Federated learning-based information big data privacy protection collection method and system

By employing federated learning techniques, privacy-sensitive coefficients are calculated and gradient perturbations are applied to construct a node contribution vector table. This enables secure aggregation and encrypted parameter updates, resolving the single-point leakage and modeling accuracy degradation issues caused by data aggregation in traditional methods. Ultimately, an end-to-end privacy-protected communication defense line is established.

CN122153967APending Publication Date: 2026-06-05JINING UNIV

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
JINING UNIV
Filing Date
2026-04-29
Publication Date
2026-06-05

AI Technical Summary

Technical Problem

Traditional data collection methods for protecting privacy in big data are prone to single-point leakage risks when terminal devices perform fixed preprocessing and generate data summaries for unified storage and processing on centralized servers. Furthermore, symmetric transmission encryption methods are difficult to resist multi-dimensional traffic monitoring and network interception analysis in complex network environments, resulting in compromised accuracy of joint modeling.

Method used

A privacy-preserving data collection method based on federated learning is adopted. The privacy sensitivity coefficient is calculated through information collection nodes to generate a privacy identifier dataset. A gradient perturbation mechanism is executed within the local model to construct a node contribution vector table. A secure aggregation algorithm is used to aggregate weighted gradient information to generate a federated aggregated encrypted parameter set. Finally, the global model parameters are updated through an encrypted communication channel.

Benefits of technology

It effectively blocks the security collapse caused by the aggregation of plaintext data from a single node, maintains the concealment of underlying samples, balances the contribution weights of heterogeneous terminals, corrects the deviation in the joint evolution direction of the federated model, and establishes an end-to-end lossless communication defense line to resist external traffic fragmentation and eavesdropping.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122153967A_ABST
    Figure CN122153967A_ABST
Patent Text Reader

Abstract

The present application relates to the technical field of federated learning, in particular to a federated learning-based information big data privacy protection collection method and system, comprising the following steps: calculating a privacy sensitivity coefficient according to data attributes, perturbing and recombining a privacy gradient according to the coefficient, calculating gradient bias variance to construct a node contribution table, performing secure weighted aggregation based on the contribution table and the privacy gradient, calculating an encryption parameter to generate a global ciphertext parameter set, updating a global model and constructing a privacy feedback table.In the present application, the sensitive coefficient is used to replace the original feature field operation by regulating the perturbation limit in the training stage, the underlying sample hidden distribution is maintained to completely block the security collapse caused by the aggregation of plaintext, the evaluation system is constructed by calculating the cross-period bias variance to perform weighted aggregation, the weight of the heterogeneous terminal is balanced to correct the evolution direction deviation, the dynamic encryption parameter is injected into the global sequence to establish a ciphertext lossless defense line to resist flow disassembly interception and monitoring.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of federated learning technology, and in particular to a method and system for collecting big data information with privacy protection based on federated learning. Background Technology

[0002] Federated learning technology involves collaborative modeling mechanisms among multiple data holders, enabling data to remain local during distributed model training. Its core aspects include independent storage of local datasets, local model parameter updates by participating nodes, parameter aggregation through a central coordinating node or peer-to-peer communication, and global model optimization without directly exchanging raw data. It also covers encrypted data transmission, parameter update synchronization mechanisms, participant identity management, and security controls during communication, thereby constructing a joint modeling system for multi-source heterogeneous data environments.

[0003] Traditional data collection methods for privacy protection in big data refer to the process of performing data preprocessing steps on terminal devices or data sources during large-scale data collection. These steps include filtering fields, normalizing values, replacing or deleting sensitive fields in the raw data, generating data summaries or feature vectors using fixed rules, and uploading the processed data to a centralized server through a secure channel. The server then stores and processes the data uniformly. During data transmission, symmetric encryption or key-based encryption is used to encrypt data packets, which are then decrypted and restored at the receiving end. Data from different sources is timestamped and its source is recorded according to a preset data collection strategy to complete the centralized data collection process for privacy protection.

[0004] Traditional data processing mechanisms involve performing fixed preprocessing on terminal devices and generating data summaries, which are then uploaded to a centralized server for unified storage and processing. This single rule and data aggregation and transmission mode are highly susceptible to single-point leakage risks in large data aggregation centers. Relying solely on symmetric transmission encryption methods is insufficient to resist multi-dimensional traffic monitoring and network interception analysis in complex network environments. Furthermore, directly removing or replacing sensitive fields inevitably damages the inherent distribution characteristics of the original data. In multi-source fusion scenarios, the inconsistent data labeling across different terminals leads to a significant decrease in the accuracy of joint modeling. Summary of the Invention

[0005] To address the challenges of traditional data processing mechanisms that rely on fixed preprocessing on terminal devices to generate data summaries for centralized server storage and processing, this single-rule data aggregation and transmission model is highly susceptible to single-point leakage risks in large data aggregation centers. Furthermore, relying solely on symmetric transmission encryption methods is insufficient to withstand multi-dimensional traffic monitoring and network interception analysis in complex network environments. Additionally, directly removing or replacing sensitive fields inevitably disrupts the inherent distribution characteristics of the original data. In multi-source fusion scenarios, inconsistent data labeling across terminals leads to severe impairment of joint modeling accuracy. Therefore, this invention provides a privacy-preserving data collection method for big data based on federated learning.

[0006] To achieve the above objectives, this invention employs a privacy-preserving data collection method for big data based on federated learning, comprising the following steps: S1: Collect raw information data generated by the distributed big data terminal through information collection nodes, label data attributes according to the privacy constraint level of the institution to which the node belongs, calculate the privacy sensitivity coefficient of each type of data using a differential privacy measurement model, and generate a privacy label dataset; S2: Call the privacy identifier dataset, build a local model within the information collection node and perform parameter training, calculate the node gradient vector through the gradient perturbation mechanism, adjust the gradient perturbation intensity according to the privacy sensitivity coefficient, and generate a privacy perturbation gradient set; S3: Call the privacy perturbation gradient set, calculate the rate of change and deviation variance of the gradient vector of each node, distinguish the information contribution level of the node based on the deviation variance, and construct the node contribution vector table. S4: Based on the node contribution vector table and the privacy perturbation gradient set, a secure aggregation algorithm is used to weighted aggregate the gradient information to obtain the global gradient vector. During the aggregation process, encryption parameters are calculated to constrain the node privacy weights and generate a federated aggregation encryption parameter set that meets the preset privacy budget range. S5: Invoke the federated aggregated encrypted parameter set and the global gradient vector to update the global model parameters, and send back the updated parameters through the encrypted communication channel, and construct a privacy feedback index table based on the node privacy attributes.

[0007] As a further embodiment of the present invention, the privacy-identifying dataset includes a data classification and grading directory, data anonymization rules, and an access control list; the privacy perturbation gradient set includes a gradient update matrix, a gradient pruning threshold, and Gaussian noise variance; the node contribution vector table includes data distribution divergence, local training loss, and network bandwidth capacity; the federated aggregation encryption parameter set includes a homomorphic encryption key, a protocol communication public key, and a mask generation seed; and the privacy feedback index table includes physical device addresses, model version labels, and communication transmission ports.

[0008] As a further aspect of the present invention, the specific steps of S1 are as follows: S101: Collect raw information data generated by the network node environment on the distributed big data terminal, define the source block, extract the boundary routing control variables, parse the addressing code, calculate the Euclidean distance between the addressing code feature vector and the boundary routing control variable feature vector as the feature span, remove entries that exceed the preset span benchmark, and establish a partition sequence. S102: Call the partition sequence, extract the organization code, read the local mapping table to obtain the privacy rating, read the field category, calculate the access threshold according to the proportional rule between the privacy rating and the weight value corresponding to the field category, construct the mapping relationship between the access threshold and the field category, organize and associate key-value pairs, and obtain the attribute matrix; S103: For the attribute matrix, parse the noise ratio bound to the access threshold, calculate the expected mutation based on the authorized public data, substitute the product of the expected mutation and the noise ratio into the differential privacy measurement model to calculate the sensitivity coefficient, collect the field categories and sensitivity coefficients, sort them in descending order of sensitivity coefficients and write them into the data storage file to generate a privacy identifier dataset.

[0009] As a further aspect of the present invention, the specific steps of S2 are as follows: S201: Call the privacy identifier dataset to extract sample feature data to initialize network weights, input the forward propagation of the perceptual network to output the predicted value, combine the deviation between the predicted value and the real label into the loss function to calculate the local weight partial derivatives, and sum the local weight partial derivatives to establish the initial gradient tensor. S202: Extract the corresponding privacy sensitivity coefficients based on the privacy identifier dataset, calculate the product of the privacy sensitivity coefficients and the preset scaling coefficients to set the distribution variance, traverse the preset probability distribution table according to the distribution variance to extract discrete perturbation values, and arrange the discrete perturbation values ​​in the same dimension as the initial gradient tensor to fill the array to generate a perturbation noise matrix. S203: Extract the structural dimension components within the initial gradient tensor, add them to the discrete perturbation values ​​at the corresponding positions of the perturbation noise matrix to obtain the superposition result, compare the superposition result with the preset pruning limit value, truncate the excess part, aggregate the truncated structural dimension components to reorganize the parameter gradient shape, and generate a privacy perturbation gradient set.

[0010] As a further aspect of the present invention, the preset clipping limit value is determined based on the statistical distribution range of the structural dimension components within the initial gradient tensor. By extracting the upper and lower bounds of the numerical values ​​of the structural dimension components in the initial gradient tensor, and combining them with a preset scaling factor to linearly scale the upper and lower bounds, a symmetrical or asymmetrical numerical interval boundary is formed, and then the numerical interval boundary is set as the preset clipping limit value.

[0011] As a further aspect of the present invention, the specific steps of S3 are as follows: S301: Call the privacy perturbation gradient set, extract the historical periodic gradient vector of the node, calculate the Euclidean distance between the current periodic gradient vector and the historical periodic gradient vector and set the rate of change in combination with the time period ratio, count the mean component of the historical periodic gradient vector, calculate the divergence difference between the current periodic gradient vector and the mean component and set the deviation variance, aggregate the rate of change and the deviation variance, and establish the gradient time series variance matrix. S302: Based on the gradient time series variance matrix, extract the node deviation variance and compare it with the boundary values ​​of each interval of the preset level division boundary set, locate the numerical interval to which the deviation variance belongs, extract the numerical interval mapping level label and assign it to the node, associate the node label with the level label, and generate the contribution level evaluation sequence. S303: For the contribution level evaluation sequence, extract the node labels and level labels, call the gradient time series variance matrix to extract the node change rate, combine the node labels, level labels and change rates to construct node feature vectors, arrange the node feature vectors in ascending order of node labels, and establish a node contribution vector table.

[0012] As a further aspect of the present invention, the specific steps of S4 are as follows: S401: Call the node contribution vector table and the privacy perturbation gradient set, extract the weight values ​​corresponding to the level labels, read the gradient values ​​inside the privacy perturbation gradient set, calculate the product of the weight values ​​and the gradient values ​​to construct a weighted gradient term, accumulate the weighted gradient terms of the same dimension along the column direction, and establish a global gradient vector. S402: Multiply the global gradient vector with the preset encrypted public key matrix to obtain the encrypted gradient sequence, calculate the ratio of the discreteness of the encrypted gradient sequence to the preset privacy budget upper limit to set the decay scale, call the node contribution vector table to extract the mapped node privacy weights based on the level label, multiply the node privacy weights with the decay scale to perform numerical truncation, and generate a node constraint weight set. S403: For the node constraint weight set, extract the restricted weight elements, call the dense gradient sequence to extract the associated encrypted gradient terms, concatenate the restricted weight elements and associated encrypted gradient terms according to the node labels to construct a parameter structure, perform serialization and rearrangement on the aggregated parameter structure, and obtain the federated aggregated encrypted parameter set.

[0013] As a further aspect of the present invention, the specific steps of S5 are as follows: S501: Call the federated aggregation encryption parameter set and the global gradient vector, extract the internal encryption discrete terms, read the preset private key to decrypt and obtain the plaintext weights, combine the plaintext weights and the global gradient vector to determine the superposition increment, read the historical model parameters, use the superposition increment to perform numerical iteration on the historical model parameters, and generate a global update parameter matrix. S502: Based on the global update parameter matrix, extract parameter feature bits, read the confusion matrix, calculate the product of parameter feature bits and confusion matrix to output a garbled sequence, truncate and split it into data fragments according to preset bytes, extract communication addresses, associate data fragments with communication addresses to encapsulate transmission headers and allocate channel frequency bands, and establish a dense state backhaul data stream. S503: For the encrypted return data stream, parse the transmission header to extract the communication address, retrieve the matching node number from the registry, obtain the privacy attributes of the network node, extract the associated privacy rating label, construct key-value pairs of communication address, node number and privacy rating label, arrange them in ascending order of node number to fill the grid, and generate a privacy feedback index table.

[0014] As a further aspect of the present invention, the extraction of internal encrypted discrete terms refers to segmenting the global gradient vector according to the preset quantization precision in the federated aggregation encryption parameter set, and selecting discrete sampling points in each segment to form internal encrypted discrete terms. Reading the preset private key to decrypt and obtain plaintext weights refers to using the homomorphic decryption rule corresponding to the federated aggregation encryption parameter set to restore the internal encrypted discrete terms one by one to obtain a fixed-length numerical sequence.

[0015] A data collection system based on federated learning that protects privacy and collects big data includes: The privacy attribute quantification module collects raw information data generated by the distributed big data terminal in partitions through information collection nodes, marks data attributes according to the privacy constraint level of the institution to which the node belongs, calculates the privacy sensitivity coefficient of each type of data using a differential privacy measurement model, and generates a privacy label dataset. The local gradient perturbation module calls the privacy identifier dataset, constructs a local model within the information collection node and performs parameter training, calculates the node gradient vector through the gradient perturbation mechanism, adjusts the gradient perturbation intensity according to the privacy sensitivity coefficient, and generates a privacy perturbation gradient set. The terminal reputation assessment module calls the privacy perturbation gradient set, calculates the rate of change and deviation variance of the gradient vector of each node, distinguishes the information contribution level of the node based on the deviation variance, and constructs a node contribution vector table. The federated encrypted aggregation module, based on the node contribution vector table and the privacy perturbation gradient set, uses a secure aggregation algorithm to perform weighted aggregation of gradient information to obtain a global gradient vector. During the aggregation process, encryption parameters are calculated, and node privacy weights are constrained to generate a federated aggregation encrypted parameter set that meets the preset privacy budget range. The model parameter distribution module calls the federated aggregated encrypted parameter set and the global gradient vector to update the global model parameters, and sends back the updated parameters through an encrypted communication channel, and constructs a privacy feedback index table based on the node privacy attributes.

[0016] Compared with the prior art, the advantages and positive effects of the present invention are as follows: In this invention, differential sensitivity coefficients are generated at the terminal stage based on the quantification of data attributes according to the node constraint level. During the parameter training stage, the sensitivity coefficients are directly used to adaptively control the gradient perturbation limit instead of the crude cutting off of the original feature fields. This maintains the hidden correlation distribution of the underlying samples to completely block the security collapse caused by the aggregation of plaintext data by a single node. Gradient changes and spatial deviation variance are calculated simultaneously to construct a multi-node contribution evaluation system and perform dense-state weighted aggregation. The contribution weights of heterogeneous terminals are balanced to correct the deviation of the joint evolution direction of the federated model. Dynamically encrypted parameters are assimilated and injected into the global iterative sequence to establish an end-to-end lossless communication defense line to resist external traffic fragmentation and eavesdropping. Attached Figure Description

[0017] To more clearly illustrate the technical solutions in the embodiments of the present invention, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the accompanying drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on the accompanying drawings without creative effort.

[0018] Figure 1 This is a schematic diagram of the steps of the present invention; Figure 2 This is a detailed schematic diagram of S1 of the present invention; Figure 3 This is a detailed schematic diagram of S2 of the present invention; Figure 4 This is a detailed schematic diagram of S3 of the present invention; Figure 5 This is a detailed schematic diagram of S4 of the present invention; Figure 6 This is a detailed schematic diagram of S5 of the present invention; Figure 7 This is a system module diagram of the present invention. Detailed Implementation

[0019] The technical solution of the present invention will now be described with reference to the accompanying drawings.

[0020] To make the technical problems, technical solutions and advantages of the present invention clearer, a detailed description will be given below in conjunction with the accompanying drawings and specific embodiments.

[0021] Please see Figure 1 This invention provides a method for privacy-preserving data collection based on federated learning, comprising the following steps: S1: Collect raw information data generated by the distributed big data terminal through information collection nodes, label data attributes according to the privacy constraint level of the institution to which the node belongs, calculate the privacy sensitivity coefficient of each type of data using a differential privacy measurement model, and generate a privacy label dataset; S2: Call the privacy identifier dataset, build a local model within the information collection node and perform parameter training, calculate the node gradient vector through the gradient perturbation mechanism, adjust the gradient perturbation intensity according to the privacy sensitivity coefficient, and generate a privacy perturbation gradient set; S3: Call the privacy perturbation gradient set, calculate the rate of change and deviation variance of the gradient vector of each node, distinguish the information contribution level of the node based on the deviation variance, and construct the node contribution vector table. S4: Based on the node contribution vector table and the privacy perturbation gradient set, a secure aggregation algorithm is used to weighted aggregate the gradient information to obtain the global gradient vector. During the aggregation process, encryption parameters are calculated and the node privacy weights are constrained to generate a federated aggregation encryption parameter set that meets the preset privacy budget range. S5: The global model parameters are updated by calling the federated aggregation encrypted parameter set and global gradient vector, and the updated parameters are sent back through the encrypted communication channel. A privacy feedback index table is built based on the node privacy attributes.

[0022] The privacy-identifying dataset includes a data classification and grading directory, data anonymization rules, and access control lists. The privacy perturbation gradient set includes gradient update matrices, gradient clipping thresholds, and Gaussian noise variance. The node contribution vector table includes data distribution divergence, local training loss, and network bandwidth capacity. The federated aggregation encryption parameter set includes homomorphic encryption keys, protocol communication public keys, and mask generation seeds. The privacy feedback index table includes physical device addresses, model version labels, and communication transmission ports.

[0023] Please see Figure 2 The specific steps of S1 are as follows: S101: Collect raw information data generated by the network node environment on the distributed big data terminal, define the source block, extract the boundary routing control variables, parse the addressing code, calculate the Euclidean distance between the addressing code feature vector and the boundary routing control variable feature vector as the feature span, remove entries that exceed the preset span benchmark, and establish a partition sequence. 1000 structured raw transaction data entries are retrieved from the distributed database node interface of the financial institution. This structured raw transaction data consists of fund transfer logs generated by each node within the past 24 hours. For each fund transfer log entry, a string parsing operation is performed to define the boundary routing control variables. Specifically, the gateway access control list code identifying the routing level is extracted from the fund transfer log header, converted into a 64-bit binary sequence, and then grouped into eight decimal values ​​in groups of eight bits each. The sum of these values ​​yields the boundary routing control value representing the boundary routing status, which serves as the boundary routing control variable. The system reads the Media Access Control (MAC) address string from the sending device in the fund transfer log as the addressing code. This MAC address string is then converted to decimal values ​​in 8-bit increments and summed to obtain the addressing base. The difference between this addressing base and the boundary routing control (BDR) value is calculated, the difference is squared, and the square root is taken to calculate the Euclidean distance between the addressing code feature vector and the BDR variable feature vector. This distance is used as the feature span. For example, if the BDR value obtained by summing the 8 decimal values ​​after the gateway access control list encoding is 150, the sending device's media access control (MAC) address string is considered to be 150. When the addressing base obtained by summing the converted control addresses is 120, the difference between the two is -30. Squaring this value yields 900, and then performing a square root operation gives the characteristic span of this fund transfer record as 30. This process is repeated for all fund transfer records to obtain the characteristic span of each record. A preset span benchmark is then introduced. This benchmark is set based on the statistical distribution of characteristic spans over 50,000 stable communication network events within the past 30 days. The benchmark is determined by sorting the characteristic spans of these 50,000 stable communications in ascending order and selecting the 95th percentile value. After multiple verifications, the preset span benchmark is... The span benchmark is set to 45. The characteristic span calculated for each fund transfer record log is directly compared with the preset span benchmark of 45. When the characteristic span of a log exceeds the preset span benchmark of 45, it is determined that the location of the log's source block deviates from the boundary of the regular routing communication area. Then, the entries that exceed the preset span benchmark are directly removed. After comparison and removal, 850 log entries with characteristic spans not exceeding 45 remain. These log entries are arranged and spliced ​​one by one in chronological order according to the initial collection timestamp of the remaining log entries, thereby establishing a partition sequence containing the original node information that has been verified for compliance with geographical and network topology boundaries.

[0024] S102: Call the partition sequence, extract the institution code, read the local mapping table to obtain the privacy rating, read the field category, calculate the access threshold according to the proportional rule between the privacy rating and the weight value corresponding to the field category, construct the mapping relationship between the access threshold and the field category, organize and associate key-value pairs, and obtain the attribute matrix; The previously established partition sequence is retrieved, and each verified and compliant log entry is read and parsed according to a predetermined character delimiter. The string combination located at the 3rd to 6th byte positions is extracted as the institution code. By accessing the credit rating mapping table pre-stored in the local distributed storage system, the aforementioned institution code is used as the primary key to perform a line-by-line search and matching. When a matching is successfully performed on the row containing the corresponding institution code, the privacy rating value recorded in the second column of that row is read. The quantification process for this privacy rating value is based on the ratio of the number of data breach security incidents that have occurred to each institution in the past 5 years to the corresponding total amount of data assets, divided into 5 consecutive integer levels from low to high, from 1 to 5. The higher the value, the more stringent the privacy protection requirements. On this basis, the field category at a specific offset position of the log entry is read. For example, if the field category is read as "user transaction amount", the access threshold is then calculated according to the proportional rule between the previously read privacy rating and the weight value corresponding to the field category. The specific calculation logic is to retrieve the pre-set basic threshold constant, and... The initial threshold is obtained by directly multiplying the basic threshold constant with the privacy rating value. Then, the inherent sensitivity score based on the field category is added to obtain the final access threshold value. For example, when the basic threshold constant is set to 10 and the inherent sensitivity score is preset to 20 by expert scoring, if the privacy rating value of an institution is read as 3, the basic threshold constant 10 is multiplied by the privacy rating value 3 to obtain the initial threshold 30. On this basis, the inherent sensitivity score 20 is added to obtain the corresponding access threshold of 50. A one-to-one mapping relationship is established between the access thresholds calculated above and the corresponding field categories, and they are converted into a key-value pair format with a data association structure. That is, the field category is used as the search key and the access threshold value is used as the corresponding data value. Multiple key-value pairs corresponding to the same log entry are merged and associated. Finally, all the key-value pairs in the above 850 records are filled into a two-dimensional array according to the structure of row corresponding to log entry and column corresponding to field category, so as to obtain the attribute matrix representing the privacy control parameters of the full collection data.

[0025] Table 1: Institutional Privacy Control Parameter Configuration Table

[0026] Table 1 lists examples of privacy ratings and corresponding calculated access thresholds for different organizations, which can provide a basic reference for the subsequent correlation of noise ratio.

[0027] S103: For the attribute matrix, parse the noise ratio bound to the access threshold, calculate the expected mutation based on the authorized public data, substitute the product of the expected mutation and the noise ratio into the differential privacy measurement model to calculate the sensitivity coefficient, collect the field categories and sensitivity coefficients, sort them in descending order of sensitivity coefficients and write them into the data storage file to generate a privacy identifier dataset. From the previously generated attribute matrix, each key-value pair consisting of a field category and an access threshold is extracted row by row. The access threshold value is then extracted and converted into a noise level ratio according to a pre-defined ladder matching rule. This rule divides the access threshold value into multiple intervals: a noise level ratio of 5% for access threshold values ​​between 10 and 30, 10% for values ​​between 31 and 60, and 15% for values ​​between 61 and 100. This rule is used to parse out the specific noise level ratio bound to the current access threshold. Then, the historical data is retrieved. For 5000 authorized public data entries of the same field category that have been verified and publicly released by Fang Security Review, the arithmetic mean of the numerical sequences of these 5000 authorized public data entries is calculated. Then, the difference between each individual data value and the arithmetic mean is calculated, the squares of each difference are summed, and then divided by the total number of authorized public data entries to calculate the expected variation, which characterizes the inherent fluctuation characteristics of this data category. Subsequently, a globally set privacy budget parameter within the measurement model is extracted. This parameter measures the maximum privacy leakage tolerance allowed by the entire system; it is preset to 0.5 here. The calculated expected variation is then applied to the previously parsed noise addition ratio. The direct multiplication operation is used, and the product is taken as the global sensitivity for the data. Finally, this global sensitivity is divided by the privacy budget parameter 0.5, and then substituted into the Laplace scalar calculation formula of the differential privacy measurement model for quantification. This yields a sensitivity coefficient characterizing the required protection strength for the current data against privacy inference attacks. For example, when the expected mutation for a user transaction amount is 400, and this field is parsed and bound to a 10% noise addition ratio based on an access threshold of 50, then multiplying the expected mutation of 400 by the noise addition ratio of 10% yields a sensitivity of 40. Dividing this by the privacy budget parameter 0.5 yields the sensitivity coefficient. 80. After completing the calculations for all field categories, the respective field category strings and their corresponding sensitivity coefficients are extracted and grouped. Using the bubble sort algorithm, with the sensitivity coefficients as the comparison objects, all combinations are compared pairwise from largest to smallest and their positions are swapped until the overall sequence is in a strictly descending order of sensitivity coefficients. Finally, according to this descending order, the above field categories and sensitivity coefficients are written one by one into a local data storage file at a specified path, and a file creation timestamp and total data volume identifier are added to the file header. This generates and archives a privacy-identifying dataset with differentiated protection guidance information.

[0028] Please see Figure 3 The specific steps of S2 are as follows: S201: Call the privacy label dataset to extract sample feature data to initialize network weights, input the perceptual network forward propagation to output the predicted value, combine the deviation between the predicted value and the real label into the loss function to calculate the local weight partial derivatives, and sum the local weight partial derivatives to establish the initial gradient tensor. The feature variables contained in each record of the aforementioned privacy-identifying dataset are extracted as sample feature data. The weight parameters of the multilayer perceptron (MLP) are initialized based on the dimensionality of the sample feature data. The MLP contains one input layer with the same number of neurons as the sample feature data (128 dimensions), two hidden layers (256 neurons in the first hidden layer and 64 neurons in the second hidden layer), and one output layer with a single neuron for outputting continuous predicted values. Fully connected logic is used between layers, meaning each neuron in the previous layer is connected to each neuron in the next layer by weights. The modified linear unit activation function (MLU) is used in both hidden layers to reset all negative inputs to 0, introducing non-linear features. The extracted sample feature data is then input to the input layer of the MLP, and the data propagates forward along each layer and weight connection. The nonlinear mapping calculation of the linear unit activation function is corrected, and the output layer outputs a single predicted value. Then, the manual labeled real label value corresponding to each sample feature data is retrieved. The difference between the output predicted value and the real label value is calculated to obtain the deviation value. This deviation value is substituted into the mean squared error loss function, that is, the deviation value is squared and then divided by the total number of 256 samples in the batch, so as to quantify the current prediction error of the network. Then, according to the chain rule, the partial derivative of the loss value with respect to each local weight parameter is calculated layer by layer from the loss function end to the input end, so as to obtain the local weight partial derivative reflecting the update direction of a single parameter. Finally, all the local weight partial derivatives in the network are traversed and summed and combined according to the corresponding hierarchical order and neuron connection index, and stacked into a multidimensional tensor form that is completely aligned with the original weight structure of the multilayer perceptron, thereby establishing the initial gradient tensor for subsequent iterative optimization.

[0029] S202: Extract the corresponding privacy sensitivity coefficients from the privacy identifier dataset, calculate the product of the privacy sensitivity coefficients and the preset scaling coefficients to set the distribution variance, traverse the preset probability distribution table according to the distribution variance to extract discrete perturbation values, and arrange the discrete perturbation values ​​in the same dimension as the initial gradient tensor to fill the array and generate a perturbation noise matrix. The initial gradient tensor generated by the aforementioned process is retrieved, and the locally stored privacy identifier dataset is accessed in parallel. Privacy-sensitive coefficients, used to calibrate the required protection level for the current network update, are extracted at corresponding positions. A numerical multiplication operation is performed, and the extracted privacy-sensitive coefficients are multiplied by a pre-set scaling factor. This sets the distribution variance that determines the noise coverage range. The process of setting this pre-set scaling factor involves injecting different levels of baseline noise into 50 groups of gradient tensors of different dimensions in an offline testing environment. The minimum noise product factor corresponding to a privacy leakage risk of less than 1% is statistically analyzed. After multiple experimental verifications, this pre-set scaling factor is set to a fixed 1.5. For example, when the aforementioned extracted privacy-sensitive coefficient is 40, it is multiplied by the pre-set scaling factor 1.5 to calculate the current... The required distribution variance is 60. Based on this calculated variance, a discretized Laplace probability distribution table is established. A random number generation algorithm is used to perform multiple independent traversals and extractions within the value range of this Laplace probability distribution table, according to the corresponding probability density, to obtain a series of randomly fluctuating discrete perturbation values. Then, based on the specific structural parameters of the weights corresponding to each level within the initial gradient tensor, the number of rows and columns of each level are statistically analyzed to obtain information of equal dimensions. The extracted discrete perturbation values ​​are then strictly arranged in a matrix according to the statistically obtained number of rows and columns, ensuring that each discrete perturbation value can find a unique position coordinate in the multidimensional grid. After sequentially filling all array elements, a perturbation noise matrix that is completely consistent with the shape and structure of the initial gradient tensor is finally generated. The advantage of this operational logic is that by multiplying the privacy sensitivity coefficient by a rigorously experimentally verified scaling coefficient to set the distribution variance, the final injected discrete perturbation values ​​can adaptively match the inherent sensitivity attributes of different types of data.

[0030] S203: Extract the structural dimension components within the initial gradient tensor, add them to the discrete perturbation values ​​at the corresponding positions of the perturbation noise matrix to obtain the superposition result, compare the superposition result with the preset clipping limit value, truncate the excess part, aggregate the truncated structural dimension components to reorganize the parameter gradient shape, and generate a privacy perturbation gradient set. The process iterates through the constructed initial gradient tensor, extracting the structural dimension components at each level within it. Simultaneously, it reads the discrete perturbation values ​​corresponding to the same coordinates in the generated perturbation noise matrix. The extracted structural dimension components are then directly added to these discrete perturbation values ​​to obtain a superposition result containing noise interference information. Subsequently, a preset clipping limit value is calculated to restrict the update amplitude. This preset clipping limit value is calculated based on the statistical distribution range analysis of all structural dimension components within the initial gradient tensor. Specifically, all component values ​​within the tensor are statistically analyzed, and the largest value is selected as the upper bound and the smallest value as the lower bound. The obtained upper and lower bounds are then linearly scaled by multiplying them by a preset scaling factor. In the experimental environment, to ensure that 90% of the gradient update information is retained, the preset scaling factor is set to 0.8 after repeated adjustments and comparisons. For example, when the statistically obtained upper bound is 5... When the lower bound of the value is -5, it is multiplied by the preset scaling factor 0.8 to calculate the upper limit of the numerical interval boundary as 4 and the lower limit as -4, thus forming a symmetrical numerical interval boundary. The calculated upper limit of 4 and the lower limit of -4 are set as the preset pruning limit value. Then, each superposition result containing noise information is compared with the preset pruning limit value. When it is determined that a superposition result is greater than the upper limit of 4, the superposition result is forcibly truncated and modified to 4. When it is determined that a superposition result is less than the lower limit of -4, the superposition result is forcibly truncated and modified to -4. For superposition results within the numerical interval, the original value remains unchanged. After completing the pruning operation for all elements, all processed truncated structural dimension components are re-aggregated and spliced ​​according to their hierarchy and connection relationship in the original network to restore the original tensor multidimensional structure and reorganize the parameter gradient shape. Finally, a privacy perturbation gradient set with both privacy protection and stable update constraints is generated.

[0031] Please see Figure 4 The specific steps of S3 are as follows: S301: Call the privacy perturbation gradient set, extract the historical periodic gradient vector of the node, calculate the Euclidean distance between the current periodic gradient vector and the historical periodic gradient vector and set the rate of change in combination with the time period ratio, count the mean component of the historical periodic gradient vector, calculate the divergence difference between the current periodic gradient vector and the mean component and set the deviation variance, aggregate the rate of change and the deviation variance, and establish the gradient time series variance matrix. The previously generated privacy perturbation gradient set is used as the parameter basis for the current period. Simultaneously, the local node storage log is accessed to extract the node's historical period gradient vector stored in the most recent historical update period. For these two gradient vectors located in different time dimensions, the difference operation is performed on each element at corresponding positions. All differences are squared, summed, and then the square root operation is performed on the sum to calculate the Euclidean distance between the two gradient vectors in multidimensional space. This Euclidean distance value, combined with the time period ratio, is set as the rate of change characterizing the drastic nature of model evolution. Next, the extracted node historical period gradient vector is traversed, and the values ​​of all elements are summed and divided by the total number of elements in the vector to calculate the mean component of the historical period gradient vector. Finally, all elements in the current period gradient vector are again... The average value is calculated, and then the difference between this average and the previously calculated mean component is taken. To eliminate the influence of the sign, the absolute value of the difference is taken as the divergence difference. This divergence difference is set as the variance of the deviation of the node training data from the global distribution. For example, when the average gradient vector of the current period is calculated to be 2.5 and the average component of the gradient vector of the historical period is 1.5, the result of the difference and the absolute value is 1, that is, the variance of the deviation is set to 1. Next, the previously calculated rate of change value and variance of the deviation are extracted. These two scalars, which represent the temporal evolution characteristics and data distribution characteristics of the model, are combined into a two-dimensional data pair and aggregated. The two-dimensional data pairs obtained from the aggregation of each node are filled and arranged in order according to the node label, thereby establishing a gradient temporal variance matrix that can comprehensively reflect the dynamic training state of each network node. The advantage of this operation logic is that by integrating the rate of change and the absolute value of the divergence variance set by the Euclidean distance and the time period ratio, the magnitude change and directional shift characteristics of the gradient are captured simultaneously under a unified data structure.

[0032] S302: Based on the gradient time series variance matrix, extract the node deviation variance and compare it with the boundary values ​​of each interval of the preset level division boundary set to locate the numerical interval to which the deviation variance belongs, extract the numerical interval mapping level label to be assigned to the node, associate the node label with the level label, and generate the contribution level evaluation sequence. The previously established gradient time-series variance matrix is ​​retrieved, and the deviation variance value of the corresponding node is extracted row by row according to the node sequence number. Simultaneously, this deviation variance value is compared with the boundary values ​​of each interval within a pre-determined set of preset level division boundaries. This preset level division boundary set is established by fitting a normal distribution to the normal deviation variance of 1000 historical nodes, extracting the 30%, 60%, and 90% cumulative probability quantiles, respectively, and dividing the data into four numerical intervals. For example, when the extracted deviation variance value of a certain node is 1.2, and the upper limit of the first interval is 0.5, the upper limit of the second interval is 1.0, and the upper limit of the third interval is 1.5, 1.2 is compared with 0.5, 1.0, and 1.5 respectively. Since 1.2 is greater than 1.0 and less than 1.5, This allows for the precise identification of the variance belonging to the third numerical interval. After interval positioning, a numerical identifier for quantifying contribution is pre-configured for each numerical interval: interval 1 corresponds to label 4, interval 2 to label 3, interval 3 to label 2, and interval 4 to label 1. Based on this logic, the level label 2 mapped to the third numerical interval is extracted and assigned to the corresponding node. Subsequently, the unique communication sequence number of the node is extracted as the node label. The extracted node label is merged with the newly assigned level label 2 to form a corresponding association record. Following this logic, the extraction, comparison, positioning, and assignment process is sequentially performed on all nodes. Finally, the association records of all nodes are written row by row into a one-dimensional linear table, thereby generating a contribution level evaluation sequence for subsequent weighted aggregation guidance.

[0033] Table 2: Node Deviation Assessment and Level Configuration Table

[0034] Table 2 lists the specific upper and lower limits for determining the interval affiliation of node deviation variance, as well as the corresponding mapping level label configuration.

[0035] S303: For the contribution level evaluation sequence, extract the node label and level label, call the gradient time series variance matrix to extract the node change rate, combine the node label, level label and change rate to construct the node feature vector, arrange the node feature vectors in ascending order of node label, and establish a node contribution vector table. A traversal query operation is performed on the aforementioned contribution level evaluation sequence. Each record entry is extracted row-by-row, containing the node label and its corresponding level label. After obtaining these two parameters, the extracted node label is used as the retrieval credential to call the previously established gradient time-series variance matrix. This matrix precisely retrieves and extracts the node change rate value associated with the current node label. Subsequently, the obtained node label is used as the first dimension, the corresponding level label as the second dimension, and the extracted node change rate value as the third dimension. Array concatenation is used to tightly combine these three indicators, thereby constructing a 1D node feature vector that comprehensively reflects a single node's network identity, evaluation quality, and update dynamics. For example, targeting... For a given node with node number 105, corresponding level number 2, and extracted rate of change value of 0.8, the resulting node feature vector is represented as 105, 2, and 0.8. After constructing the feature vectors for all participating nodes in the network, the first dimension of all node feature vectors, i.e., the node number, is extracted as the sorting key. A fast sorting algorithm is then used to compare and swap the sizes of all feature vector sets until all node feature vectors are arranged in ascending order according to their node numbers in the storage space. Finally, all the neatly arranged node feature vectors are written row by row into a designated data table in the database, thus establishing a standardized and easily queried node contribution vector table. The advantage of this operational logic is that by combining node identity, discrete evaluation level, and continuous rate of change to construct a three-dimensional feature vector, it provides the federated aggregation end with a multi-dimensional and fine-grained basis for characterizing node states.

[0036] Please see Figure 5 The specific steps of S4 are as follows: S401: Call the node contribution vector table and the privacy perturbation gradient set, extract the weight values ​​corresponding to the level labels, read the gradient values ​​inside the privacy perturbation gradient set, calculate the product of the weight values ​​and the gradient values ​​to construct a weighted gradient term, accumulate the weighted gradient terms of the same dimension along the column direction, and establish a global gradient vector. The system retrieves the previously established node contribution vector table and the locally cached privacy perturbation gradient set from the local database. Using a loop, it sequentially reads each row of data in the node contribution vector table, extracting the level label corresponding to each node. This level label is then used directly as a weight value representing the importance of aggregation. Simultaneously, using the node label corresponding to that row, it precisely retrieves and reads the internal gradient values ​​of each dimension belonging to that specific node within the privacy perturbation gradient set. Next, it performs a product operation on the extracted parameters, multiplying the weight value of a single node by the internal gradient value of each corresponding dimension. This amplifies or reduces the influence of each gradient dimension. Through this multiplication operation, a series of weighted gradient terms are constructed for all parameter dimensions of that node. For example, when the level label of a certain node is read... When the weight value is 3, and the first dimension of its internal gradient value is 1.2 and the second dimension is -0.5, 3 is multiplied by 1.2 and -0.5 respectively to calculate the weighted gradient term of the node with the first dimension of 3.6 and the second dimension of -1.5. After completing the weighted calculation of all nodes participating in the federated update, a global accumulation array with the same initial value of 0 as the internal gradient dimension is established. Then, the weighted gradient terms generated by all nodes are traversed, and the weighted gradient terms belonging to the same dimension position are accumulated along the column direction, that is, across nodes. The weighted gradient terms of different nodes in the same dimension are added and updated to the corresponding position of the global accumulation array. When the weighted gradient terms of all nodes have been accumulated, the accumulation array is established as the global gradient vector representing the trend of this global parameter update.

[0037] S402: Multiply the global gradient vector with the preset encrypted public key matrix to obtain the encrypted gradient sequence, calculate the ratio of the discreteness of the encrypted gradient sequence to the preset privacy budget upper limit to set the decay scale, call the node contribution vector table to extract the mapped node privacy weights based on the level label, multiply the node privacy weights with the decay scale to perform numerical truncation, and generate the node constraint weight set. The previously established global gradient vector is retrieved and treated as a one-dimensional matrix, inputting it into the encryption operation. A pre-generated encrypted public key matrix containing large prime number products, generated in the security authentication center, is read. Using matrix multiplication rules from linear algebra, the row elements of the global gradient vector are multiplied one-to-one with the column elements of the pre-generated encrypted public key matrix, and the results are summed. This multiplication operation of the fully homomorphic encryption mechanism yields a cryptographic gradient sequence protected by information obfuscation. Next, the difference between the maximum and minimum values ​​of all elements within this cryptographic gradient sequence is calculated. This difference is used to set the discreteness of the cryptographic gradient sequence, characterizing the fluctuation range of the encrypted data. Finally, a pre-set privacy budget upper limit value is invoked, which, according to the federated learning protocol, allows disclosure within 100 communications. The maximum information content quantization value is set to 15 here. The calculated dispersion is divided by the preset privacy budget upper limit of 15. The ratio result is used to set the decay scale used to limit extreme weights. For example, when the calculated dispersion is 12 and the privacy budget upper limit is 15, the ratio result is the decay scale of 0.8. Then, the node privacy weights mapped based on the level label are extracted from the aforementioned node contribution vector table. The extracted node privacy weights are multiplied by the decay scale of 0.8 just calculated. The product result is truncated, that is, the extra digits after the decimal point are removed and only two decimal places are retained. The final set of values ​​is saved through this truncation process to generate the node constraint weight set used to constrain the scale of subsequent communication.

[0038] S403: For the node constraint weight set, extract the restricted weight elements, call the dense gradient sequence to extract the associated encrypted gradient terms, concatenate the restricted weight elements and associated encrypted gradient terms according to the node labels to construct a parameter structure, perform serialization and rearrangement on the aggregated parameter structure, and obtain the federated aggregated encrypted parameter set. The process iterates through the node constraint weight set generated in the preceding steps, reading the truncated values ​​one by one and extracting them as restricted weight elements. Simultaneously, based on the node communication sequence number corresponding to the current processing node, the previously generated dense gradient sequence is invoked. The associated encrypted gradient term uniquely bound to that sequence number is precisely matched and extracted. After obtaining these two types of key data, a new contiguous memory space is established. The node label is placed at the beginning of the memory space, followed by the extracted restricted weight elements appended after the node label. Finally, the associated encrypted gradient term is appended after the restricted weight elements. Through this method of displacement and appending within a contiguous memory space, the three terms are appended according to the node label. Data is tightly concatenated to construct a composite parameter structure containing identity, weight, and encryption information. After concatenating all nodes and generating corresponding parameter structures, these parameter structures are aggregated and introduced into a data reassembly buffer. Following the federated communication protocol standard, serialization and rearrangement are performed on all parameter structures. Specifically, the data format within the composite parameter structure is uniformly converted to a byte stream, and then reassembled sequentially based on the generation timestamps of each parameter structure, eliminating the discrete storage fragments originally in the buffer. Finally, through this conversion and rearrangement, a federated aggregated encrypted parameter set suitable for stable direct transmission over a wide area network is obtained. The advantage of this operational logic is that by concatenating restricted weight elements and associated encryption gradient terms in memory and rearranging them into byte streams according to their labels, the assembly and deserialization efficiency of encrypted data in the federated network is greatly improved.

[0039] Please see Figure 6 The specific steps of S5 are as follows: S501: Call the federated aggregation encrypted parameter set and global gradient vector, extract the internal encrypted discrete terms, read the preset private key to decrypt and obtain the plaintext weights, combine the plaintext weights and global gradient vectors to determine the superposition increment, read the historical model parameters, use the superposition increment to perform numerical iteration on the historical model parameters, and generate a global update parameter matrix. The aforementioned federated aggregation encryption parameter set and the global gradient vector it carries are retrieved from the receiver's buffer. Internal encryption discrete terms distributed within this parameter set are extracted. A piecewise mapping operation is performed on the global gradient vector according to the preset quantization precision in the federated aggregation encryption parameter set, dividing the continuous gradient value space into multiple equal-length sub-intervals. A constant at the center of each sub-interval is selected as a discrete sampling point, thus forming a series of internal encryption discrete terms. Subsequently, a preset private key stored in the security chip is read, and a homomorphic decryption rule, the inverse of the aforementioned public key encryption process, is used to perform a step-by-step restoration operation on the internal encryption discrete terms. Encryption confusion factors are eliminated through modular inverse operations, ultimately obtaining a fixed-length numerical sequence with the encrypted state removed as plaintext weights. Then, the corresponding elements in the restored plaintext weights are compared with the global gradient vector... The elements in the parameters are multiplied, and the result is used to determine the superposition increment required for the current model adjustment. For example, when the decrypted plaintext weight element is 0.5 and the corresponding value of the global gradient vector is 0.4, multiplying them together yields a superposition increment of 0.2. Then, the local model repository is accessed to read the historical model parameter values ​​saved at the end of the previous iteration cycle. The superposition increment just calculated is directly added to the historical model parameter values ​​to perform numerical iteration operations on the historical model parameters using the superposition increment. When the historical model parameter is 1.5 and the superposition increment is 0.2, adding them together yields an updated parameter value of 1.7. After performing this iteration calculation on all parameter dimensions, all the updated parameters are finally recombined into a matrix structure to generate a global update parameter matrix for use in the next round of federated learning.

[0040] S502: Based on the global update parameter matrix, extract parameter feature bits, read the confusion matrix, calculate the product of parameter feature bits and confusion matrix to output scrambled sequence, truncate and split according to preset bytes to form data fragments, extract communication addresses, associate data fragments with communication addresses to encapsulate transmission headers and allocate channel frequency bands, and establish a dense state backhaul data stream. The previously generated global update parameter matrix is ​​retrieved, and the most significant and least significant bits of each parameter value in the matrix are extracted using bitwise operations. These two extracted specific bits are then concatenated as parameter feature bits representing the boundary of the parameter value distribution. Simultaneously, a mathematically invertible confusion matrix with high entropy and matrix multiplication inverse is read from the local random number generator. The product of the aforementioned parameter feature bits and the invertible confusion matrix is ​​calculated using matrix multiplication rules, and a modular operation is performed within a defined Galois finite field. This outputs a sufficiently confused but logically completely reversible dense state sequence. This design based on an invertible matrix ensures that after acquiring the dense state data, the receiving terminal can perform lossless decryption and restoration by left-multiplying by the inverse of the confusion matrix, avoiding the distortion and loss of model parameters. Subsequently, the data segmentation operation is initiated, according to the pre-defined... The standard length of 1024 bytes is set, and a hard truncation operation is performed on the encrypted sequence to split the originally continuous long encrypted sequence into multiple fixed-length segments, thus forming multiple independent data fragments. Then, the configuration table is called through the network interface to extract the Internet Protocol address of the target federated node as the communication address. This communication address is logically associated with the data fragments obtained by just being truncated in the form of appending to the message header, and the data length and checksum fields are added to this header to complete the encapsulation process of the transmission header. Finally, through the underlying network radio frequency control interface, a specific wireless fidelity channel frequency band is applied to and allocated from the base station, and the data fragments with the encapsulated transmission header are pushed into the transmission queue of the frequency band, thereby establishing a dedicated encrypted backhaul data stream at the physical link level for sending updated parameters.

[0041] S503: For the encrypted return data stream, parse the transmission header to extract the communication address, search the registry to match the node number, obtain the privacy attributes of the network node, extract the associated privacy rating label, construct the key-value pair of communication address, node number and privacy rating label, arrange them in ascending order of node number to fill the grid, and generate a privacy feedback index table. The system listens to network ports and captures the previously established encrypted return data stream. It then initiates a packet analysis engine to parse the beginning of the data stream, reading and separating the encapsulated transmission header. From this header, it extracts the Internet Protocol address of the target receiving node as its communication address. Using this extracted address as the basis for querying, it performs a comparison search in the locally maintained registry of legitimate devices to precisely match the node identifier uniquely corresponding to that communication address. Upon successful matching, it sends a status query command to the node to obtain its current privacy attributes, such as memory usage and port open status. Subsequently, it retrieves the historical evaluation records bound to the node identifier and extracts a privacy rating label reflecting the node's long-term security performance. After collecting these three types of key information, the system uses the extracted communication address as the first item, the node number as the second item, and the privacy rating label as the third item. These are concatenated to construct a composite key-value pair format with a mapping relationship. To improve subsequent query efficiency, the node number is used as the sorting criterion, and an insertion sort algorithm is applied to arrange all key-value pairs in ascending order. A two-dimensional storage grid is then created, and the arranged key-value pairs are filled into the grid cells one by one from left to right and top to bottom. Once all cells are filled, the grid is output and saved to the system root directory, thus generating a privacy feedback index table to guide subsequent federated parameter distribution and monitoring. The advantage of this operational logic is that by parsing the header to extract the address and matching the label to construct key-value pairs, and then arranging them in ascending order to fill the grid, a highly efficient and compact node state tracking and retrieval architecture is achieved.

[0042] Table 3: Node Privacy Status Tracking Index Table

[0043] As shown in Table 3, an example of a grid filled with key-value pairs consisting of communication address, node number, and privacy rating label is given to visually represent the data structure of the feedback index table.

[0044] Please see Figure 7 A data privacy-preserving collection system based on federated learning includes: The privacy attribute quantification module collects raw information data generated by the distributed big data terminal in partitions through information collection nodes, marks data attributes according to the privacy constraint level of the institution to which the node belongs, calculates the privacy sensitivity coefficient of each type of data using a differential privacy measurement model, and generates a privacy label dataset. The local gradient perturbation module calls the privacy-identifying dataset, builds a local model within the information collection node and performs parameter training, calculates the node gradient vector through the gradient perturbation mechanism, adjusts the gradient perturbation intensity according to the privacy sensitivity coefficient, and generates a privacy perturbation gradient set. The terminal reputation assessment module calls the privacy perturbation gradient set, calculates the rate of change and deviation variance of the gradient vector of each node, distinguishes the information contribution level of the node based on the deviation variance, and constructs a node contribution vector table. The federated encrypted aggregation module, based on the node contribution vector table and the privacy perturbation gradient set, uses a secure aggregation algorithm to weighted aggregate the gradient information, obtain the global gradient vector, calculate encryption parameters during the aggregation process, and perform constraint calculation on the node privacy weights to generate a federated aggregation encrypted parameter set that meets the preset privacy budget range. The model parameter distribution module calls the federated aggregation encrypted parameter set and global gradient vector to update the global model parameters, and sends back the updated parameters through an encrypted communication channel, and constructs a privacy feedback index table based on the node privacy attributes.

[0045] The above description is merely a specific embodiment of the present invention, but the scope of protection of the present invention is not limited thereto. Any variations or substitutions that can be easily conceived by those skilled in the art within the technical scope disclosed in the present invention should be included within the scope of protection of the present invention. Therefore, the scope of protection of the present invention should be determined by the scope of protection of the described technical solutions.

Claims

1. A privacy-preserving data collection method for big data based on federated learning, characterized in that: Includes the following steps: S1: Collect raw information data generated by the distributed big data terminal through information collection nodes, label data attributes according to the privacy constraint level of the institution to which the node belongs, calculate the privacy sensitivity coefficient of each type of data using a differential privacy measurement model, and generate a privacy label dataset; S2: Call the privacy identifier dataset, build a local model within the information collection node and perform parameter training, calculate the node gradient vector through the gradient perturbation mechanism, adjust the gradient perturbation intensity according to the privacy sensitivity coefficient, and generate a privacy perturbation gradient set; S3: Call the privacy perturbation gradient set, calculate the rate of change and deviation variance of the gradient vector of each node, distinguish the information contribution level of the node based on the deviation variance, and construct the node contribution vector table. S4: Based on the node contribution vector table and the privacy perturbation gradient set, a secure aggregation algorithm is used to weighted aggregate the gradient information to obtain the global gradient vector. During the aggregation process, encryption parameters are calculated to constrain the node privacy weights and generate a federated aggregation encryption parameter set that meets the preset privacy budget range. S5: Invoke the federated aggregated encrypted parameter set and the global gradient vector to update the global model parameters, and send back the updated parameters through the encrypted communication channel, and construct a privacy feedback index table based on the node privacy attributes.

2. The information big data privacy protection collection method based on federated learning according to claim 1, characterized in that, The privacy-identifying dataset includes a data classification and grading directory, data anonymization rules, and access control lists. The privacy perturbation gradient set includes a gradient update matrix, gradient clipping threshold, and Gaussian noise variance. The node contribution vector table includes data distribution divergence, local training loss, and network bandwidth capacity. The federated aggregation encryption parameter set includes a homomorphic encryption key, protocol communication public key, and mask generation seed. The privacy feedback index table includes physical device address, model version label, and communication transmission port.

3. The information big data privacy protection collection method based on federated learning according to claim 1, characterized in that, The specific steps of S1 are as follows: S101: Collect raw information data generated by the network node environment on the distributed big data terminal, define the source block, extract the boundary routing control variables, parse the addressing code, calculate the Euclidean distance between the addressing code feature vector and the boundary routing control variable feature vector as the feature span, remove entries that exceed the preset span benchmark, and establish a partition sequence. S102: Call the partition sequence, extract the organization code, read the local mapping table to obtain the privacy rating, read the field category, calculate the access threshold according to the proportional rule between the privacy rating and the weight value corresponding to the field category, construct the mapping relationship between the access threshold and the field category, organize and associate key-value pairs, and obtain the attribute matrix; S103: For the attribute matrix, parse the noise ratio bound to the access threshold, calculate the expected mutation based on the authorized public data, substitute the product of the expected mutation and the noise ratio into the differential privacy measurement model to calculate the sensitivity coefficient, collect the field categories and sensitivity coefficients, sort them in descending order of sensitivity coefficients and write them into the data storage file to generate a privacy identifier dataset.

4. The information big data privacy protection collection method based on federated learning according to claim 3, characterized in that, The specific steps of S2 are as follows: S201: Call the privacy identifier dataset to extract sample feature data to initialize network weights, input the forward propagation of the perceptual network to output the predicted value, combine the deviation between the predicted value and the real label into the loss function to calculate the local weight partial derivatives, and sum the local weight partial derivatives to establish the initial gradient tensor. S202: Extract the corresponding privacy sensitivity coefficients based on the privacy identifier dataset, calculate the product of the privacy sensitivity coefficients and the preset scaling coefficients to set the distribution variance, traverse the preset probability distribution table according to the distribution variance to extract discrete perturbation values, and arrange the discrete perturbation values ​​in the same dimension as the initial gradient tensor to fill the array to generate a perturbation noise matrix. S203: Extract the structural dimension components within the initial gradient tensor, add them to the discrete perturbation values ​​at the corresponding positions of the perturbation noise matrix to obtain the superposition result, compare the superposition result with the preset pruning limit value, truncate the excess part, aggregate the truncated structural dimension components to reorganize the parameter gradient shape, and generate a privacy perturbation gradient set.

5. The information big data privacy protection collection method based on federated learning according to claim 4, characterized in that, The preset clipping limit value is determined based on the statistical distribution range of the structural dimension components within the initial gradient tensor. By extracting the upper and lower bounds of the structural dimension components in the initial gradient tensor and performing linear scaling on the upper and lower bounds using a preset scaling factor, a symmetrical or asymmetrical numerical interval boundary is formed, and then the numerical interval boundary is set as the preset clipping limit value.

6. The information big data privacy protection collection method based on federated learning according to claim 4, characterized in that, The specific steps for S3 are as follows: S301: Call the privacy perturbation gradient set, extract the historical periodic gradient vector of the node, calculate the Euclidean distance between the current periodic gradient vector and the historical periodic gradient vector and set the rate of change in combination with the time period ratio, count the mean component of the historical periodic gradient vector, calculate the divergence difference between the current periodic gradient vector and the mean component and set the deviation variance, aggregate the rate of change and the deviation variance, and establish the gradient time series variance matrix. S302: Based on the gradient time series variance matrix, extract the node deviation variance and compare it with the boundary values ​​of each interval of the preset level division boundary set, locate the numerical interval to which the deviation variance belongs, extract the numerical interval mapping level label and assign it to the node, associate the node label with the level label, and generate the contribution level evaluation sequence. S303: For the contribution level evaluation sequence, extract the node labels and level labels, call the gradient time series variance matrix to extract the node change rate, combine the node labels, level labels and change rates to construct node feature vectors, arrange the node feature vectors in ascending order of node labels, and establish a node contribution vector table.

7. The method for privacy-preserving data collection based on federated learning according to claim 6, characterized in that, The specific steps of S4 are as follows: S401: Call the node contribution vector table and the privacy perturbation gradient set, extract the weight values ​​corresponding to the level labels, read the gradient values ​​inside the privacy perturbation gradient set, calculate the product of the weight values ​​and the gradient values ​​to construct a weighted gradient term, accumulate the weighted gradient terms of the same dimension along the column direction, and establish a global gradient vector. S402: Multiply the global gradient vector with the preset encrypted public key matrix to obtain the encrypted gradient sequence, calculate the ratio of the discreteness of the encrypted gradient sequence to the preset privacy budget upper limit to set the decay scale, call the node contribution vector table to extract the mapped node privacy weights based on the level label, multiply the node privacy weights with the decay scale to perform numerical truncation, and generate a node constraint weight set. S403: For the node constraint weight set, extract the restricted weight elements, call the dense gradient sequence to extract the associated encrypted gradient terms, concatenate the restricted weight elements and associated encrypted gradient terms according to the node labels to construct a parameter structure, perform serialization and rearrangement on the aggregated parameter structure, and obtain the federated aggregated encrypted parameter set.

8. The method for privacy-preserving data collection based on federated learning according to claim 7, characterized in that, The specific steps of S5 are as follows: S501: Call the federated aggregation encryption parameter set and the global gradient vector, extract the internal encryption discrete terms, read the preset private key to decrypt and obtain the plaintext weights, combine the plaintext weights and the global gradient vector to determine the superposition increment, read the historical model parameters, use the superposition increment to perform numerical iteration on the historical model parameters, and generate a global update parameter matrix. S502: Based on the global update parameter matrix, extract parameter feature bits, read the confusion matrix, calculate the product of parameter feature bits and confusion matrix to output a garbled sequence, truncate and split it into data fragments according to preset bytes, extract communication addresses, associate data fragments with communication addresses to encapsulate transmission headers and allocate channel frequency bands, and establish a dense state backhaul data stream. S503: For the encrypted return data stream, parse the transmission header to extract the communication address, retrieve the matching node number from the registry, obtain the privacy attributes of the network node, extract the associated privacy rating label, construct key-value pairs of communication address, node number and privacy rating label, arrange them in ascending order of node number to fill the grid, and generate a privacy feedback index table.

9. The information big data privacy protection collection method based on federated learning according to claim 8, characterized in that, The extraction of internal encrypted discrete terms refers to segmenting the global gradient vector according to the preset quantization precision in the federated aggregate encryption parameter set, and selecting discrete sampling points in each segment to form internal encrypted discrete terms. Reading the preset private key to decrypt and obtain plaintext weights refers to using the homomorphic decryption rule corresponding to the federated aggregate encryption parameter set to restore the internal encrypted discrete terms one by one to obtain a fixed-length numerical sequence.

10. A data privacy protection collection system based on federated learning, characterized in that: The system is used to implement the information big data privacy protection collection method based on federated learning as described in any one of claims 1-9, and the system includes: The privacy attribute quantification module collects raw information data generated by the distributed big data terminal in partitions through information collection nodes, marks data attributes according to the privacy constraint level of the institution to which the node belongs, calculates the privacy sensitivity coefficient of each type of data using a differential privacy measurement model, and generates a privacy label dataset. The local gradient perturbation module calls the privacy identifier dataset, constructs a local model within the information collection node and performs parameter training, calculates the node gradient vector through the gradient perturbation mechanism, adjusts the gradient perturbation intensity according to the privacy sensitivity coefficient, and generates a privacy perturbation gradient set. The terminal reputation assessment module calls the privacy perturbation gradient set, calculates the rate of change and deviation variance of the gradient vector of each node, distinguishes the information contribution level of the node based on the deviation variance, and constructs a node contribution vector table. The federated encrypted aggregation module, based on the node contribution vector table and the privacy perturbation gradient set, uses a secure aggregation algorithm to perform weighted aggregation of gradient information to obtain a global gradient vector. During the aggregation process, encryption parameters are calculated, and node privacy weights are constrained to generate a federated aggregation encrypted parameter set that meets the preset privacy budget range. The model parameter distribution module calls the federated aggregated encrypted parameter set and the global gradient vector to update the global model parameters, and sends back the updated parameters through an encrypted communication channel, and constructs a privacy feedback index table based on the node privacy attributes.