequent structure construction by simplifying redundant descriptions, removing repeated phrases, and merging synonymous expressions, thereby compressing the length of input data while preserving core semantic content.

[0082] Furthermore, in order to quantify the information density of each data block before it enters the system, this invention proposes a preprocessing entropy score calculation formula as follows:

[0083] Among them, H pre (x) represents the preprocessing entropy value of data sample x, reflecting the complexity of its semantic composition; w i P(w) represents the i-th word or sub-segment appearing in sample x; n is the total number of words contained in the sample; i |x) represents the term w i The relative probability of a sample x can be calculated using word frequency normalization.

[0084] Under normal circumstances, when H pre When the value of (x) exceeds the preset threshold, the system will initiate a further semantic compression strategy to reduce the interference of redundant semantics on subsequent recognition.

[0085] It should be noted that the preprocessing entropy score is not equivalent to the structural entropy metric in the subsequent sensitivity analysis module. The two differ fundamentally in their calculation objects, distribution assumptions, and processing intentions. The former is used to measure the linguistic complexity of the original data, while the latter is used to model the connection density and potential privacy aggregation effects of the constructed semantic graph structure.

[0086] In some embodiments, the system also includes an adaptive cleaning parameter update mechanism. The system records the results of each cleaning operation and updates and optimizes the cleaning rule weights based on the feedback from subsequent identification modules. The update method can be based on simple frequency statistics or can incorporate a Bayesian incremental learning mechanism for probability adjustment.

[0087] Please refer to Figure 3. The sensitivity analysis module includes:

[0088] Graph structure building unit, used to abstract input data blocks into nodes and build graph structures based on semantic relevance;

[0089] The feature extraction unit is used to extract the semantic edge weights between nodes;

[0090] The sensitivity calculation unit is used to calculate the structural entropy score of a data block based on node weights and connectivity to determine its sensitivity potential.

[0091] Specifically, the sensitivity analysis module focuses more on the structural modeling of implicit privacy aggregation risks in data. Its technical solution does not rely on specific keywords or fixed templates, but judges potential sensitivity based on the structural coupling relationship between semantic fragments.

[0092] In this embodiment, the sensitivity analysis module mainly includes a semantic graph construction submodule, a graph connectivity modeling submodule, and a structural entropy score calculation submodule.

[0093] This module first performs semantic segmentation on the text data from the preprocessing module. The segmentation method can be based on sentence segmentation models in natural language processing, such as using punctuation segmentation, language sentence breaking rules, or a trained sentence boundary detection model. Each clause, phrase, and keyword entity can be used as a candidate unit for semantic nodes.

[0094] In one possible implementation, the system performs vectorized encoding on the segmented semantic fragments. The encoding method can use TF-IDF, word2vec, or a pre-trained lightweight language model, such as MiniLM. No specific model is limited here, as long as it can output relatively stable semantic embeddings.

[0095] Subsequently, the system establishes graph connection edges by calculating the semantic similarity between node pairs. Alternatively, similarity metrics can be cosine similarity, inverse Euclidean distance, or Mahalanobis distance. The similarity threshold can be dynamically adjusted by the system to control the density of edges in the graph.

[0096] Specifically, if two nodes v i v j The embedding vectors are e i With e j Then its semantic similarity sin(v) i ,v j It can be defined as:

[0097] Where the symbol · represents the vector dot product, and ||||·|||| represents the L2 norm of the vector.

[0098] Once the similarity between nodes exceeds a threshold, the system establishes a directed or undirected edge between the node pairs, constructing a complete semantic graph structure G = (V, E), where V is the set of semantic nodes and E is the set of edges.

[0099] After the graph structure is constructed, the system performs structural entropy analysis on the semantic graph. This metric is used to measure the "tightness" and "information aggregation tendency" of the entire data segment in a structural sense, thereby determining whether it poses a risk of privacy leakage.

[0100] The following formula for calculating structural entropy score is used in this invention:

[0101] Where G = (V, E) represents the semantic graph constructed from the current data fragment; |V| is the total number of nodes in the semantic graph; v ip(v) represents the i-th node in the graph; i ) is node v i The relative structural weights are defined as follows:

[0102] Among them, deg(v i ) represents node v i The degree value can be either taken as the ordinary degree (counting undirected edges) or defined as the semantic connection strength of the node (i.e., the sum of the weights of the edges).

[0103] As an alternative, the calculation of structural entropy can also incorporate improvement terms, such as weighted structural entropy and normalized structural entropy. For example:

[0104] The normalized structural entropy value The impact of graph structure size can be eliminated, making data segments of different sizes comparable.

[0105] Generally, when the structural entropy score exceeds the sensitivity threshold set by the system, the system marks the data segment as "structurally potentially sensitive" and sends the result to the sensitivity identification module for further judgment.

[0106] In some embodiments, the system also introduces a local subgraph clustering mechanism to extract locally highly coupled regions for entropy analysis. This mechanism can use methods based on spectral clustering or the Louvain algorithm to divide the graph into several subgraphs, calculate the structural entropy of each subgraph, and then perform a weighted average.

[0107] in, This represents the proportion of the number of nodes in the subgraph to the total number of nodes in the graph, and is used as a weighting factor.

[0108] This local structural entropy mechanism can more sensitively capture subtle but strongly correlated potential leakage paths in semantics, making it particularly suitable for processing non-standard format data such as social media text and user-descriptive content.

[0109] Furthermore, to enhance the collaborative capabilities between the module and subsequent modules, the structural entropy score serves not only as a reference for sensitivity but also as one of the auxiliary input features for subsequent classification models, and is fed into the sensitivity recognition module for fusion.

[0110] Please refer to Figure 4. The representation learning module includes:

[0111] Text feature encoding unit, used to extract data embedding representations in text modalities;

[0112] Image feature coding unit, used to extract representation vectors under image modalities;

[0113] The multimodal alignment unit is used to map different modal embeddings to a unified semantic space to achieve cross-modal semantic fusion.

[0114] Specifically, the representation learning module transforms input data into multimodal representations within a unified semantic space, providing an informational semantic foundation for subsequent sensitive identification models. Typically, the system extracts embedded representations from text, images, and structural data to achieve modality fusion and semantic alignment.

[0115] In this embodiment, the representation learning module mainly includes a modality recognition submodule, a feature encoding submodule, and a multimodal alignment submodule.

[0116] In one possible implementation, the system first calls the modality recognition submodule to automatically determine the modality type of the input data. Generally, text-type data includes user input, comments, log descriptions, etc.; image modalities include screenshots, ID card scans, graphic watermarks, etc.; structured data modalities may include JSON format, tabular input, or database extracted fields.

[0117] This recognition module can automatically make judgments based on file header information, encoding structure, or a pre-trained lightweight classification model. In some embodiments, the recognition process outputs multiple modality feature labels in parallel to support multimodal fusion.

[0118] The module then moves to the feature encoding submodule, which selects different models for embedding and generation based on the modality type.

[0119] Specifically, for text modalities, the system employs lightweight pre-trained language models, such as DistilBERT, MiniLM, or ALBERT, to perform encoding operations on the input data, generating a dimensionality of d. t Embedded vector The encoding method typically retains the CLS position vector as a sentence-level representation, or an average pooling strategy can be used.

[0120] For image modalities, the system employs lightweight vision models such as MobileNetV3 or VisionTransformer, outputting embedding vectors. In one possible implementation, the system performs uniform scaling and normalization on the image during the preprocessing stage to ensure that the model input dimension is consistent.

[0121] If the data contains structured form fields, the system uses a small MLP structure to project the field vectors onto a unified dimensional space, forming vectors.

[0122] To achieve a unified semantic representation, the system includes a multimodal alignment submodule. The goal of this module is to project each modality vector into a shared semantic space and to minimize semantic discrepancies between modalities.

[0123] In this embodiment, the modality alignment strategy employs a combination of gated attention and linear transformation. For any two modality embeddings e i ,e j Its alignment is calculated as follows:

[0124] Where Attn(.) represents an attention mechanism based on scaled dot product, used to capture semantic associations between modalities; This is the modality mapping matrix, used to adjust the embedding space; This is the aligned fusion vector.

[0125] The system can combine multiple modality alignment vectors in a weighted manner to form the final fused representation vector:

[0126] Wherein, weighting factor α i Dynamically assign values ​​based on modal confidence, data integrity, or parameters learned during model training.

[0127] Generally, the text modality has the highest weight, while the image and structural modalities are assigned different weights based on the input quality. However, in some embodiments, if the image modality contains data such as ID card scans or driver's license screenshots, the system will appropriately increase the weight of that modality to improve the completeness of the representation.

[0128] In one possible implementation, the system can also adjust the alignment results based on the cross-coordination error between modalities. If the embedding spaces between modalities are far apart, the system will feed back to the front-end embedding layer for remodeling or introduce a modal correction module.

[0129] To improve the stability and generalization ability of the representation, this module introduces an adversarial regularization term and a center loss term, and optimizes them as follows:

[0130] Where λ1 and λ2 are weighting factors; the first term is used to minimize the embedding distance between modal pairs; the second term is used to bring each modal embedding closer to the global center c, thereby enhancing overall consistency.

[0131] The fused vector e after processing by the representation learning module fused It is fed as a feature input into the sensitive identification module and participates in the calculation of the privacy classification model together with the structural entropy score.

[0132] It should be noted that the multimodal alignment of the representation learning module is not a one-way encoding, but a symmetrical fusion process that can fully preserve the privacy clues that may exist in each modality, making the system more sensitive to cross-modal differences.

[0133] Please refer to Figure 5. The sensitive identification module includes:

[0134] Semantic fusion unit, used to fuse structural entropy score and multimodal feature vector;

[0135] Classification unit, used for data sensitivity classification based on variational bottleneck mechanism;

[0136] The label output unit is used to output the sensitive label and its confidence level for each data block.

[0137] The classification unit is based on a variational bottleneck optimization objective:

[0138] Where β(x) is a moderating factor used to control the trade-off between information compression and retention of sensitive features; p(z) is the prior distribution of the latent variables; x is the model input; y is the model supervision target; and z is the latent variable.

[0139] Specifically, the sensitivity identification module does not rely on traditional keyword matching or regular expression rules. Instead, its core mechanism is a joint modeling strategy that can adapt to data inputs from different sources and in different forms, and output corresponding sensitivity level labels and their credibility scores.

[0140] In this embodiment, the sensitive identification module mainly includes a feature fusion submodule, a variational bottleneck identification submodule, and a classification output submodule.

[0141] In one possible implementation, the system first calls the feature fusion submodule to combine the structural entropy score with the multimodal semantic embedding.

[0142] Generally, the structural entropy score H(G) can be used as a global structural sensitivity indicator, and the semantic vector e fused This represents the embedding features of the data itself in the semantic space. The system generates a fused representation using either concatenated splicing or attention-weighted methods: z input =[e fused ||H(G)];

[0143] Here, [.||.] represents the feature concatenation operation, and the concatenated vector is input into the variational bottleneck structure for learning and optimization.

[0144] In some embodiments, to enhance the representation of structural information in high-dimensional space, the system performs dimensionality-up mapping on the structural entropy value, for example, by transforming it into a vector through a layer of MLP and then fusing it with semantic features.

[0145] Next, we move on to the variational bottleneck identification submodule. This submodule uses a variational inference mechanism to model latent variables of the input fusion features, with the goal of compressing information irrelevant to sensitivity judgment and retaining only necessary decision information.

[0146] The loss function for system construction is as follows:

[0147] in, denoted by , where represents the dynamic variational bottleneck loss; x represents the fused input features; q(z|x) is the posterior distribution estimated by the encoder network; p(z) is the prior distribution, typically a standard normal distribution; p(y|z) represents the conditional probability given by the classifier network, used to predict the label; D KL (.) represents the Kullback–Leibler divergence, used to measure the difference between the posterior and prior; β(x) is the input-related adjustment factor used to dynamically control the strength of the information bottleneck.

[0148] Alternatively, β(x) can be calculated based on both the structural entropy score and the input modal complexity. For example:

[0149] Where γ1 and γ2 are hyperparameters; is the normalized structure entropy value; modality score(x) represents the modal complexity score of the input data, which can be calculated based on the number of modes or modal confidence.

[0150] This design enables the system to automatically improve the model's expressive power when faced with complex modal inputs or data with strong structural coupling; and to actively compress the data to reduce generalization error when processing simple inputs.

[0151] The variational bottleneck encoder uses two sub-networks to output the mean vector μ(x) and the log-variance logσ, respectively. 2 (x), sampling latent variables through reparameter re-parameter techniques:

[0152] Reparameterization enables end-to-end training, avoiding gradient propagation interruption issues.

[0153] After latent variable sampling, the data enters the classification output submodule. The classifier is a shallow neural network structure that outputs the predicted probability distribution for each sensitivity level. The system supports three sensitivity levels: "high sensitivity", "medium sensitivity", "low sensitivity", or "insensitive".

[0154] In some embodiments, to improve interpretability, the system also outputs a confidence score for the label:

[0155] That is, the maximum value among all possible class prediction probabilities is used as the confidence index of the current sample.

[0156] Please refer to Figure 6. The risk assessment module includes:

[0157] The risk strategy modeling unit is used to model the identification model and response strategy as a multi-objective game problem.

[0158] The risk quantification unit is used to calculate the false recognition rate, false recognition rate, and strategy cost.

[0159] The joint optimization unit is used to generate the joint policy output with minimum cost.

[0160] The game optimization objective established by the risk strategy modeling unit is: L(m,s)=λ1·FP(m)+λ2·FN(m)+δ·C(s);

[0161] Where m is the identification model strategy, s is the response strategy, C(s) represents the response cost, and λ1, λ2, δ are adjustment coefficients.

[0162] Specifically, under normal circumstances, the risk assessment module does not make direct response decisions, but plays the role of an "evaluator," providing optimized strategy suggestions to the downstream strategy decision-making module and outputting corresponding risk quantification indicators.

[0163] In this embodiment, the risk assessment module mainly includes a cost assessment submodule, a game modeling submodule, and a joint optimization output submodule.

[0164] In one possible implementation, the system first calls the cost evaluation submodule to estimate the execution cost of different response strategies. Execution costs may include, but are not limited to: the loss of validity after data anonymization, the computational overhead of encryption, the latency caused by strategy execution, and the impact on user experience.

[0165] For example, for text data containing multiple named entities, general anonymization may lead to a decrease in semantic understanding. The system introduces a quantitative function to account for this cost: C(s) = α1·L utility (s)+α2·L latency (s)+α3·L compliance (s);

[0166] Where s represents the response policy; C(s) is the total cost function of the policy; L utility (s) represents the data availability loss; L latency (s) represents the response delay caused by the strategy; L compliance (s) represents the potential cost of non-compliance with safety regulations; α1, α2, and α3 are the weighting coefficients for each loss item, which can be pre-set according to industry standards or organizational strategies.

[0167] Subsequently, the system moves into the game modeling submodule. This module attempts to model the identification model and response strategy as two cooperative game participants and introduces a loss function to jointly optimize the identification effect and execution cost. The objective function of the system is as follows: L(m,s)=λ1·FP(m)+λ2·FN(m)+δ·C(s);

[0168] Where L(m,s) is the joint optimization objective function; m is the current sensitive identification model configuration; s is the candidate response policy; FP(m) represents the false positive rate under model m; FN(m) represents the false negative rate under model m; C(s) is the policy cost function, defined as described above; λ1, λ2, δ are weight parameters used to control the balance between false positives, false negatives and costs.

[0169] In some embodiments, the system treats the false positive rate and false negative rate as a function of the deviation between the model output confidence level and the ground truth, and performs statistical analysis based on a sliding window. The response cost is calculated in real time to adapt to dynamic business conditions.

[0170] Alternatively, the system can incorporate a weighted gradient descent mechanism to update parameters and policy scoring functions online, thereby enabling the search for the minimum loss solution in the game. Optimization methods can be based on expectation minimization or reinforcement learning.

[0171] For example, when data distribution deviates over a long period or strategy costs fluctuate significantly, the system can adjust the λ1:λ2 ratio to improve recognition robustness. This mechanism is particularly suitable for scenarios in cloud data services where tasks change frequently or compliance standards iterate frequently.

[0172] After completing the joint modeling, the system enters the joint optimization output submodule. This module selects the optimal response suggestion from the candidate policy pool based on the result of minimizing the objective function. The output includes:

[0173] Recommended strategy types (such as de-identification + notification, encryption + auditing, delayed processing, etc.);

[0174] Estimated risk level;

[0175] Expected cost metric;

[0176] Strategy substitutability score (i.e., whether there is a better strategy path), etc.

[0177] In one implementation, the system packages the optimization result in JSON format and pushes it to the strategy decision module via an interface, along with the original model score and structure diagram analysis information, for reference when planning the execution path.

[0178] Please refer to Figure 7. The strategy decision-making module includes:

[0179] The response map generation unit is used to construct response maps based on different sensitivity levels.

[0180] Path planning unit, used to search for the path with minimum total cost in the graph;

[0181] The response control unit is used to perform de-identification, encryption, and access control operations according to the selected path.

[0182] Specifically, the main task of the strategy decision-making module is to construct a response strategy graph based on the risk assessment results, and search for the optimal path on the graph structure to form a complete and executable response operation chain. Generally, the execution logic of this module needs to balance security, operability, and minimizing system costs.

[0183] In this embodiment, the strategy decision-making module includes a strategy graph construction submodule, a path planning submodule, and a response chain generation submodule.

[0184] The system first calls the strategy graph construction submodule, which constructs a directed graph structure, denoted as G, based on the strategy combination suggestions and candidate operation list output by the risk assessment module. s =(V s E s );

[0185] Among them, V s For a set of response nodes, each node represents an executable policy operation; E s Let be the connection path between operations, and let edge weight represent the execution cost of switching from the current operation to the next operation;

[0186] The types of nodes in the diagram may include, but are not limited to: field masking (such as mark masking, blurring), data encryption, access restriction, user notification, operation interception, delay processing, and anomaly labeling.

[0187] For example, a data segment with a sensitivity of "medium sensitivity" might have the following node paths in its response strategy graph:

[0188] Starting point: "Covering up part of the entity fields";

[0189] Intermediate node: "Restrict field transmission";

[0190] Optional path: "Notify user + encrypted archive";

[0191] End point: "Write to audit log".

[0192] In one possible implementation, the edge weight w of the graph structure ij This indicates the transition from node v to v. j The required cost can be given by the following formula: w ij=φ(v i ,v j )+ψ(v j );

[0193] Wherein, φ(v i ,v j ) represents the switching cost required for the transfer operation; ψ(v) j The execution cost is the cost of the node itself.

[0194] The cost value can be dynamically assigned by historical cost statistics of the strategy, model estimation, or preset business rules.

[0195] After the graph structure is constructed, the system enters the path planning submodule. This submodule uses a graph search algorithm to find the path with the minimum total cost from the starting point to the target policy state (such as "policy compliance completed") in the policy graph.

[0196] In some embodiments, path planning is not limited to generating a single path. The system supports searching for K alternative paths and setting multiple objective trade-offs based on different strategy preferences (such as "lowest cost", "highest safety", "fastest response").

[0197] Once the optimal path is determined, the system enters the response chain generation submodule. This submodule parses the operation nodes involved in the path sequentially and transforms them into a sequence of actual executable operations.

[0198] For example, if the path is:

[0199] [Anonymize and Label] → [Behavioral Reporting] → [Encrypt and Store in Database] → [Log Recording]

[0200] The system will then generate the following response chain:

[0201] Operation 1: Perform character replacement on fields A and B;

[0202] Operation 2: Send a policy notification message to the data source;

[0203] Operation 3: Perform AES symmetric encryption on the stored fields;

[0204] Operation 4: Record the response chain process and timestamp to the audit system.

[0205] In one possible implementation, the response chain is encapsulated in a uniform structure as a "policy enforcement package," which contains:

[0206] List of response types;

[0207] Operation sequence;

[0208] Execution parameters for each step of the strategy;

[0209] Corresponding input / output data mapping;

[0210] System task identifier and link ID.

[0211] The system supports "delayed submission" and "soft confirmation mechanism" for policy packages. That is, when it is uncertain whether the response execution conditions are met, the policy package is suspended and subsequent feedback is listened for, such as confidence updates from the identification module and feedback from the audit module.

[0212] In some embodiments, the system also supports a policy rollback mechanism. If a misjudgment or interference is found in the current policy chain in a subsequent step, the system can perform a reverse undo operation according to a preset recovery path and record the response failure flag.

[0213] Please refer to Figure 8. The audit feedback module includes:

[0214] The log recording unit is used to record the behavioral trajectory of the identification and response process;

[0215] The user feedback collection unit is used to collect user operation feedback information;

[0216] The model update unit is used to dynamically adjust the sensitive identification module based on feedback data.

[0217] Specifically, the setup not only meets the needs of business auditing and security compliance, but also provides a data foundation for the system's subsequent learning and strategy evolution, and is an important component for the system to achieve self-adaptation and closed-loop enhancement.

[0218] In this embodiment, the audit feedback module mainly includes a response log recording submodule, a user feedback collection submodule, and a model feedback update submodule.

[0219] In one possible implementation, the system first initiates a response logging submodule. This submodule records each response operation in a structured manner during the policy execution process, building a timeline for tracking.

[0220] Generally, log content includes:

[0221] Response strategy chain path (node ​​sequence);

[0222] The operation type and parameters for each node;

[0223] Execution timestamp and status code;

[0224] The data fields involved and the target data ID;

[0225] Response confidence threshold, identification model version number, etc.

[0226] The record format can be a standard JSON object or a business-customized structure, and they are uniformly stored in the policy audit database with access control settings.

[0227] In some embodiments, the system also records auxiliary information such as system load, interface response latency, and exception stacks for subsequent response bottleneck analysis and system evaluation.

[0228] The next step is the user feedback collection submodule. This submodule is for data producers, receivers, or security administrators, collecting information such as their evaluation of the policy implementation effect, false positives, and operational preferences.

[0229] Feedback methods can include:

[0230] Front-end page interaction feedback (such as "Was this processing accurate?");

[0231] Management backend labeling;

[0232] Indirect behavioral feedback, such as user rollback or ignoring response suggestions.

[0233] The system maps all feedback to standard feedback labels, which commonly include:

[0234] Misjudgment: Marked as sensitive but actually posing no risk;

[0235] Missed detection: Sensitive items were not identified;

[0236] Over-processing: Response strategies impact business processes;

[0237] Satisfactory handling: The result is reasonable, and it is recommended to retain the strategy chain structure.

[0238] In one possible implementation, the system assigns a confidence score κ∈[0,1] to each feedback tag to represent the credibility of the feedback. This confidence score can be determined by user level, feedback consistency, or administrator confirmation.

[0239] After entering the model feedback update submodule, the system uses the collected feedback information to adjust the recognition model parameters and policy cost function. This process updates the parameters based on the Bayesian incremental learning rule: P(θ|D new )∝P(D new |θ)·P(θ|D old );

[0240] Where θ represents the model parameters; D old This is the original training data; D new Added feedback data; P(θ|D old P(D) represents the prior parameter distribution; new |θ) is the likelihood function of the feedback data.

[0241] Through the above mechanism, the system can fine-tune parameters such as decision boundaries, policy weights, and response preferences without retraining the model, thereby achieving dynamic convergence of the model.

[0242] In some embodiments, the system also supports a periodic batch processing mode, i.e., after a certain amount of feedback is collected daily / weekly, a retraining process is triggered. Retraining can be limited to the sensitivity identification module or the policy optimization module, or it can be executed based on user selection.

[0243] In addition, the audit feedback module also has the capability to monitor strategy evolution. The system determines the trend of strategy deviation by comparing the degree of deviation between historical response paths and the current suggested path. If it is found that the response path is gradually deviating from the existing optimal strategy (such as the execution chain becoming longer), the system will prompt the administrator to intervene and check to prevent problems such as overfitting and response delays.

[0244] Although embodiments of the invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made to these embodiments without departing from the principles and spirit of the invention, the scope of which is defined by the appended claims and their equivalents.

Claims

1. A network security data privacy protection management system, characterized in that, include: The data access and preprocessing module is used to receive data input from multiple data sources, perform standardized preprocessing on the data, and generate data blocks to be analyzed. The sensitivity analysis module, connected to the data access and preprocessing module, is used to construct a semantic graph structure for the data block to be analyzed, and to calculate the structural entropy score of each data block based on the semantic similarity between nodes. The representation learning module, connected to the data access and preprocessing module, is used to extract the multimodal semantic feature vectors of the data block and achieve semantic alignment of the multimodal features; The sensitivity identification module is connected to the sensitivity analysis module and the representation learning module respectively. It is used to fuse the structural entropy score and semantic feature vector, classify the data block according to the sensitivity level based on the variational bottleneck mechanism, and output the corresponding sensitivity label and confidence value. The risk assessment module, connected to the sensitive identification module, is used to establish a game model between the model identification strategy and the response strategy based on the identification results and a preset risk cost function, and output a jointly optimized response strategy suggestion. The strategy decision module, connected to the risk assessment module, is used to construct a response strategy graph and search for the minimum cost path on the graph based on the response strategy recommendations, and output a response execution chain including de-identification, encryption and blocking operations. The audit feedback module is connected to both the strategy decision module and the sensitivity identification module. It is used to record response execution logs, collect user feedback information, and update the model parameters of the sensitivity identification module based on Bayesian rules.

2. The network security data privacy protection management system of claim 1, wherein, The data access and preprocessing module includes: A data acquisition unit is used to receive input from multiple structured or unstructured data sources; The data cleaning unit is used to remove noise and complete missing data; Format standardization units are used to convert data from different sources into a unified format for subsequent processing.

3. The network security data privacy protection management system of claim 1, wherein, The sensitivity analysis module includes: Graph structure building unit, used to abstract input data blocks into nodes and build graph structures based on semantic relevance; The feature extraction unit is used to extract the semantic edge weights between nodes; The sensitivity calculation unit is used to calculate the structural entropy score of a data block based on node weights and connectivity to determine its sensitivity potential.

4. The network security data privacy protection management system of claim 1, wherein, The representation learning module includes: Text feature encoding unit, used to extract data embedding representations in text modalities; Image feature coding unit, used to extract representation vectors under image modalities; The multimodal alignment unit is used to map different modal embeddings to a unified semantic space to achieve cross-modal semantic fusion.

5. The network security data privacy protection management system of claim 1, wherein, The sensitive identification module includes: Semantic fusion unit, used to fuse structural entropy score and multimodal feature vector; Classification unit, used for data sensitivity classification based on variational bottleneck mechanism; The label output unit is used to output the sensitive label and its confidence level for each data block.

6. The network security data privacy protection management system of claim 5, wherein, The classification unit is based on a variational bottleneck optimization objective: Where β(x) is a moderating factor used to control the trade-off between information compression and retention of sensitive features; p(z) is the prior distribution of the latent variables; x is the model input; y is the model supervision target; and z is the latent variable.

7. The network security data privacy protection management system of claim 1, wherein, The risk assessment module includes: The risk strategy modeling unit is used to model the identification model and response strategy as a multi-objective game problem. The risk quantification unit is used to calculate the false recognition rate, false recognition rate, and strategy cost. The joint optimization unit is used to generate the joint policy output with minimum cost.

8. The network security data privacy protection management system of claim 7, wherein, The game optimization objective established by the risk strategy modeling unit is: L(m,s)=λ1·FP(m)+λ2·FN(m)+δ·C(s); Where m is the identification model strategy; s is the response strategy; C(s) represents the response cost; and λ1, λ2, δ are adjustment coefficients.

9. The network security data privacy protection management system of claim 1, wherein, The strategy decision-making module includes: The response map generation unit is used to construct response maps based on different sensitivity levels. Path planning unit, used to search for the path with minimum total cost in the graph; The response control unit is used to perform de-identification, encryption, and access control operations according to the selected path.

10. The network security data privacy protection management system of claim 1, wherein, The audit feedback module includes: The log recording unit is used to record the behavioral trajectory of the identification and response process; The user feedback collection unit is used to collect user operation feedback information; The model update unit is used to dynamically adjust the sensitive identification module based on feedback data.