Dynamic privacy protection closed-loop control method and system for mobile edge fog computing perception
By introducing multi-dimensional risk assessment and reinforcement learning decision-making mechanisms into the mobile edge crowd sensing system, and dynamically adjusting privacy protection strategies, the problem of balancing privacy security and data quality in mobile edge crowd sensing is solved, and the system's adaptability and energy efficiency are improved.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- SCHOOL OF SOFTWARE ZHEJIANG UNIV (NINGBO) MANAGEMENT CENT (NINGBO SOFTWARE EDUCATION CENT)
- Filing Date
- 2025-06-29
- Publication Date
- 2026-07-14
AI Technical Summary
Existing technologies in mobile edge crowdsensing cannot dynamically adjust the strength of privacy protection based on communication channel risks and data content sensitivity, making it difficult to balance privacy security and data quality, and also highlighting the problem of device energy consumption.
By introducing a multi-dimensional risk assessment and reinforcement learning decision-making mechanism, and through a closed-loop control process of risk perception, strategy decision-making, privacy protection implementation, effect verification and feedback optimization, the differential privacy protection budget is dynamically adjusted, and privacy protection measures are optimized in combination with the energy consumption of terminal devices.
It achieves precise and efficient privacy protection in complex and ever-changing environments, taking into account both data availability and energy efficiency, and adapting to the privacy protection needs of different scenarios.
Smart Images

Figure CN120910895B_ABST
Abstract
Description
Technical Field
[0001] This invention belongs to the field of mobile edge computing and data privacy protection technology, and specifically relates to a dynamic privacy protection closed-loop control method and system for mobile edge crowd intelligence perception. Background Technology
[0002] Crowdsensing refers to the collaborative collection and sharing of environmental data using smart devices carried by a large number of users. It has important applications in smart cities, environmental monitoring, and traffic management. However, in the process of crowdsensing, a large amount of sensitive data from dispersed users needs to be uploaded to edge computing nodes or the cloud via wireless networks for aggregation and analysis, which brings serious privacy risks. On the one hand, the data may be subject to security threats such as eavesdropping and tampering during transmission; on the other hand, the personal information contained in the data (such as location tracking and physiological indicators) will infringe on user privacy if misused.
[0003] To address the aforementioned privacy issues, existing technologies have proposed several protective measures. For example, encryption during communication can prevent eavesdropping to some extent, but if the edge server or data aggregator is not entirely trusted by the user, relying solely on transmission encryption is insufficient to protect the privacy of the data content. Another example is differential privacy, a rigorous mathematical definition of privacy, used to add random noise before data publication to mask the influence of individuals. However, traditional differential privacy schemes typically employ a fixed privacy budget parameter ε, adding noise indiscriminately across all scenarios. This static strategy struggles to balance privacy and data quality in practical applications: a fixed ε may lead to insufficient privacy protection when environmental risks are high; conversely, using excessive noise in low-risk environments can cause data distortion, reducing the effectiveness of crowdsourced sensing tasks.
[0004] Furthermore, the mobile edge environment is dynamic and ever-changing: wireless channel conditions change with time and location, and the level of attack threats is not fixed; simultaneously, the sensitivity of data collected varies across different times and scenarios. For example, in some scenarios, users upload low-sensitivity data such as ambient temperature, while in others, it may involve highly sensitive information such as identity and location. Without a context-adaptive privacy control mechanism, it is impossible to adjust the level of privacy protection as needed. At the same time, mobile terminal devices have limited computing power and battery capacity, and the energy consumption of privacy protection measures (such as incorporating complex noise calculations or multi-round communication) also needs to be considered. Existing solutions often neglect the balance between device energy consumption and privacy protection, leading to efficiency and battery life issues in practical deployments.
[0005] Therefore, there is an urgent need for a solution that can adjust the strength of privacy protection in real time based on multiple factors such as communication channel risk and data content sensitivity. In particular, if a closed-loop control system can be built to continuously sense environmental risks, dynamically decide on privacy parameters, execute protection measures, and provide feedback for optimization, then the system can achieve more accurate and efficient privacy protection in complex and ever-changing mobile edge crowd-sensing environments. Summary of the Invention
[0006] In view of the shortcomings of the prior art, the purpose of this invention is to provide a dynamic privacy protection closed-loop control method and system for mobile edge crowd sensing. By introducing multi-dimensional risk assessment and reinforcement learning decision-making mechanisms, the privacy protection strategy can be adaptively adjusted to improve user data privacy security while taking into account data availability and energy efficiency.
[0007] This invention provides a dynamic privacy-preserving closed-loop control method for mobile edge crowd sensing, comprising the following steps:
[0008] Risk perception: Acquire communication channel information and data content information of the mobile edge crowd sensing system, and calculate a multi-dimensional comprehensive privacy risk score;
[0009] Strategy decision: The value of the differential privacy protection budget is dynamically determined based on the comprehensive privacy risk score using a reinforcement learning algorithm;
[0010] Privacy protection implementation: Noise perturbation is added to the crowd perception data according to the differential privacy protection budget to achieve ε-differential privacy protection;
[0011] Effectiveness verification: Evaluate the privacy leakage risk and data quality indicators of the data after privacy protection processing, and obtain the evaluation results;
[0012] Feedback optimization: Update the privacy protection strategy parameters based on the evaluation results, and apply the updated strategy to the risk perception step in the next cycle, thereby forming a closed-loop control process.
[0013] This invention also provides a dynamic privacy protection closed-loop control system for mobile edge crowd sensing, comprising: a risk perception module, a strategy decision-making module, a privacy protection execution module, an effect verification module, and a feedback optimization module; wherein,
[0014] The risk perception module is used to acquire communication channel information and data content information of the mobile edge crowd sensing system and calculate a multi-dimensional comprehensive privacy risk score.
[0015] The strategy decision module is used to dynamically determine the value of the differential privacy protection budget based on the comprehensive privacy risk score using a reinforcement learning algorithm.
[0016] The privacy protection execution module is used to add noise perturbation to the crowd perception data according to the differential privacy protection budget in order to achieve ε-differential privacy protection;
[0017] The effectiveness verification module is used to evaluate the privacy leakage risk and data quality indicators of the data after privacy protection processing, and obtain the evaluation results.
[0018] The feedback optimization module is used to update the privacy protection strategy parameters based on the evaluation results, and apply the updated strategy to the risk perception step in the next cycle, thereby forming a closed-loop control process.
[0019] The present invention also provides a computer-readable storage medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the aforementioned dynamic privacy protection closed-loop control method for mobile edge crowd sensing.
[0020] The present invention also provides an electronic device, including a memory, a processor, and a computer program stored in the memory, wherein when the computer program is executed by the processor, the aforementioned dynamic privacy protection closed-loop control method for mobile edge crowd sensing is implemented.
[0021] Through the above technical solutions, this invention introduces a closed-loop control system for protecting the privacy of mobile edge-based intelligent sensing data, which has the following beneficial effects:
[0022] First, by comprehensively considering both communication channel security and data semantic sensitivity, a precise quantitative assessment of privacy risks is achieved, avoiding biases caused by evaluation based on a single factor.
[0023] Secondly, the dynamic decision-making mechanism based on reinforcement learning can automatically adjust the differential privacy budget parameters according to the real-time environment, thereby maximizing the effective utilization of data while ensuring user privacy and security, and significantly enhancing the adaptive capability of the strategy.
[0024] Furthermore, an energy consumption sensing strategy is introduced to optimize privacy protection measures based on the resource status of terminal devices, thereby improving the applicability and energy efficiency of the solution on mobile devices.
[0025] Finally, by continuously optimizing the privacy control strategy through closed-loop feedback, the system can adapt to complex and ever-changing real-world scenarios, and continuously improve the reliability of privacy protection and the quality of data services. Attached Figure Description
[0026] The accompanying drawings, which form part of this invention, are used to further illustrate embodiments of the invention and, in conjunction with the description, to help understand the principles of the invention. They are not intended to limit the scope of protection of the invention. In the drawings, the same reference numerals refer to the same or similar components.
[0027] In the attached diagram:
[0028] Figure 1 This is a schematic diagram of the closed-loop control system architecture for mobile edge crowd sensing dynamic privacy protection according to an embodiment of the present invention;
[0029] Figure 2 This is a schematic diagram of the dynamic privacy protection closed-loop control process according to an embodiment of the present invention;
[0030] Figure 3 This is a schematic diagram of the internal structure of the risk perception module according to an embodiment of the present invention;
[0031] Figure 4 This is a schematic diagram of the internal structure of the privacy protection execution module in an embodiment of the present invention. Detailed Implementation
[0032] The present invention will be further described in detail below with reference to the accompanying drawings and specific embodiments. The following embodiments are used to explain the technical solutions of the present invention, facilitating understanding and implementation by those skilled in the art, but do not limit the scope of the present invention. Where there is no conflict, the technical features in the embodiments of the present invention can be combined with each other to form new implementation schemes, and these new implementation schemes should also be considered within the scope of protection of the present invention.
[0033] Example 1: This example provides an implementation method for a dynamic privacy-preserving closed-loop control system for mobile edge crowd sensing. (Reference) Figure 1 The system is deployed in a mobile edge computing environment, comprising multiple user terminal devices and edge computing servers. User terminal devices, such as smartphones and wearable sensors, collect crowdsensing data and perform local privacy perturbation processing. Edge computing servers, deployed close to the data source (e.g., near cellular base stations or access points), possess strong computing and storage capabilities and aggregate the sensing data from various terminals, running privacy control algorithms. Terminal devices communicate with the edge computing servers via wireless networks (cellular networks, Wi-Fi, etc.). This end-edge collaborative architecture enables privacy protection control throughout the entire process of crowdsensing data collection, transmission, and aggregation.
[0034] Figure 2 The flowchart of the closed-loop privacy protection method in this embodiment is shown. The entire process includes five main stages executed sequentially: risk perception, strategy decision-making, privacy protection execution, effect verification, and feedback optimization, forming a closed loop in the direction of the arrows.
[0035] The first step is the risk awareness phase: both the terminal device and the edge server collect relevant information to assess the current level of privacy risk. The terminal device can monitor the type and sensitivity of the data content (or assess semantic risk based on the user's preset privacy preferences). semanticThe edge server can monitor the network's security status (e.g., whether the communication channel is encrypted, the strength of the authentication mechanism, and whether potential attacks have been detected) to assess channel risk. channel .
[0036] In the risk perception phase, a multi-dimensional risk scoring mechanism is introduced to comprehensively assess privacy risks. Specifically, this mechanism considers two dimensions simultaneously: communication channel risk and data semantic risk. Channel risk reflects the probability of data being eavesdropped on or attacked during transmission, depending on network security characteristics (such as whether transmission is encrypted, the trustworthiness of network nodes, and signal interference). Semantic risk reflects the sensitivity of the data content itself, depending on the amount of personal privacy or sensitive information contained in the collectively perceived data. By quantitatively assessing these two types of risks, a comprehensive privacy risk score can be obtained as the basis for privacy control. For example, a weighted summation model can be used to calculate the comprehensive risk score: R risk =w1·R channel +w2·R semantic , where R channel For channel risk scoring, R semantic This is a semantic risk score, where w1 and w2 are weighting coefficients (which can be pre-set according to the application scenario or learned through training). The higher the overall risk score, the greater the potential privacy risk that the current data faces in the current environment.
[0037] like Figure 3 As shown, the risk perception module may include a channel risk assessment submodule and a semantic risk assessment submodule, which respectively calculate R. channel and R semantic The results are then sent to the risk scoring unit to calculate a comprehensive privacy risk score R. risk .
[0038] In this embodiment, the comprehensive risk score R risk This is calculated according to the aforementioned weighted model. For example, the weights for channel risk and semantic risk can each be set to 0.5. If the data content detected by the terminal at a certain moment is relatively sensitive (semantic risk R...), then... semantic =0.6), and the network is in an unencrypted open Wi-Fi environment (channel risk R). channel =0.8), then the comprehensive risk score R risk =0.5·0.8+0.5·0.6=0.7 (i.e., a risk level of 70%).
[0039] Correspondingly, if R in another scenario channel and R semantic Both are low, for example, secure cellular networks and data without sensitive information (R channel =0.1,R semantic =0.2), then Rrisk =0.5·0.1 + 0.5·0.2 = 0.15, indicating a very low risk. Overall risk score R risk This will serve as an important input for subsequent privacy decisions.
[0040] In the strategy decision-making phase, the system inputs the current comprehensive risk state into the reinforcement learning agent to determine the privacy protection strategy parameters, namely the value of the differential privacy budget ε. More specifically, a Q-learning algorithm can be used to construct an intelligent privacy policy decision-maker. This reinforcement learning model links the environmental state with privacy actions: mapping the aforementioned comprehensive risk score and related contextual information to the current system state, mapping the selectable differential privacy budget ε value to actions, and designing a reward function that comprehensively considers the degree of privacy protection, data validity, and energy consumption. When the system is running, the reinforcement learning agent selects a privacy protection action based on the current state (i.e., determines the value of ε), and updates its strategy based on the feedback after the privacy protection is implemented. Through multiple rounds of iterative training, the reinforcement learning model can continuously optimize the privacy budget selection strategy, making it close to optimal under different risk scenarios. Using the above reinforcement learning decision-making mechanism, this embodiment realizes the real-time adjustment of privacy parameters according to the environment: automatically tightening the privacy budget (reducing the ε value to strengthen protection) in high-risk scenarios, and appropriately relaxing the privacy budget (increasing the ε value to reduce interference) in low-risk scenarios, thereby dynamically balancing the strength of privacy protection and the quality of data services.
[0041] First, we need to define the state, action, and reward function for reinforcement learning: the comprehensive risk score R can be used as an example. risk Discretized according to several thresholds, the risk is mapped to a finite number of risk states s (e.g., risk levels are divided into "low", "medium", and "high"). The privacy budget ε is limited to an interval (e.g., [0.1, 2.0]) and discretized into a finite number of candidate values, which serve as actions a that the agent can take (each action corresponds to selecting a privacy budget value). Taking different actions in different states will produce different results for the system, therefore, a reward function r(s,a) needs to be designed to evaluate the quality of the actions.
[0042] In this embodiment, the reward function comprehensively considers factors such as data availability, privacy protection, and energy consumption. When the terminal adds noise to the data, the edge server can obtain the accuracy index of the data analysis results and the estimated value of privacy leakage risk, while also monitoring the device energy consumed in performing the action. Using this information, an algorithmic reward is designed for the action taken. For example, if, after taking an action, the perturbed data still meets the accuracy requirements and the probability of privacy leakage is within a safe range, then a high positive reward is given for that action; conversely, if the action leads to a significant decrease in data accuracy (affecting task completion) or an increase in the risk of privacy leakage, then a penalty (negative reward) is given. Numerically, a reward function of the form α·L-β·U-γ·E can be constructed, where U represents data availability (such as task accuracy score), L represents the privacy gain quantification value (the strength of privacy protection, positively correlated with ε), E represents energy consumption (such as the electricity consumed in this round of computation and communication), and α, β, and γ are weight coefficients balancing various factors. The reinforcement learning agent uses the above reward function as the optimization objective and updates its strategy by repeatedly interacting with the environment.
[0043] Specifically, at the t-th decision, the agent observes the current risk state s. t Based on the current decision-making strategy (e.g., greedy or ∈-greedy strategy, where ∈-greedy is the algorithm's exploration coefficient, not a differential privacy parameter), a privacy budget action 'a' is selected. t (That is, determining the ε value to be used in this round), then the system performs privacy protection and receives an immediate reward r. t And the new state s in the next moment t+1 Then, Q-learning is used to update the formula to adjust the strategy: Q(s t ,a t )←Q(s t ,a t )+η[r t +γ·max a Q(s t+1 ,a)-Q(s t ,a t )]; where η is the learning rate, γ is the discount factor, and Q(s t ,a t Let ε represent the state-action value function (Q-value). Through the above updates, the reinforcement learning agent gradually corrects the evaluation of the merits of actions in each state. After a large number of iterations of training, the Q-value function converges, and the policy decision module converges to obtain an approximately optimal policy: that is, under any given risk state, it can choose an appropriate ε value to achieve the optimal trade-off between privacy protection and data quality. In actual operation, the policy decision module can find the corresponding optimal action from the trained policy in real time based on the observed risk score, and output the privacy budget ε for the next step. Figure 2 As shown, when the risk level is high, a smaller ε (strong protection, more noise) is often chosen, while when the risk level is low, a larger ε (weak protection, less noise) is chosen. This is consistent with human experience and expectation, but achieves more refined quantitative decision-making through self-learning.
[0044] Privacy Protection Execution Phase: The terminal device performs differential privacy perturbation processing on the original collective intelligence sensing data based on the privacy budget ε determined in the policy decision-making phase, generating publishable data. Specifically, the intensity of added noise is adjusted according to the risk score and energy consumption model to meet the determined privacy budget ε. The differential privacy mechanism preferably adopts the Laplace mechanism, adding random noise to each piece of collective intelligence sensing data to meet the ε-differential privacy requirements. The noise distribution parameters are dynamically set according to risk and data characteristics: a higher risk score requires a stronger perturbation (corresponding to a relatively smaller ε value and a larger noise amplitude), while a lower risk requires less noise to preserve data accuracy. Simultaneously, combined with the terminal device's energy consumption model, when the device's energy is limited, overly complex perturbation calculations can be appropriately reduced or the amount of noise lowered to save energy. The perturbation process can be represented, for example, as follows: For the original data x, based on the ε value obtained from the current decision, a Laplace noise n with a scale parameter Δf / ∈ (where Δf is the sensitivity of the considered function) is selected, and the publishable data x′=x+n is calculated. Through the aforementioned adaptive differential privacy execution mechanism, this embodiment can dynamically adjust the noise intensity for different risk and resource conditions, which can fully obfuscate sensitive information when the risk is high, while ensuring the availability of data when the risk is low, and avoiding excessive consumption of terminal resources.
[0045] See Figure 4 The privacy protection execution module includes a noise generation unit and a data perturbation unit. The noise generation unit receives the privacy budget ε and a pre-set sensitivity Δf (depending on the specific data aggregation or query function; for simple raw data publishing, Δf can be understood as the maximum difference between two adjacent different inputs of the data), and calculates the distribution parameters of the required noise accordingly. Preferably, a Laplace mechanism is used to add noise, i.e., generating Laplace random noise n with zero mean and a scale of Δf / ∈. Subsequently, the data perturbation unit adds the generated noise n to the original data x, obtaining the published output x′=x+n. By adjusting the size of ε, the scale of the noise can be directly controlled: the smaller ε is, the larger Δf / ∈ is, the larger the noise amplitude, the stronger the privacy protection but the more severe the data distortion; the larger ε is, the smaller the noise amplitude is, the higher the data fidelity but the increased risk of privacy leakage.
[0046] The following example illustrates the process at this stage: Assume the original perceived data of a terminal is x = 50 (e.g., an ambient temperature measurement, unit arbitrary), and the query sensitivity Δf = 1. If the current comprehensive risk score is high, the strategy decision module returns ε = 0.5, and the noise generation unit will generate Laplace noise with a scale of 1 / 0.5 = 2. For example, if n = -3 is randomly obtained, the perturbed data x′ = 50 + (-3) = 47. It can be seen that in high-risk scenarios, a small ε causes a certain deviation between the output data and the original value, thus masking the true information to achieve the protection purpose. Conversely, in low-risk scenarios, the strategy may choose a larger privacy budget, such as ε = 1.5, in which case the noise scale is reduced to approximately 0.667. Assuming the randomly generated noise n = 0.5, the published data x′ = 50.5, differing from the original value by only 1%. In this way, data accuracy is basically guaranteed in low-risk situations.
[0047] In the above process, considering the energy consumption of terminal devices, this embodiment also makes the perturbation calculation relatively lightweight in its design: the generation of Laplace noise only involves basic random number operations, with low computational complexity; at the same time, only incremental data is protected in each round. When necessary, the system can also adjust its strategy decisions based on the energy consumption model. For example, when it detects that a terminal's battery power is too low and the risk level is moderate, ε can be appropriately increased without significantly reducing privacy and security, in order to reduce excessive noise injection intensity and the retransmission overhead that may be caused by it, thereby saving device energy consumption.
[0048] It is worth mentioning that this embodiment moves the differential privacy perturbation process as far forward as possible to the data source, that is, completes it locally on the terminal. This means that sensitive data has already undergone noise obfuscation before leaving the device, and even if the subsequent transmission channel is attacked or the edge server is untrusted, it is difficult for attackers to accurately recover the original information, fundamentally protecting user privacy (this belongs to the "local differential privacy" concept in the architecture of this embodiment).
[0049] In the effect verification and feedback optimization steps, a closed-loop evaluation mechanism for privacy protection effectiveness is established, using the results of privacy protection to continuously optimize the strategy. Specifically, after each round of data perturbation release, the system performs privacy leakage detection and data performance evaluation on the released results. Privacy leakage detection can statistically infer the probability or error of original sensitive information from the perturbation data, while data performance evaluation can calculate the accuracy of the data (e.g., the error range of aggregate statistics) according to task requirements. Based on the evaluation results, they are compared with preset privacy and accuracy targets to determine whether the current privacy strategy is reasonable.
[0050] If the risk of privacy leakage exceeds the tolerance range or the data accuracy is below the requirement, the strategy parameters for the next cycle are adjusted through the feedback optimization module, such as increasing the risk assessment value or strengthening the protection strength. Conversely, if the data accuracy is sufficient and the privacy risk is far below the threshold, the protection strength can be appropriately reduced to improve data utility. This feedback information is used to update the internal parameters of the risk model or reinforcement learning decision-maker in real time (e.g., adjusting the reward value of Q-learning or the Q-table), thereby affecting the decisions in subsequent cycles. Through continuous closed-loop feedback, the privacy protection strategy of this embodiment will be gradually optimized, adaptively adapting to environmental changes, and significantly improving the privacy protection capability and data service quality in complex and dynamic scenarios.
[0051] Further, in the effectiveness verification phase: After receiving perturbed data from multiple terminal devices, the edge computing server evaluates the privacy effectiveness and data quality of the aggregated results or analysis process. Specific verification methods depend on the application scenario of the crowdsourcing sensing system. For example, if the crowdsourcing sensing task involves statistically averaging environmental indicators within a certain area, the edge server, after collecting all perturbed data, can calculate and compare the published results (noisy average) with historical normal levels or reliable small samples to assess whether the error is within acceptable limits. Alternatively, the edge server can maintain a privacy risk estimation model to infer the probability of sensitive information leakage based on the degree of data perturbation. When the accuracy of the aggregated results does not meet application requirements (e.g., the error exceeds a predetermined threshold) or the inferred risk of privacy leakage exceeds a set upper limit, it indicates that the current privacy protection strategy may need adjustment. Conversely, if the results are of good quality and there are no obvious signs of privacy risk, it indicates that the strategy selection is relatively conservative, and noise reduction can be considered to improve data utilization in subsequent steps. The effectiveness verification module outputs these evaluation analyses as quantitative indicators, providing a basis for further strategy optimization.
[0052] Furthermore, in the feedback optimization phase: based on the evaluation results obtained from the effect verification, the system adjusts the policy decision module to optimize the privacy protection strategy for the next cycle. This feedback can take various forms, such as parameter adjustment or signal transmission. When a high risk of privacy leakage is detected, the feedback optimization module can increase the risk weight for the corresponding data type (thus giving a higher risk score in the next round of risk perception) or directly notify the policy decision module to choose stricter protection in similar situations (reducing ε). When excessive data error is detected to affect normal use, the feedback module can reduce the risk assessment of certain factors or adjust the reinforcement learning reward function to more severely penalize the loss of data accuracy, thereby guiding the strategy to tend to choose a larger ε value to reduce noise interference.
[0053] In this embodiment, the feedback optimization module is closely integrated with reinforcement learning decision-making: the edge server transforms the evaluation results into a reinforcement learning reward signal $r$ (as defined by the aforementioned reward function), and updates the Q-value table of the Q-learning algorithm accordingly. For example, if a privacy breach is detected, a negative reward is given to the action that caused the breach, thereby reducing the Q-value of that action in the corresponding state; conversely, if both data quality and privacy metrics meet the standards, a positive reward is given, increasing the Q-value of the relevant action. The reinforcement learning agent optimized by feedback will reflect these updates in subsequent decisions—preferring to avoid bad strategies and adopt optimized strategies, thereby gradually improving overall performance. As multiple closed-loop cycles run, the system's privacy control strategy continuously learns and improves, enabling it to more accurately adapt to various dynamic environmental conditions and achieve a long-term balance between privacy protection effectiveness and data availability.
[0054] Example 2: A second aspect of this application provides a dynamic privacy protection closed-loop control system for mobile edge crowd sensing. The system includes: a risk perception module, a strategy decision-making module, a privacy protection execution module, an effect verification module, and a feedback optimization module. The functions of each module correspond to the steps described above: the risk perception module acquires communication channel security information and data content sensitivity information, and calculates a multi-dimensional comprehensive privacy risk score; the strategy decision-making module selects the value of the differential privacy budget ε based on the comprehensive privacy risk score using a reinforcement learning algorithm; the privacy protection execution module perturbs the crowd sensing data according to the differential privacy budget ε to achieve differential privacy protection; the effect verification module evaluates the privacy leakage risk index and data quality index of the perturbed data; and the feedback optimization module adjusts the parameters of the strategy decision-making module based on the evaluation results to achieve closed-loop optimization of the privacy protection strategy. Preferably, the system is deployed on a mobile edge computing platform, wherein the risk perception module and the privacy protection execution module can be distributed and deployed on multiple user terminal devices, and the strategy decision-making module and the effect verification module are deployed on the edge computing server side. Each module works collaboratively through a network to jointly complete the method flow of this invention.
[0055] Example 3: A third aspect of this application provides a computer-readable storage medium having computer program instructions stored thereon. When the program instructions are loaded and executed, the processor executes the program instructions to implement the steps of the dynamic privacy-preserving closed-loop control method for mobile edge crowd sensing as described in the first aspect of this application.
[0056] Example 4: A fourth aspect of this application provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor. The processor executes the computer program to perform the steps of the dynamic privacy protection closed-loop control method for mobile edge crowd sensing as described in the first aspect of this application, thereby realizing data privacy closed-loop control in a mobile edge environment.
[0057] In summary, this application achieves intelligent adaptive adjustment of data privacy protection for mobile edge crowd sensing through closed-loop control of risk perception, strategy decision-making, privacy enforcement, effect verification, and feedback optimization. Furthermore, by incorporating energy consumption considerations, the impact of system operation on terminal resources is controlled within an acceptable range, making it suitable for deployment in practical mobile crowd sensing platforms.
Claims
1. A dynamic privacy-preserving closed-loop control method for mobile edge crowd sensing, characterized in that, Includes the following steps: Risk perception: Acquire communication channel information and data content information of the mobile edge crowd sensing system, and calculate a multi-dimensional comprehensive privacy risk score; Strategy decision: The value of the differential privacy protection budget is dynamically determined based on the comprehensive privacy risk score using a reinforcement learning algorithm; Privacy protection implementation: Noise perturbation is added to the crowd perception data according to the differential privacy protection budget to achieve ε-differential privacy protection; Effectiveness verification: Evaluate the privacy leakage risk and data quality indicators of the data after privacy protection processing, and obtain the evaluation results; Feedback optimization: Update the privacy protection strategy parameters based on the evaluation results, and apply the updated strategy to the risk perception step in the next cycle, thereby forming a closed-loop control process; The policy decision-making steps are implemented through a reinforcement learning model. The reinforcement learning model uses the Q-learning algorithm to dynamically model the differential privacy budget ε. The environmental information corresponding to the comprehensive privacy risk score is represented as the state of the reinforcement learning, and the candidate value set of the privacy budget ε is represented as the action space. The optimal action is selected based on a pre-set reward function to determine the value of the privacy budget ε, and the policy of the reinforcement learning model is iteratively updated according to the feedback reward value.
2. The method as described in claim 1, characterized in that, The risk perception step includes: determining a channel risk score based on the security status of the communication channel, determining a semantic risk score based on the sensitivity of the content of the collectively sensed data, and fusing the channel risk score and the semantic risk score according to a predetermined weight to obtain the comprehensive privacy risk score.
3. The method as described in claim 1, characterized in that, The reward function of the reinforcement learning model considers data availability, privacy leakage risk, and terminal energy consumption factors simultaneously to balance the strength of privacy protection with data quality and energy consumption. The higher the accuracy of the data after perturbation and the lower the privacy leakage risk, the higher the reward value is given. Conversely, when the privacy leakage risk increases or the data accuracy decreases, a penalty is given.
4. The method as described in claim 2, characterized in that, The privacy protection execution step employs a Laplace mechanism to add noise to the crowd-sensing data to achieve differential privacy protection.
5. The method as described in claim 4, characterized in that, The added noise follows a Laplace distribution with zero mean and a scale of Δf / ε, where Δf is a preset sensitivity parameter and ε is the differential privacy budget.
6. A dynamic privacy-preserving closed-loop control system for mobile edge crowd sensing, characterized in that, include: The module comprises a risk perception module, a strategy decision-making module, a privacy protection execution module, an effect verification module, and a feedback optimization module; among which, The risk perception module is used to acquire communication channel information and data content information of the mobile edge crowd sensing system and calculate a multi-dimensional comprehensive privacy risk score. The strategy decision module is used to dynamically determine the value of the differential privacy protection budget based on the comprehensive privacy risk score using a reinforcement learning algorithm. The privacy protection execution module is used to add noise perturbation to the crowd perception data according to the differential privacy protection budget in order to achieve ε-differential privacy protection; The effectiveness verification module is used to evaluate the privacy leakage risk and data quality indicators of the data after privacy protection processing, and obtain the evaluation results. The feedback optimization module is used to update the privacy protection strategy parameters based on the evaluation results and apply the updated strategy to the risk perception step in the next cycle, thereby forming a closed-loop control process. The policy decision-making module is implemented through a reinforcement learning model. The reinforcement learning model uses the Q-learning algorithm to dynamically model the differential privacy budget ε. The environmental information corresponding to the comprehensive privacy risk score is represented as the state of the reinforcement learning, and the candidate value set of the privacy budget ε is represented as the action space. The optimal action is selected based on a pre-set reward function to determine the value of the privacy budget ε, and the policy of the reinforcement learning model is iteratively updated according to the feedback reward value.
7. A computer-readable storage medium having a computer program stored thereon, characterized in that, When the computer program is executed by the processor, it implements the dynamic privacy protection closed-loop control method for mobile edge crowd sensing as described in any one of claims 1 to 5.
8. An electronic device, characterized in that, The system includes a memory, a processor, and a computer program stored in the memory, which, when executed by the processor, implements the dynamic privacy-preserving closed-loop control method for mobile edge crowd sensing as described in any one of claims 1 to 5.