Data privacy protection method and device, storage medium and computer device

By dynamically assessing the risks of data query requests and performing personalized transformation processing within the power monitoring platform, the balance between data accuracy loss and privacy leakage in traditional methods is resolved, achieving dynamic protection of data accuracy and security.

CN121859353BActive Publication Date: 2026-06-09EAST CHINA BRANCH OF STATE GRID CORP

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
EAST CHINA BRANCH OF STATE GRID CORP
Filing Date
2025-11-17
Publication Date
2026-06-09

AI Technical Summary

Technical Problem

Traditional data privacy protection methods in power monitoring platforms suffer from both overprotection and underprotection, lacking dynamic adaptability and making it difficult to balance the loss of data accuracy and the risk of privacy leakage.

Method used

By using dynamic risk scoring and different data transformation strategies, multidimensional risk feature vectors are extracted from data query requests of the power monitoring platform. Risk is assessed using a dual-channel time series model based on an attention mechanism. Personalized data transformation processing is performed based on the risk score to ensure data accuracy and privacy security.

Benefits of technology

It achieves the goal of protecting user privacy while preserving data accuracy to the maximum extent, dynamically resisting advanced privacy attacks, and ensuring the efficiency and security of power grid operation and maintenance analysis.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN121859353B_ABST
    Figure CN121859353B_ABST
Patent Text Reader

Abstract

The application relates to the computer technical field, in particular to a data privacy protection method and device, a storage medium and computer equipment.The method comprises the following steps: receiving a data query request sent by a data request subject; extracting a multi-dimensional risk feature vector of the data query request; obtaining a risk score of the data query request by a target risk prediction model corresponding to a subject category to which the data request subject belongs based on the multi-dimensional risk feature vector; generating an original query result according to the data query request; performing different deformation processing on the original query result based on the risk score, and sending the original query result after the deformation processing to the data request subject.The application balances data privacy protection and data availability through dynamic risk scoring and different data deformation strategies.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of computer technology, and in particular to a data privacy protection method, apparatus, storage medium, and computer device. Background Technology

[0002] In data-intensive systems such as power monitoring platforms, data privacy protection is a critical challenge. Power monitoring platforms must ensure the privacy and security of user electricity consumption data while also meeting the high-precision requirements of operational and maintenance analysis. Traditional data privacy protection methods typically employ static, one-size-fits-all strategies, such as applying fixed-intensity noise or generalization processing to all query requests. While this approach offers some protection, it also results in unnecessary loss of accuracy, leading to a coexistence of over-protection and under-protection, and lacking dynamic adaptability. Summary of the Invention

[0003] In view of this, this application provides a data privacy protection method, apparatus, storage medium, and computer device, which achieves a balance between data privacy protection and data availability through dynamic risk scoring and different data transformation strategies.

[0004] According to one aspect of this application, a data privacy protection method is provided, comprising:

[0005] Receive a data query request sent by a data requesting subject, wherein the data query request carries the identification information of the data requesting subject and a query statement;

[0006] Extract the multidimensional risk feature vector from the data query request;

[0007] Based on the multidimensional risk feature vector, the risk score of the data query request is obtained through the target risk prediction model corresponding to the subject category to which the data request subject belongs. The subject category to which the data request subject belongs is determined according to the identification information of the data request subject. The target risk prediction model is pre-trained based on the historical data query requests of the subject category to which the data request subject belongs and a dual-channel time series model based on an attention mechanism.

[0008] Generate the original query results based on the data query request;

[0009] Based on the risk score, the original query result is subjected to different transformation processing, and the transformed original query result is sent to the data request subject.

[0010] According to another aspect of this application, a data privacy protection device is provided, comprising:

[0011] Optionally, the data privacy protection device also includes:

[0012] The receiving module is used to receive a data query request sent by a data requesting subject, wherein the data query request carries the identification information of the data requesting subject and the query statement;

[0013] The scoring module is used to extract the multidimensional risk feature vector of the data query request; and, based on the multidimensional risk feature vector, to obtain the risk score of the data query request through the target risk prediction model corresponding to the subject category to which the data request subject belongs. The subject category to which the data request subject belongs is determined according to the identification information of the data request subject. The target risk prediction model is pre-trained based on the historical data query requests of the subject category to which the data request subject belongs and a dual-channel time series model based on an attention mechanism.

[0014] The transformation module is used to generate an original query result based on the data query request; and to perform different transformation processing on the original query result based on the risk score, and send the transformed original query result to the data request subject.

[0015] According to another aspect of this application, a readable storage medium is provided on which a program or instructions are stored, which, when executed by a processor, implement the steps of the above-described data privacy protection method.

[0016] According to another aspect of this application, a computer device is provided, including a storage medium, a processor, and a computer program stored on the storage medium and executable on the processor, wherein the processor executes the program to implement the steps of the above-described data privacy protection method.

[0017] By employing the above technical solutions, this application provides a data privacy protection method, apparatus, storage medium, and computer equipment. It extracts multi-dimensional risk feature vectors from data query requests received by a power monitoring platform. Based on these multi-dimensional risk feature vectors, a dynamic risk score for the data query request is obtained through a target risk prediction model corresponding to the subject category to which the data request subject belongs. Furthermore, the original query results of the data query request are processed in different ways according to the risk score. This approach maximizes data accuracy while protecting privacy, and dynamically and intelligently defends against advanced privacy attacks without sacrificing the accuracy of power grid operation and maintenance analysis.

[0018] The above description is only an overview of the technical solution of this application. In order to better understand the technical means of this application and to implement it in accordance with the contents of the specification, and to make the above and other objects, features and advantages of this application more obvious and understandable, specific embodiments of this application are given below. Attached Figure Description

[0019] The accompanying drawings, which are included to provide a further understanding of this application and form part of this application, illustrate exemplary embodiments and are used to explain this application, but do not constitute an undue limitation of this application. In the drawings:

[0020] Figure 1 A flowchart illustrating the data privacy protection method provided in an embodiment of this application is shown;

[0021] Figure 2 A structural block diagram of the data privacy protection device provided in an embodiment of this application is shown. Detailed Implementation

[0022] The present application will be described in detail below with reference to the accompanying drawings and embodiments. It should be noted that, unless otherwise specified, the embodiments and features described in the embodiments of the present application can be combined with each other.

[0023] The embodiments of this application are described in detail below. Examples of these embodiments are shown in the accompanying drawings, wherein the same or similar reference numerals denote the same or similar elements or elements having the same or similar functions throughout. The embodiments described below with reference to the accompanying drawings are exemplary and are only used to explain this application, and should not be construed as limiting this application.

[0024] Those skilled in the art will understand that, unless specifically stated otherwise, the singular forms “a,” “an,” “the,” and “the” used herein may also include the plural forms. It should be further understood that the term “comprising” as used in this application means the presence of the stated features, integers, steps, operations, elements, and / or components, but does not exclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and / or groups thereof. It should be understood that when we say an element is “connected” or “attached” to another element, it can be directly connected or attached to the other element, or there may be intermediate elements. Furthermore, “connected” or “attached” as used herein can include wireless connections or wireless interconnections. The term “and / or” as used herein includes all or any unit and all combinations of one or more associated listed items.

[0025] Exemplary embodiments according to this application will now be described in more detail with reference to the accompanying drawings. However, these exemplary embodiments may be implemented in many different forms and should not be construed as being limited to the embodiments set forth herein. It should be understood that these embodiments are provided so that the disclosure of this application is thorough and complete, and that the concept of these exemplary embodiments is fully conveyed to those skilled in the art.

[0026] This application provides a data privacy protection method applied to a power monitoring platform, such as... Figure 1 As shown, the method includes:

[0027] Step 101: Receive the data query request sent by the data requesting subject.

[0028] The data query request includes the identification information of the data requesting subject and the query statement.

[0029] It should be noted that the power monitoring platform collects and stores power user consumption data, grid operation data, and other power data in real time through devices such as smart meters, providing data support for grid operation status analysis, fault diagnosis, and optimized dispatching. In practical applications, the power monitoring platform includes a distribution management system (DMS), a supervisory control and data acquisition (SCADA) system, and third-party energy data service platforms.

[0030] As a data source, the power monitoring platform has its own data requesting entities. A data requesting entity is any entity that initiates a request to the power monitoring platform to obtain power data. Entities include user, system, application, or service types. For example, a data requesting entity can be grid maintenance personnel, third-party energy service providers, or data analysis platforms. Data requesting entities may initiate data query requests to the power monitoring platform for purposes such as maintenance analysis, load forecasting, and fault diagnosis.

[0031] In this step, when a data requester needs to query power data, they send a data query request to the power monitoring platform, which then receives the request. The data query request includes the data requester's identification information and query filtering criteria.

[0032] The identification information of the data requesting subject is used to identify the subject and determine its category. An identity attribute database can be pre-established, storing subject categories corresponding to different existing identification information. The identification information of the data requesting subject is then matched against this database to determine its category. The data requesting subject is the object to which privacy protection measures are applied in this embodiment. This step pre-sets different weight coefficients for different subject categories to influence the level of precision of the electricity data ultimately displayed. A higher pre-set weight coefficient indicates a greater risk of privacy leakage.

[0033] Specifically, the subject categories can include trusted internal parties, external third parties, and potential attackers. For example, trusted internal parties could be power grid workers, managers of power monitoring platforms, etc., whose goal is power grid operation and maintenance, requiring high-precision data. External third parties could be outsourced data analysis companies, etc., whose goals may be commercial, posing a high risk of privacy breaches. Potential attackers are entities that maliciously crawl data using legitimate credentials. If the identifier information of the data requesting entity is not found in the preset identity attribute database, the subject category of that data requesting entity is determined as a potential attacker. Here, the preset weight coefficients for trusted internal parties, external third parties, and potential attackers can be set to 0.1, 0.3, and 0.6, respectively. It should be noted that the sum of the preset weight coefficients for all subject categories is 1.

[0034] A query statement includes several query filter conditions, which are used to determine the range of electricity data to be queried. Specifically, query filter conditions may include the electricity data source to be queried, the region to be queried, the time period to be queried, the electricity users to be queried, and the electricity data to be queried. For example, based on the query filter conditions carried in the data query request, the query requirement of the data requester can be determined to be: to obtain the electricity user identification information, voltage data, and geographical location data of all electricity records within the region to be queried and the time period to be queried from the electricity data source to be queried. Here, the electricity data source to be queried can be a data table or database in the power monitoring platform used to store different types of data. For example, the electricity data source to be queried can be the database table corresponding to smart meters.

[0035] For example, data query requests can be implemented using Structured Query Language (SQL).

[0036] Step 102: Extract the multidimensional risk feature vector of the data query request.

[0037] In this step, a multidimensional risk feature vector of the data query request is extracted to assess the potential risk of the current request behavior.

[0038] Furthermore, as a refinement and extension of the specific implementation of the above embodiments, in order to fully illustrate the specific implementation process of this embodiment, step 102, namely, extracting the multidimensional risk feature vector of the data query request, specifically includes: parsing the query semantics of the query statement and determining different query fields in the query statement; calculating the preset privacy sensitivity corresponding to the field category to which the query field belongs based on a preset synergy function to determine the first risk feature value of the data query request; determining the second risk feature value of the data query request based on the subject category to which the data request subject belongs; determining the third risk feature value of the data query request based on the request time of the data query request; determining the fourth risk feature value of the data query request based on the current query frequency of the data request subject within the preset request time period and the historical baseline frequency of the subject category to which the data request subject belongs within the preset request time period; determining the fifth risk feature value of the data query request based on the first, second, third, and fourth risk feature values ​​of the data query request; and constructing the multidimensional risk feature vector of the data query request based on the first, second, third, fourth, and fifth risk feature values.

[0039] It should be noted that this embodiment pre-parses the query semantics of historical query statements in historical data query requests, determines the different field categories to which the historical query fields belong based on the historical query fields in the historical query statements, and sets a preset privacy sensitivity for each field category. This preset privacy sensitivity reflects the privacy leakage risk of that field category. The more sensitive the field category, the greater the privacy leakage risk, and the higher its preset privacy sensitivity.

[0040] Specifically, the query field categories can include user identification categories, geographic location categories, date categories, continuous measurement categories, and power equipment parameter categories. Continuous measurement categories can be further subdivided based on the type of power data, such as voltage categories and power categories. For example, if the query field is for querying power user identification information, such as "user_id", then the query field belongs to the user identification category. If the query field is for querying geographic location data, such as "location_area", then the query field belongs to the geographic location category. If the query field is for limiting the requested time period, such as `time BETWEEN '2025-07-01 18:00' AND '2025-07-01 20:00'`, then the query field belongs to the date category. If the query field is for querying continuous measurement values, such as "voltage" or "power", then the query field belongs to the continuous measurement category. If the query field is for querying power equipment parameters, such as "decive-temperature", then the query field belongs to the power equipment parameter category. The preset privacy sensitivity for user identity category, geographic location category, date category, and power equipment parameter category can be set to 0.95, 0.9, 0.2, and 0.1, respectively. Furthermore, the preset privacy sensitivity for voltage and power categories within the continuous measurement category can be set to 0.8 and 0.7, respectively.

[0041] In this step, the query semantics of the currently received data query request are parsed to identify different query fields within the request. Then, based on the preset privacy sensitivity corresponding to the field category to which the query fields belong, a first risk feature value for the data query request is calculated to quantify the privacy leakage risk when query fields are coordinated.

[0042] For example, the first risk characteristic value of the data query request is calculated according to the following formula. R 1:

[0043] ,

[0044] in, For the query statement i The preset privacy sensitivity of the field category to which each query field belongs, where n is the number of query fields in the query statement.

[0045] This formula is based on the principle of synergy effect and uses a preset synergy effect function to calculate the insensitivity of each query field (i.e., The overall sensitivity of the query field combination is calculated by multiplying the data fields by 1 and then subtracting the product from 1. This overall sensitivity is then used as the first risk characteristic value of the data query request. A higher first risk characteristic value indicates a greater risk of privacy breaches in the data query request.

[0046] Furthermore, the preset weight coefficient corresponding to the subject category to which the data request subject belongs is used as the second risk feature value of the data query request.

[0047] Furthermore, the preset request period is divided into different preset request time periods, each with a corresponding preset request sensitivity. The time when the data requesting entity sends the data query request is taken as the request time. Therefore, the preset request sensitivity corresponding to the preset request time period to which the request time belongs is used as the third risk characteristic value of the data query request. For example, the preset request period can be set to 24 hours, and the specific request time periods within the preset request period are set as shown in Table 1. It should be noted that the sum of the preset request sensitivities for all preset request time periods within the preset request period is 1.

[0048] Table 1

[0049]

[0050] Furthermore, the average query frequency of different subject categories within each preset request period in the historical request cycle is statistically analyzed, and this average query frequency is used as the historical baseline frequency of that subject category in that preset request period. Then, using the formula: Deviation Degree = (Current Query Frequency - Historical Baseline Frequency) / Historical Baseline Frequency, the deviation degree between the current query frequency of the data request subject within the preset request period and the historical baseline frequency of the subject category to which the data request subject belongs in the preset request period is calculated, and this deviation degree is used as the fourth risk characteristic value of the data query request.

[0051] Furthermore, based on the first, second, third, and fourth risk characteristic values ​​of the aforementioned data query request, the current request behavior of the data requesting subject is determined. By comparing the current request behavior of the data requesting subject with the historical normal behavior corresponding to the subject category to which the data requesting subject belongs, the abnormal behavior of the data requesting subject is determined, thereby identifying the fifth risk characteristic value of the data query request.

[0052] Therefore, based on the first risk feature value, the second risk feature value, the third risk feature value, the fourth risk feature value, and the fifth risk feature value, a multidimensional risk feature vector for data query requests is constructed.

[0053] Furthermore, as a refinement and extension of the specific implementation of the above embodiments, in order to fully illustrate the specific implementation process of this embodiment, a fifth risk feature value of the data query request is determined based on the first, second, third, and fourth risk feature values ​​of the data query request. Specifically, this includes: constructing a current request behavior feature vector of the data request subject based on the first, second, third, and fourth risk feature values ​​of the data query request; calculating the Mahalanobis distance of the current request behavior feature vector based on the mean vector and covariance matrix of the historical normal behavior feature vector matrix corresponding to the subject category to which the data request subject belongs; mapping the Mahalanobis distance to a preset interval using the cumulative distribution function of the chi-square distribution, and using the mapped Mahalanobis distance as the fifth risk feature value.

[0054] In this step, historical normal data query requests belonging to normal request behavior within the historical request period are collected for different subject categories. For any historical data query request of any subject category, the first, second, third, and fourth historical risk feature values ​​of the historical normal data query request are extracted using the method described above for constructing a multi-dimensional risk feature vector. Furthermore, based on these four historical risk feature values, a historical normal behavior feature vector for the historical normal data query request is constructed. Thus, all historical normal behavior feature vectors of the same subject category are used to construct a historical normal behavior feature vector matrix corresponding to that subject category.

[0055] For any subject category, calculate the mean vector and covariance matrix of the historical normal behavior feature vector matrix. The mean vector of the historical normal behavior feature vector matrix consists of the mean of each risk feature category. It can be understood that the historical normal behavior feature vector matrix contains four risk features: the first historical risk feature, the second historical risk feature, the third historical risk feature, and the fourth historical risk feature. The mean vector represents the normal behavior pattern of this subject category. The covariance matrix describes how the various risk features in the historical normal behavior feature vector matrix change together.

[0056] Furthermore, based on the first, second, third, and fourth risk feature values ​​of the currently received data query request, a current request behavior feature vector of the data request subject is constructed. Then, the Mahalanobis distance formula is applied to calculate the Mahalanobis distance between the current request behavior feature vector of the data request subject and the historical normal behavior feature vector matrix corresponding to the subject category to which the data request subject belongs. It should be noted that the calculated Mahalanobis distance is an absolute value, and the square of the Mahalanobis distance approximately follows a chi-square distribution. Therefore, the cumulative distribution function of the chi-square distribution is used to convert the Mahalanobis distance into a probability value, and this probability value is used as the fifth risk feature value of the data query request.

[0057] For example, the Mahalanobis distance between the current request behavior feature vector of the data request subject and the historical normal behavior feature vector matrix corresponding to the subject category to which the data request subject belongs is calculated according to the following formula:

[0058] ,

[0059] in, The Mahalanobis distance, X This is the feature vector of the current request behavior of the data request subject. This is the mean vector of the historical normal behavior feature vector matrix corresponding to the subject category to which the data request subject belongs. It is the inverse of the covariance matrix of the historical normal behavior feature vector matrix corresponding to the subject category to which the data request subject belongs.

[0060] For example, the Mahalanobis distance can be converted into a probability value according to the following formula:

[0061] ,

[0062] in, The probability values ​​after Mahalanobis distance transformation, and the cumulative distribution function of the chi-square distribution. Given a random variable less than or equal to x The probability, x It is a specific value of a random variable. The degree of freedom is equal to the dimension of the current request behavior feature vector, which is 5.

[0063] Here, the smaller the probability value of the Mahalanobis distance, the greater the degree of anomalousness of the data query request. Furthermore, the cumulative distribution function of the chi-square distribution is a known mathematical function determined by the degrees of freedom parameters, and can be directly obtained using built-in functions in statistical software or programming libraries. The square of the Mahalanobis distance corresponds to... When the value is obtained, you can directly call the cumulative distribution function of the chi-square distribution, and pass in the square of the Mahalanobis distance and the degrees of freedom to get the probability value of the Mahalanobis distance.

[0064] Step 103: Based on the multidimensional risk feature vector, obtain the risk score of the data query request through the target risk prediction model corresponding to the subject category to which the data request subject belongs.

[0065] The target risk prediction model is pre-trained based on historical data query requests from the subject category to which the data request subject belongs, and a dual-channel time series model based on an attention mechanism.

[0066] In this step, for any subject category, a dual-channel time-series model based on an attention mechanism is pre-trained using historical data query requests for that subject category. This enables the model to output a risk score for data query requests from that subject category. The trained dual-channel time-series model for that subject category serves as the risk prediction model for that category. It can be understood that a risk prediction model library can be formed based on the risk prediction models corresponding to different subject categories. After extracting the multi-dimensional feature vector of the current data request subject's query request, the target risk prediction model corresponding to the current data request subject's category can be determined from the risk prediction model library based on the subject category of previous data request subjects. Therefore, based on the multi-dimensional risk feature vector and the target risk prediction model corresponding to the current data request subject's category, a risk score for the data query request is obtained. This risk score accurately quantifies the potential threat to user privacy posed by the current request behavior.

[0067] It should be noted that the attention-based dual-channel temporal model comprises a first-channel temporal model, a second-channel temporal model, an attention mechanism, and a fully connected layer. The first-channel temporal model is used to input feature sequences representing short-term behavior to capture sudden anomalies. The second-channel temporal model is used to input feature sequences representing long-term behavior to establish a baseline for normal behavior and identify slow, low-frequency latent attacks. The attention mechanism is applied to the first hidden state matrix output by the first-channel temporal model and the second hidden state matrix output by the second-channel temporal model, respectively. The attention mechanism assigns weights to the hidden states at different time steps in the first and second hidden state matrices, and then performs a weighted summation to obtain two weighted feature vectors. These two weighted feature vectors are then concatenated to obtain the target feature vector. The target feature vector is then input into the fully connected layer. The fully connected layer also has a preset activation function, so that the attention-based dual-channel temporal model ultimately outputs a value between 0 and 1 as a risk score. Here, the training samples of the attention-based dual-channel temporal model are not feature vectors at a single time point, but rather pairs of feature sequences.

[0068] Specifically, for any subject category's historical data query request at any historical request time point, the historical multidimensional risk feature vector of the historical data query request is extracted in the same way as in step 102. The historical data query requests for this subject category include historical data query requests corresponding to normal request behavior and attack behavior.

[0069] Furthermore, using the historical request time point of any historical data query request for the subject category as a benchmark, the historical multidimensional risk feature vector of the historical data query request is combined with the historical multidimensional risk feature vectors of the subject category at various historical request time points within a first preset detection period before the historical request time point, in chronological order, to form a first historical feature sequence. Similarly, the historical multidimensional risk feature vector of the historical data query request is combined with the historical multidimensional risk feature vectors of the subject category at various historical request time points within a second preset detection period before the historical request time point, in chronological order, to form a second historical feature sequence. The second preset detection period is longer than the first preset detection period, so that the first historical feature sequence determined according to the first preset detection period represents the short-term behavior of the subject category before the historical request time point, and the second historical feature sequence determined according to the second preset detection period represents the long-term behavior of the subject category before the historical request time point. Thus, the first historical feature sequence and the second historical feature sequence obtained by the subject category based on the historical request time point of the historical data query request form a feature sequence pair, which is used as a training sample. Simultaneously, the training samples are labeled according to the preset risk score of the historical data query request of the subject category, and then the labeled training samples are input into the dual-channel time series model based on the attention mechanism, so that the first historical feature sequence in the labeled training samples is input into the first channel time series model, and the second historical feature sequence is input into the second channel time series model.

[0070] Here, the default risk score is a value between 0 and 1, set according to the degree of privacy leakage in historical data query requests. A higher risk score indicates a greater degree of privacy leakage in historical data query requests.

[0071] For example, the first channel temporal model and the second channel temporal model can both be Long Short-Term Memory (LSTM) network models.

[0072] Furthermore, for any subject category, the labeled training samples of that subject category are input into a dual-channel time-series model based on an attention mechanism. Backpropagation and gradient calculation are performed on the attention-based dual-channel time-series model based on a preset loss function. The model parameters of the attention-based dual-channel time-series model are iteratively updated using an Adaptive Moment Estimation (Adam) optimizer. When the change in the preset loss function is less than a preset threshold or the number of iterations equals the maximum number of iterations, the output of the attention-based dual-channel time-series model is used as the risk prediction model for that subject category.

[0073] Furthermore, as a refinement and extension of the specific implementation of the above embodiments, in order to fully illustrate the specific implementation process of this embodiment, step 103, namely, obtaining the risk score of the data query request based on the multidimensional risk feature vector and the target risk prediction model corresponding to the subject category to which the data request subject belongs, specifically includes: combining the multidimensional risk feature vector of the data query request with the multidimensional risk feature vector of the data request subject within a first preset detection period before the request time in chronological order to form a first feature sequence; combining the multidimensional risk feature vector of the data query request with the multidimensional risk feature vector of the data request subject within a second preset detection period before the request time in chronological order to form a second feature sequence, wherein the second preset detection period is longer than the first preset detection period; and inputting the first feature sequence and the second feature sequence into the target risk prediction model to obtain the risk score of the data query request.

[0074] In the target risk prediction model, the first channel time series model extracts the first hidden state matrix of the first feature sequence, the second channel time series model extracts the second hidden state matrix of the second feature sequence, the attention mechanism in the target risk prediction model performs weighted processing on the first hidden state matrix and the second hidden state matrix respectively to obtain the weighted target feature vector, and the fully connected layer in the target risk prediction model outputs the risk score of the data query request based on the weighted target feature vector.

[0075] In this step, based on the request time of the current data query request, and following the method used in step 102 to extract the multidimensional risk feature vector of the data query request, the multidimensional risk feature vectors of the data requesting subject at each request time point within the first preset detection period before the current request time are extracted. The multidimensional risk feature vector of the current data query request is then combined with the multidimensional risk feature vectors of the data requesting subject at each historical request time point within the first preset detection period before the current request time in chronological order to form a first feature sequence. Similarly, the multidimensional risk feature vector of the data query request is combined with the multidimensional risk feature vectors of the data requesting subject at each request time point within the second preset detection period before the current request time in chronological order to form a second feature sequence. Therefore, the first feature sequence and the second feature sequence are input into the target risk prediction model. The first channel time series model in the target risk prediction model extracts the first hidden state matrix of the first feature sequence, and the second channel time series model extracts the second hidden state matrix of the second feature sequence. The attention mechanism in the target risk prediction model performs weighted processing on the first hidden state matrix and the second hidden state matrix respectively to obtain two weighted feature vectors. The two weighted feature vectors are concatenated to obtain the target feature vector. The fully connected layer in the target risk prediction model outputs the risk score of the data query request based on the weighted target feature vector.

[0076] For example, the first preset detection period can be 30 minutes, and the second preset detection period can be 72 hours.

[0077] Step 104: Generate the original query results based on the data query request.

[0078] In this step, the raw power data to be queried is extracted from the corresponding data table or database according to the query filtering conditions in the query statement of the data query request, and the raw query results are generated.

[0079] It is understandable that the original query results are also represented in Structured Query Language, including the result fields corresponding to the query fields in the query statement. Furthermore, the corresponding query fields and result fields belong to the same field category. For example, if the query field is for voltage, then the corresponding result field stores the raw voltage value. And both the query field and the result field belong to the voltage category.

[0080] Step 105: Based on the risk score, perform different transformations on the original query results and send the transformed original query results to the data request subject.

[0081] In this step, based on the risk score, the original query results are transformed in different ways to satisfy the data request while reducing the risk of data leakage and misuse, thus protecting data privacy and security. The transformed original query results are then returned to the data requester, ensuring that the data requester can obtain the required information while protecting user privacy, achieving a balance between data security and usability.

[0082] Furthermore, as a refinement and extension of the specific implementation of the above embodiments, in order to fully illustrate the specific implementation process of this embodiment, based on risk scoring, the original query results are subjected to different modifications, specifically including:

[0083] Step 105-1: Parse the query semantics of the original query results and determine the different result fields in the original query results.

[0084] Step 105-2: If the risk score meets the first preset range, the result field with a preset privacy sensitivity lower than the preset threshold is determined as a non-critical field; according to the preset noise ratio coefficient, the non-critical field is subjected to noise perturbation processing.

[0085] In this step, if the risk score of the data query request meets the first preset range, it means that the data query request is a regular and trusted request behavior. In this case, the accuracy of the original data in the original query result of the data query request is preserved to the maximum extent, and only a very small amount of noise is added to the non-key fields, which has virtually no impact on the key fields in the original query result.

[0086] Specifically, the criticality of a result field is determined based on the preset privacy sensitivity corresponding to its field category. In other words, field categories with a preset privacy sensitivity below a preset threshold are designated as non-critical field categories, while the remaining field categories are designated as critical field categories. If a result field belongs to a non-critical field category, then that result field is considered non-critical. Therefore, Gaussian noise is added to the original data stored within the non-critical field according to a preset noise ratio to perform noise perturbation processing on the non-critical field.

[0087] For example, the first preset range can be set to less than 0.3, and the preset threshold can be set to 0.2. The preset noise ratio coefficient can be set to ±2%. For instance, if the risk score of a data query request is 0.1, then the data query request is a normal and trusted request behavior. Furthermore, if the original query result of the data query request stores the original power equipment temperature data "25℃" in a result field, which belongs to the power parameter category, and the preset privacy sensitivity is 0.1, which is less than 0.2, then this result field is a non-critical field. ±2% Gaussian noise is added to the "25℃" stored in this non-critical field for noise perturbation processing. After noise perturbation processing, the value in this non-critical field becomes: 24.5℃ to 25.5℃.

[0088] Unlike related technologies that apply fixed-intensity noise or generalization to trusted internal operations and maintenance queries, leading to an unnecessary decrease in analysis accuracy, this embodiment only sacrifices the accuracy of the data in the original query results when necessary, thereby improving the accuracy and usability of data analysis and reducing unnecessary computational overhead.

[0089] Step 105-3: If the risk score meets the second preset range, determine the stability factor of the result field based on the historical information entropy and standard deviation corresponding to the field category to which the result field belongs; determine the noise ratio coefficient of the result field based on the preset privacy sensitivity corresponding to the field category to which the result field belongs, the stability factor of the query field and the risk score; and perform noise perturbation processing on the result field according to the noise ratio coefficient.

[0090] In this step, if the risk score of the data query request meets the second preset range, it indicates that the data query request is a suspicious request. Then, based on the characteristics of the original data stored in the original query result of the data query request and the current risk score, the degree of ambiguity of the original data stored in the original query result is determined so as to perform corresponding transformation processing on the original query result.

[0091] Specifically, for any field category, historical data stored in the historical results field of that field category is collected beforehand. This historical data is then normalized or standardized to convert it to the same dimension for easier calculation and updating. Next, the historical data for that field category is divided into several intervals, forming discrete data categories. The probability of data occurrence in each data category is determined based on the ratio of the number of historical data points in each category to the total number of historical data points in that field category. This probability is then substituted into the information entropy calculation formula to obtain the historical information entropy for that field category. Furthermore, the standard deviation of that field category is calculated based on the total number of historical data points and the average value of the historical data points in that field category, used to measure the volatility of the data in that field category.

[0092] For example, the second preset range can be set to 0.3-0.7;

[0093] Historical information entropy of field category Represented as:

[0094] ,

[0095] in, m This represents the number of data categories in the historical data for this field category. For the historical data of this field category, the first j The probability corresponding to each data category, and .

[0096] Standard deviation of field categories Represented as:

[0097] ,

[0098] in, For the first field category k Historical data, This is the average of historical data for this field category. N This represents the total number of historical data entries for this field category.

[0099] Here, the smaller the historical information entropy of a field category, the more stable the data corresponding to that field category is, and the stronger the privacy protection required. Similarly, the smaller the standard deviation of a field category, the less volatile the data is, and the stronger the privacy protection required.

[0100] Furthermore, for any result field in the current original query results, a first value is determined based on the difference between a preset value (i.e., 1) and the historical information entropy of the field category to which the result field belongs. A second value is determined based on the reciprocal of the sum of the standard deviation of the field category to which the result field belongs and the preset value. The stability factor of the result field is then determined by multiplying the first and second values. Next, the noise ratio coefficient of the result field is determined by multiplying the stability factor, the current risk score, the preset scaling factor, and the preset privacy sensitivity corresponding to the field category to which the result field belongs. Therefore, the original data stored in the result field is subjected to noise perturbation processing according to the noise ratio coefficient of the result field, generalizing the original data stored in the result field into a data range.

[0101] For example, the stability factor of the result field Represented as:

[0102] ,

[0103] in, The first value, This is the second value.

[0104] Noise ratio coefficient of the result field Represented as:

[0105] ,

[0106] in, To score risk, The preset privacy sensitivity for the field category to which this result field belongs. Set a preset scaling factor, for example, 0.1.

[0107] The generalized data range corresponding to the result field Represented as:

[0108] ,

[0109] in, The original data stored in the result field.

[0110] Here, different field categories have different preset privacy sensitivities. The higher the preset privacy sensitivity, the stronger the privacy protection in this step. The higher the risk score of the data query request, the larger the noise range set for the original query results in this step, thus providing stronger privacy protection. The preset scaling factor is used to control the overall perturbation intensity and ensure that the noise range is reasonable.

[0111] Unlike related technologies that apply a fixed intensity of noise or a fixed level of generalization to all data and all data requesting subjects, this embodiment applies a smaller perturbation to field categories with large historical fluctuations and high inherent uncertainty, or those with low risk scores, by calculating historical information entropy and standard deviation. For field categories with stable history, large single-value information content, or those with high risk scores, a stronger perturbation is applied, thereby optimizing the balance between accuracy and privacy.

[0112] Step 105-4: If the risk score meets the third preset range, perform privacy classification on the result field based on the preset privacy sensitivity corresponding to the field category to which the result field belongs. The privacy classification includes Level 1, Level 2 and Level 3. Update the result field belonging to Level 1 to a status label. Perform precision downgrading on the result field belonging to Level 2. Perform masking on the result field belonging to Level 3.

[0113] In this step, if the risk score of the data query request meets the third preset range, it indicates that the data query request is a high-risk request, such as frequently crawling sensitive combinations. In this case, strong privacy masking is performed on the original query results of the data query request to implement the strictest protection. For example, the second preset range can be set to be greater than 0.7.

[0114] Specifically, two privacy sensitivity thresholds are set sequentially from smallest to largest: the first privacy sensitivity threshold and the second privacy sensitivity threshold. Based on these two privacy sensitivity thresholds and the preset privacy sensitivity corresponding to the field category to which the result field belongs, the result field is classified into privacy levels, namely, Level 1, Level 2, and Level 3.

[0115] Specifically, result fields whose preset privacy sensitivity is less than or equal to the first privacy sensitivity threshold are classified into the first level. The first level comprises fields with relatively low sensitivity. Semantic transformation is performed on these first-level result fields, converting them into status labels corresponding to the original data stored in the result field. For example, for result fields belonging to the continuous measurement category, they are converted from continuous values ​​into discrete status enumerations. For instance, the precise voltage value of 229.7V is converted into status labels of "normal," "high," or "low" based on whether it is within the normal voltage range. This completely removes the precision of the original data, preventing attackers from analyzing user behavior through numerical fluctuations, while still allowing legitimate maintenance personnel to convey the basic health status of the equipment.

[0116] Furthermore, result fields whose preset privacy sensitivity is greater than the first privacy sensitivity threshold and less than or equal to the second privacy sensitivity threshold, corresponding to their respective field categories, are classified into the second level. The second level belongs to fields of medium sensitivity. Precision downgrading is applied to result fields belonging to the second level. For high-precision raw data in the query field, it is generalized and converted into data with lower precision but still retaining some semantic information. For example, the raw data in the query field is transformed from latitude and longitude at the "meter level" to administrative regions at the "kilometer level." Attackers cannot locate specific buildings, but maintenance personnel can still know which region the data comes from, meeting the needs of regional fault analysis.

[0117] Furthermore, result fields whose preset privacy sensitivity level is greater than the second privacy sensitivity threshold are classified into the third level. The third level consists of highly sensitive fields, and the strongest protection is applied to result fields belonging to the third level. For example, for fields that can directly and uniquely identify users, no real information is provided; they are replaced with meaningless symbols (such as *) or pseudonyms to completely sever the association between the data and a specific individual.

[0118] Unlike related technologies that grant access to raw data based on role authorization, allowing attackers to easily obtain high-precision data for user profiling once they steal legitimate credentials (such as contractor accounts), this embodiment enforces data downgrading even if the requester possesses legitimate credentials after identifying high-risk behavior patterns, significantly raising the attack threshold.

[0119] This embodiment extracts multi-dimensional risk feature vectors from data query requests received by the power monitoring platform. Based on these multi-dimensional risk feature vectors, a dynamic risk score for the data query request is obtained through a target risk prediction model corresponding to the subject category to which the data request subject belongs. The original query results are then processed in different ways according to the risk score, thereby maximizing data accuracy while protecting privacy. This dynamically and intelligently defends against advanced privacy attacks without sacrificing the accuracy of power grid operation and maintenance analysis. Furthermore, this embodiment does not directly block access from the data query subject. Instead, it dynamically hides sensitive information in the original data of the query results by analyzing the patterns of the request behavior itself. This prevents attackers from effectively reconstructing the true user behavior patterns or privacy information even if they obtain the data, thus achieving data privacy protection for the power monitoring system based on access pattern hiding.

[0120] In one embodiment, in a power distribution network fault analysis platform, an external contractor initiates high-frequency queries (25 times / minute) during the evening peak hours to obtain user voltage and location data:

[0121] The SQL statement for the data query request is:

[0122] SELECT user_id, voltage, location

[0123] FROM amr_data

[0124] WHERE district='Xicheng'

[0125] AND time BETWEEN '2025-07-01 18:00' AND '2025-07-01 20:00'

[0126] Here, the data query request means: retrieve the user ID, voltage, and location information from the amr_data table for all power records in the region Xichang between 18:00 and 20:00 on July 1, 2025.

[0127] According to the method of this application, the risk prediction model outputs a risk score of 0.71, which is identified as a high-risk request behavior. Therefore, the original data {"user_id": "BJ_XC_010203", "voltage": 229.7, "location": "39.907583,116.353396"} in the original query result of this data query request is transformed into {"user_id": "BJ_ The voltage value is binarized into a status label, reducing the location accuracy from meters to administrative district level.

[0128] In one embodiment, the data privacy protection method described in this application is deployed in a privacy proxy gateway between a power monitoring platform and a data requesting entity. The privacy proxy gateway includes a behavior awareness layer, a decision layer, and an execution layer. The behavior awareness layer receives data query requests sent by the data requesting entity. The decision layer extracts a multi-dimensional risk feature vector from the data query request and, based on the multi-dimensional risk feature vector, obtains a risk score for the data query request using a target risk prediction model corresponding to the entity category to which the data requesting entity belongs. The execution layer generates original query results based on the data query request, performs different transformations on the original query results based on the risk score, dynamically rewrites the original query results using a streaming processing engine, and sends the rewritten original query results to the data requesting entity.

[0129] In addition, an audit layer can be set up after the execution layer in the privacy proxy gateway. The audit layer optimizes the model parameters of the risk prediction model through reinforcement learning after each request cycle, and automatically reduces the false positive weight when a successful attack case is detected.

[0130] It should be noted that the sequence number of each step in the above embodiments does not imply the order of execution. The execution order of each process should be determined by its function and internal logic, and should not constitute any limitation on the implementation process of the embodiments of this application.

[0131] Furthermore, such as Figure 2 As shown, as a specific implementation of the above-mentioned data privacy protection method, this application embodiment provides a data privacy protection device 200, which includes: a receiving module 201, a scoring module 202, and a variant module 203.

[0132] The receiving module 201 is used to receive a data query request sent by the data requesting subject. The data query request carries the identification information of the data requesting subject and the query statement.

[0133] The scoring module 202 is used to extract the multidimensional risk feature vector of the data query request; and, based on the multidimensional risk feature vector, to obtain the risk score of the data query request through the target risk prediction model corresponding to the subject category to which the data request subject belongs. The subject category to which the data request subject belongs is determined according to the identification information of the data request subject. The target risk prediction model is pre-trained based on the historical data query requests of the subject category to which the data request subject belongs and a dual-channel time series model based on the attention mechanism.

[0134] The deformation module 203 is used to generate the original query result according to the data query request; and to perform different deformation processing on the original query result based on the risk score, and send the deformed original query result to the data request subject.

[0135] In one embodiment, the scoring module 202 is specifically used to parse the query semantics of the query statement and determine different query fields in the query statement; calculate the preset privacy sensitivity corresponding to the field category to which the query field belongs based on a preset synergy function to determine the first risk feature value of the data query request; determine the second risk feature value of the data query request based on the subject category to which the data request subject belongs; determine the third risk feature value of the data query request based on the request time of the data query request; determine the fourth risk feature value of the data query request based on the current query frequency of the data request subject within the preset request time period and the historical baseline frequency of the subject category to which the data request subject belongs within the preset request time period; determine the fifth risk feature value of the data query request based on the first, second, third, and fourth risk feature values ​​of the data query request; and construct a multidimensional risk feature vector of the data query request based on the first, second, third, fourth, and fifth risk feature values.

[0136] In one embodiment, the scoring module 202 is specifically used to construct a current request behavior feature vector of the data request subject based on the first risk feature value, the second risk feature value, the third risk feature value, and the fourth risk feature value of the data query request; calculate the Mahalanobis distance of the current request behavior feature vector based on the mean vector and covariance matrix of the historical normal behavior feature vector matrix corresponding to the subject category to which the data request subject belongs; map the Mahalanobis distance to a preset interval using the cumulative distribution function of the chi-square distribution, and use the mapped Mahalanobis distance as the fifth risk feature value.

[0137] In one embodiment, the scoring module 202 is specifically used to combine the multidimensional risk feature vector of the data query request with the multidimensional risk feature vector of the data requesting subject within a first preset detection period before the request time in chronological order to form a first feature sequence; combine the multidimensional risk feature vector of the data query request with the multidimensional risk feature vector of the data requesting subject within a second preset detection period before the request time in chronological order to form a second feature sequence, wherein the second preset detection period is longer than the first preset detection period; input the first feature sequence and the second feature sequence into the target risk prediction model to obtain a risk score for the data query request, wherein the first channel temporal model in the target risk prediction model extracts the first hidden state matrix of the first feature sequence, the second channel temporal model in the target risk prediction model extracts the second hidden state matrix of the second feature sequence, the attention mechanism in the target risk prediction model performs weighted processing on the first hidden state matrix and the second hidden state matrix respectively to obtain a weighted target feature vector, and the fully connected layer in the target risk prediction model outputs the risk score for the data query request based on the weighted target feature vector.

[0138] In one embodiment, the variant module 203 is specifically used to parse the query semantics of the original query result and determine different result fields in the original query result; if the risk score meets the first preset range, the result field whose preset privacy sensitivity is lower than the preset threshold corresponding to the field category is determined as a non-critical field; and the non-critical field is subjected to noise perturbation processing according to the preset noise ratio coefficient.

[0139] In one embodiment, the modified module 203 is specifically used to parse the query semantics of the original query result and determine different result fields in the original query result; if the risk score meets the second preset range, determine the stability factor of the result field according to the historical information entropy and standard deviation corresponding to the field category to which the result field belongs; determine the noise ratio coefficient of the result field according to the preset privacy sensitivity corresponding to the field category to which the result field belongs, the stability factor of the query field and the risk score; and perform noise perturbation processing on the result field according to the noise ratio coefficient.

[0140] In one embodiment, the variant module 203 is specifically used to parse the query semantics of the original query results and determine different result fields in the original query results; if the risk score meets the third preset range, based on the preset privacy sensitivity corresponding to the field category to which the result field belongs, the result field is classified into privacy levels, including Level 1, Level 2 and Level 3; the result field belonging to Level 1 is updated to a status label; the result field belonging to Level 2 is downgraded in precision; and the result field belonging to Level 3 is masked.

[0141] Specific limitations regarding data privacy protection devices can be found in the limitations of data privacy protection methods described above, and will not be repeated here. Each module in the aforementioned data privacy protection device can be implemented entirely or partially through software, hardware, or a combination thereof. These modules can be embedded in or independent of the processor in a computer device in hardware form, or stored in the memory of a computer device in software form, so that the processor can call and execute the operations corresponding to each module.

[0142] Based on the above, Figure 1 Accordingly, embodiments of this application also provide a readable storage medium having a computer program stored thereon, which, when executed by a processor, implements the above-described method. Figure 1 The data privacy protection methods shown.

[0143] Based on this understanding, the technical solution of this application can be embodied in the form of a software product. The software product can be stored in a non-volatile storage medium (such as a CD-ROM, USB flash drive, or portable hard drive), and includes several instructions to cause a computer device (such as a personal computer, server, or network device) to execute the methods described in the various implementation scenarios of this application.

[0144] Based on the above, Figure 1 The method shown, and Figure 2 To achieve the above objectives, the present application also provides a computer device, specifically a personal computer, server, network device, etc., as shown in the virtual device embodiment. This computer device includes a storage medium and a processor; the storage medium stores a computer program; the processor executes the computer program to achieve the above-described objectives. Figure 1 The data privacy protection methods shown.

[0145] Optionally, the computer device may also include a user interface, a network interface, a camera, radio frequency (RF) circuitry, sensors, audio circuitry, a Wi-Fi module, etc. The user interface may include a display screen, input units such as a keyboard, etc., and optional user interfaces may also include USB ports, card reader ports, etc. The network interface may optionally include standard wired interfaces, wireless interfaces (such as Bluetooth interfaces, Wi-Fi interfaces), etc.

[0146] Those skilled in the art will understand that the computer device structure provided in this embodiment does not constitute a limitation on the computer device, and may include more or fewer components, or combine certain components, or have different component arrangements.

[0147] The storage medium may also include an operating system and a network communication module. The operating system is a program that manages and stores the hardware and software resources of a computer device, supporting the operation of information processing programs and other software and / or programs. The network communication module is used to enable communication between the various components within the storage medium, as well as communication with other hardware and software within the physical device.

[0148] Through the above description of the embodiments, those skilled in the art can clearly understand that this application can be implemented by means of software plus necessary general-purpose hardware platform, or the embodiments of this application can be implemented by hardware.

[0149] Those skilled in the art will understand that the accompanying drawings are merely schematic diagrams of a preferred embodiment, and the modules or processes shown in the drawings are not necessarily essential for implementing this application. Those skilled in the art will understand that the modules in the apparatus of the embodiment can be distributed within the apparatus of the embodiment as described, or can be modified to be located in one or more apparatuses different from this embodiment. The modules of the above-described embodiment can be combined into one module, or further divided into multiple sub-modules.

[0150] The serial numbers in this application are for descriptive purposes only and do not represent the superiority or inferiority of any particular implementation scenario. The above disclosures are merely a few specific implementation scenarios of this application; however, this application is not limited thereto, and any variations conceived by those skilled in the art should fall within the protection scope of this application.

Claims

1. A data privacy protection method applied to a power monitoring platform, characterized in that, The method includes: Receive a data query request sent by a data requesting subject, wherein the data query request carries the identification information of the data requesting subject and a query statement; Extract the multidimensional risk feature vector from the data query request; Based on the multidimensional risk feature vector, the risk score of the data query request is obtained through the target risk prediction model corresponding to the subject category to which the data request subject belongs. The subject category to which the data request subject belongs is determined according to the identification information of the data request subject. The target risk prediction model is pre-trained based on the historical data query requests of the subject category to which the data request subject belongs and a dual-channel time series model based on an attention mechanism. Generate the original query results based on the data query request; Based on the risk score, the original query result is subjected to different transformation processing, and the transformed original query result is sent to the data request subject; Accordingly, based on the risk score, the original query results are subjected to different transformation processing, specifically including: Parse the query semantics of the original query results to determine the different result fields in the original query results; If the risk score meets the first preset range, the result field whose preset privacy sensitivity corresponding to the field category is lower than the preset threshold is determined as a non-critical field; The non-critical fields are subjected to noise perturbation processing according to a preset noise ratio coefficient; If the risk score meets the second preset range, the stability factor of the result field is determined based on the historical information entropy and standard deviation corresponding to the field category to which the result field belongs; Based on the preset privacy sensitivity corresponding to the field category to which the result field belongs, the stability factor of the result field, and the risk score, the noise ratio coefficient of the result field is determined; The result field is subjected to noise perturbation processing according to the noise ratio coefficient; If the risk score meets the third preset range, the result field is classified into three privacy levels based on the preset privacy sensitivity corresponding to the field category to which the result field belongs. The privacy classification includes a first level, a second level, and a third level. Update the result fields belonging to the first level to status labels; Perform precision downgrade processing on result fields belonging to the second level; The result fields belonging to the third level are masked.

2. The data privacy protection method according to claim 1, characterized in that, The extraction of the multidimensional risk feature vector from the data query request specifically includes: Parse the query semantics of the query statement to determine the different query fields in the query statement; Based on a preset synergy function, the preset privacy sensitivity corresponding to the field category to which the query field belongs is calculated to determine the first risk characteristic value of the data query request; Based on the subject category to which the data request subject belongs, determine the second risk characteristic value of the data query request; Based on the request time of the data query request, a third risk characteristic value of the data query request is determined; Based on the current query frequency of the data requesting subject within the preset request period to which the request time belongs and the historical baseline frequency of the subject category to which the data requesting subject belongs within the preset request period, a fourth risk characteristic value for the data query request is determined. Based on the first risk characteristic value, the second risk characteristic value, the third risk characteristic value, and the fourth risk characteristic value of the data query request, determine the fifth risk characteristic value of the data query request; Based on the first risk feature value, the second risk feature value, the third risk feature value, the fourth risk feature value, and the fifth risk feature value, a multidimensional risk feature vector for the data query request is constructed.

3. The data privacy protection method according to claim 2, characterized in that, The step of determining the fifth risk characteristic value of the data query request based on the first, second, third, and fourth risk characteristic values ​​specifically includes: Based on the first risk feature value, the second risk feature value, the third risk feature value, and the fourth risk feature value of the data query request, construct the current request behavior feature vector of the data request subject; The Mahalanobis distance of the current request behavior feature vector is calculated based on the mean vector and covariance matrix of the historical normal behavior feature vector matrix corresponding to the subject category to which the data request subject belongs. The Mahalanobis distance is mapped to a preset interval using the cumulative distribution function of the chi-square distribution, and the mapped Mahalanobis distance is used as the fifth risk feature value.

4. The data privacy protection method according to claim 2, characterized in that, The process of obtaining a risk score for the data query request based on the multidimensional risk feature vector and through a target risk prediction model corresponding to the subject category to which the data request subject belongs specifically includes: The multidimensional risk feature vector of the data query request is combined with the multidimensional risk feature vector of the data request subject within the first preset detection period before the request time in chronological order to form a first feature sequence; The multidimensional risk feature vector of the data query request is combined with the multidimensional risk feature vector of the data request subject within the second preset detection period before the request time in chronological order to form a second feature sequence, wherein the second preset detection period is longer than the first preset detection period. The first feature sequence and the second feature sequence are input into the target risk prediction model to obtain the risk score of the data query request. In the target risk prediction model, the first channel time series model extracts the first hidden state matrix of the first feature sequence, and the second channel time series model extracts the second hidden state matrix of the second feature sequence. The attention mechanism in the target risk prediction model performs weighted processing on the first hidden state matrix and the second hidden state matrix respectively to obtain a weighted target feature vector. The fully connected layer in the target risk prediction model outputs the risk score of the data query request based on the weighted target feature vector.

5. A data privacy protection device, characterized in that, The device includes: The receiving module is used to receive a data query request sent by a data requesting subject, wherein the data query request carries the identification information of the data requesting subject and the query statement; The scoring module is used to extract the multidimensional risk feature vector of the data query request; and, based on the multidimensional risk feature vector, to obtain the risk score of the data query request through the target risk prediction model corresponding to the subject category to which the data request subject belongs. The subject category to which the data request subject belongs is determined according to the identification information of the data request subject. The target risk prediction model is pre-trained based on the historical data query requests of the subject category to which the data request subject belongs and a dual-channel time series model based on an attention mechanism. The transformation module is used to generate an original query result based on the data query request; and to perform different transformation processing on the original query result based on the risk score, and send the transformed original query result to the data request subject. Accordingly, the deformation module is specifically used for: Parse the query semantics of the original query results to determine the different result fields in the original query results; If the risk score meets the first preset range, the result field whose preset privacy sensitivity corresponding to the field category is lower than the preset threshold is determined as a non-critical field; The non-critical fields are subjected to noise perturbation processing according to a preset noise ratio coefficient; If the risk score meets the second preset range, the stability factor of the result field is determined based on the historical information entropy and standard deviation corresponding to the field category to which the result field belongs; Based on the preset privacy sensitivity corresponding to the field category to which the result field belongs, the stability factor of the result field, and the risk score, the noise ratio coefficient of the result field is determined; The result field is subjected to noise perturbation processing according to the noise ratio coefficient; If the risk score meets the third preset range, the result field is classified into three privacy levels based on the preset privacy sensitivity corresponding to the field category to which the result field belongs. The privacy classification includes a first level, a second level, and a third level. Update the result fields belonging to the first level to status labels; Perform precision downgrade processing on result fields belonging to the second level; The result fields belonging to the third level are masked.

6. A readable storage medium having a program or instructions stored thereon, characterized in that, When the program or instructions are executed by the processor, they implement the steps of the data privacy protection method as described in any one of claims 1 to 4.

7. A computer device, comprising a storage medium, a processor, and a computer program stored on the storage medium and executable on the processor, characterized in that, When the processor executes the program, it implements the data privacy protection method as described in any one of claims 1 to 4.