A differential privacy enhanced interactive data perturbation method and apparatus
By obtaining interaction requests and context parameters from the client and combining them with privacy sensitivity weights for two-layer perturbation processing, this method solves the problems of rigid privacy budgets and difficulty in balancing single perturbations in existing technologies. It achieves optimization of data privacy protection and usability, and is a differential privacy enhancement method that adapts to diverse scenarios.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- GUIZHOU UNIV
- Filing Date
- 2026-04-29
- Publication Date
- 2026-07-07
AI Technical Summary
Existing differential privacy technologies lack the ability to dynamically adapt to privacy budget allocation. A single perturbation mechanism is difficult to balance the strength of privacy protection with data utility. Perturbed data is prone to logical consistency issues, leading to reduced data availability.
By acquiring client interaction requests and context parameters, and combining them with privacy sensitivity weights, the first-layer privacy budget is determined and subjected to local perturbation. After being aggregated and corrected by trusted aggregation nodes, a second perturbation and consistency processing are performed. The two-layer perturbation mechanism of local and centralized is superimposed to dynamically adapt to the privacy and utility requirements of different scenarios.
It achieves a reasonable allocation of privacy budget, reduces the risk of privacy leakage from a single disturbance, improves data utility, adapts to diverse data types and query scenarios, and optimizes the balance between privacy protection and usability of interactive data.
Smart Images

Figure CN122346884A_ABST
Abstract
Description
Technical Field
[0001] This application relates to the field of data privacy protection technology, and in particular to a method and apparatus for differential privacy-enhanced interactive data perturbation. Background Technology
[0002] With the continuous evolution of internet technology, the interactive data generated between clients and servers has become the core basis for supporting data analysis and driving service optimization. However, this type of data often contains a large amount of sensitive user information. If it is transmitted or used directly without protection, it is very easy to cause privacy leaks and pose a threat to user data security.
[0003] As a key technology balancing privacy protection and data usability, differential privacy adds carefully designed noise to the original data, achieving both strict protection of individual privacy and ensuring the effective value of statistical results. Current mainstream differential privacy methods can be divided into two categories: local differential privacy, where the client performs data perturbation locally before uploading to the server, avoiding direct exposure of the original data from the source; however, this single local perturbation operation often leads to significant loss of data utility. Centralized differential privacy, on the other hand, involves the server collecting the original data and adding noise in batches. While offering higher privacy protection, it relies heavily on trusted third parties and is prone to privacy budget exhaustion in multi-round query scenarios, limiting the technology's continued application.
[0004] Therefore, existing differential privacy technologies still have three significant shortcomings: First, the allocation of privacy budgets lacks dynamic adaptability and cannot be flexibly adjusted according to contextual information such as data type (e.g., discrete, numerical) and query requirements (e.g., counting queries, high-dimensional queries), making it difficult to match the needs of diverse scenarios. Second, a single perturbation mechanism cannot balance the strength of privacy protection with data utility, especially in complex scenarios such as multi-turn interactions, where this contradiction is more prominent. Either excessive privacy protection leads to a sharp drop in data usability, or the pursuit of utility weakens privacy security. Third, the perturbed data is prone to logical consistency problems, such as generating negative counts or disrupting the proportional relationship between statistical indicators, directly reducing the practical application value of the data. Summary of the Invention
[0005] This application provides a differential privacy-enhanced interactive data perturbation method and apparatus to solve problems in the prior art such as non-dynamic budget allocation, difficulty in balancing privacy and utility with single perturbation, and easy loss of consistency of perturbation data.
[0006] The first aspect of this application provides a differential privacy-enhanced interactive data perturbation method, comprising the following steps: obtaining an interaction request and context parameters from a client, wherein the context parameters include at least a data type, an expected data utility target, and a privacy budget range recommended based on a server-side policy; determining a first-layer privacy budget value using a local decision algorithm based on the context parameters and a preset privacy sensitivity weight; perturbing the original interactive data using a local differential privacy perturbation algorithm based on the first-layer privacy budget value, generating first perturbation data and sending it to a trusted aggregation node; the trusted aggregation node performing aggregation and debiasing correction to obtain aggregate statistics; performing a second perturbation based on a query request for the aggregate statistics; performing consistency processing on the second perturbation data and publishing the target result.
[0007] Optionally, a second perturbation is performed based on the query request of the aggregated statistics, and consistency processing is performed on the second perturbation data before publishing the target result. This includes: calculating the effective sensitivity of the query data based on the privacy sensitivity weight corresponding to the query data, and performing a second interaction to determine the second-layer privacy budget value used for this query; using a centralized differential privacy mechanism to perform a second perturbation on the aggregated statistics based on the effective sensitivity and the second-layer privacy budget value to generate the second perturbation data; performing post-consistency processing on the second perturbation data, and publishing the final result.
[0008] Optionally, the effective sensitivity of the query data is calculated based on the privacy sensitivity weights corresponding to the query data, including: obtaining the user group covered by the query; calculating the average value of the privacy sensitivity weights corresponding to the query data and the global sensitivity of the query request based on the user group; and multiplying the global sensitivity by the average value to obtain the effective sensitivity.
[0009] Optionally, based on the effective sensitivity and the second-layer privacy budget value, a centralized differential privacy mechanism is used to perform a secondary perturbation on the aggregated statistics to generate second perturbation data. This includes: selecting a target algorithm based on the query type and the magnitude of the second-layer privacy budget value; selecting a target centralized differential privacy algorithm from a predefined algorithm pool, wherein the algorithm pool includes at least Laplace, Gaussian, and exponential mechanisms; determining the noise scale parameter of the selected target algorithm based on the ratio of the effective sensitivity to the second-layer privacy budget value; and processing the aggregated statistics using the target algorithm with added noise to generate the second perturbation data.
[0010] Optionally, a target algorithm is selected based on the type of query and the size of the second-level privacy budget value. The target algorithm includes a Laplace mechanism, a Gaussian mechanism, or an exponential mechanism, including: for counting queries and histogram publishing, the Laplace mechanism is preferred; for high-dimensional data queries or queries with multiple iterations, the Gaussian mechanism is preferred; and for non-numerical optimization queries, the exponential mechanism is used.
[0011] Optionally, the second perturbation data is subjected to post-consistency processing, including numerical range constraints or logical consistency constraints. The numerical range constraints correct negative values in the numerical results to 0 or a preset lower limit of positive values. The logical consistency constraints use iterative proportional fitting or projection algorithms to ensure that multiple published data items satisfy a predefined summation consistency or proportional relationship.
[0012] Optionally, based on the context parameters and preset privacy sensitivity weights, a first-level privacy budget value is determined by a local decision algorithm, including: comparing the upper limit of the privacy budget range recommended by the server with a local budget reference value obtained based on the privacy sensitivity weight mapping, and determining the smaller of the two values as the first-level privacy budget value.
[0013] Optionally, the original interaction data is perturbed by calling a local differential privacy perturbation algorithm based on the first-layer privacy budget value, including: when the original interaction data is discrete classification data, a generalized random response mechanism is used for perturbation; when the original interaction data is numerical data, a Laplace mechanism or a Gaussian mechanism is used for perturbation, wherein the scale parameter of the added noise is jointly determined by the first-layer privacy budget value and the global sensitivity of the data type.
[0014] Optionally, the trusted aggregation node performs aggregation and debiasing correction processing, including: performing debiasing estimation on the collected first perturbation data according to the mathematical model and parameters of the local differential privacy perturbation algorithm adopted by the client, and calculating the unbiased estimate of the aggregation statistic.
[0015] A second aspect of this application provides a differential privacy-enhanced interactive data perturbation device, comprising: an acquisition module for acquiring an interaction request and context parameters from a client, wherein the context parameters include at least a data type, an expected data utility target, and a privacy budget range recommended based on a server-side policy; a perturbation module for determining a first-layer privacy budget value based on the context parameters and a preset privacy sensitivity weight using a local decision algorithm, perturbing the original interactive data according to the first-layer privacy budget value using a local differential privacy perturbation algorithm, generating first perturbation data and sending it to a trusted aggregation node, wherein the trusted aggregation node performs aggregation and bias correction to obtain an aggregated statistic; and a processing module for performing a second perturbation based on a query request for the aggregated statistic, performing consistency processing on the second perturbation data, and publishing the target result.
[0016] Therefore, this application has at least the following beneficial effects: This application's embodiments obtain client interaction requests and context parameters including data type, utility goal, and privacy budget range. Combined with privacy sensitivity weights, a first-layer privacy budget is determined locally and subjected to local perturbation. After aggregation and correction by trusted aggregation nodes to obtain aggregated statistics, a second perturbation and consistency processing are performed on query requests. This dynamically adapts to data and query scenarios to achieve reasonable allocation of the privacy budget. The combined local and centralized perturbation layers enhance privacy protection, reducing the risk of privacy leakage from a single perturbation. Furthermore, the combination of context and privacy sensitivity weights enables dynamic allocation of the privacy budget, adapting to privacy and utility needs in different scenarios. Simultaneously, the aggregation stage's debiasing correction and the release stage's consistency processing reduce noise impact, significantly improving data utility. It also supports various data types, including discrete and numerical types, and adapts to diverse scenarios such as counting, high-dimensional queries, and non-numerical optimization. This effectively solves the problems of rigid budget allocation, difficulty in balancing privacy and utility with single perturbations, and inconsistent data logic in existing technologies, ultimately achieving an optimized balance between privacy protection and usability of interactive data.
[0017] Additional aspects and advantages of this application will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of this application. Attached Figure Description
[0018] The above and / or additional aspects and advantages of this application will become apparent and readily understood from the following description of the embodiments taken in conjunction with the accompanying drawings, wherein: Figure 1 This is a flowchart of a differential privacy-enhancing interactive data perturbation method provided according to an embodiment of this application; Figure 2 This is a block diagram illustrating a differential privacy-enhanced interactive data perturbation device according to an embodiment of this application. Figure 3 This is a schematic diagram of the structure of an electronic device provided according to an embodiment of this application. Detailed Implementation
[0019] The embodiments of this application are described in detail below. Examples of these embodiments are shown in the accompanying drawings, wherein the same or similar reference numerals denote the same or similar elements or elements having the same or similar functions throughout. The embodiments described below with reference to the accompanying drawings are exemplary and intended to explain this application, and should not be construed as limiting this application.
[0020] The following description, with reference to the accompanying drawings, illustrates a differential privacy-enhancing interactive data perturbation method and apparatus according to embodiments of this application. To address the rigid budget allocation problem mentioned in the background, this application provides a differential privacy-enhanced interactive data perturbation method. This method obtains client interaction requests and context parameters including data type, utility goal, and privacy budget range. A first-layer privacy budget is determined locally by combining privacy sensitivity weights, and local perturbation is performed. After aggregation and correction by trusted aggregation nodes to obtain aggregated statistics, a second perturbation and consistency processing are applied to query requests. This dynamically adapts to data and query scenarios to achieve reasonable allocation of the privacy budget. The combined local and centralized perturbation layers enhance privacy protection, reducing the risk of privacy leakage from a single perturbation. Furthermore, the combination of context and privacy sensitivity weights enables dynamic allocation of the privacy budget, adapting to privacy and utility needs in different scenarios. Simultaneously, the aggregation stage's debiasing correction and the release stage's consistency processing reduce noise impact, significantly improving data utility. It also supports various data types, including discrete and numerical types, and adapts to diverse scenarios such as counting, high-dimensional queries, and non-numerical optimization. This effectively solves the problems of rigid budget allocation, difficulty in balancing privacy and utility with single perturbations, and inconsistent data logic in existing technologies, ultimately achieving an optimized balance between interactive data privacy protection and usability.
[0021] The following description, with reference to the accompanying drawings, illustrates a differential privacy-enhancing interactive data perturbation method and apparatus according to embodiments of this application.
[0022] Specifically, Figure 1 This is a flowchart illustrating a differential privacy-enhancing interactive data perturbation method provided in an embodiment of this application.
[0023] like Figure 1 As shown, this differential privacy-enhanced interactive data perturbation method includes the following steps: In step S101, the client's interaction request and context parameters are obtained.
[0024] Among them, context parameters refer to a set of key information related to client interaction data and privacy protection needs, including at least the data type, expected data utility goals, and privacy budget range recommended based on server-side policies.
[0025] It is understood that the embodiments of this application obtain the client's interaction requests and context parameters to provide accurate scenario adaptation basis for the subsequent differential privacy perturbation process.
[0026] In step S102, based on context parameters and preset privacy sensitivity weights, a first-layer privacy budget value is determined by a local decision algorithm. The original interaction data is perturbed by a local differential privacy perturbation algorithm according to the first-layer privacy budget value, generating first perturbation data and sending it to a trusted aggregation node. The trusted aggregation node performs aggregation and debiasing correction to obtain aggregated statistics.
[0027] Among them, the preset privacy sensitivity weight can be based on the coefficient value set in advance for the sensitivity of data, which is used to quantify the privacy importance of different types of interactive data. The first-level privacy budget value can be a quantitative indicator of privacy protection resources allocated when the client performs the first data disturbance locally.
[0028] It is understood that, by introducing a context-based dynamic privacy budget allocation mechanism and the bias correction function of trusted aggregation nodes, this embodiment of the application effectively balances the strength of privacy protection and data availability within the local differential privacy framework, and significantly improves the accuracy and practicality of the processing results. Through context-aware budget allocation, it solves the problem of rigid privacy budget allocation and difficulty in adapting to dynamic scenarios in traditional methods. Through the collaborative design of local perturbation and central bias correction, it effectively suppresses the large errors and data distortion often caused by a single local perturbation mechanism while avoiding the original data leaving the user's local environment. Thus, it achieves a better balance between privacy protection and data utility in complex interaction scenarios.
[0029] It should be noted that the preset privacy sensitivity weights are not fixed static coefficients, but can be dynamically iterated and optimized according to changes in privacy requirements in actual application scenarios.
[0030] In healthcare data exchange scenarios, if regulators require an increase in the privacy protection level of medical record-related data, the sensitivity weight of the corresponding data can be adjusted through the system backend to ensure that subsequent budget allocation and perturbation strategies always comply with the latest privacy standards. At the same time, the weight setting needs to undergo multiple rounds of data security testing and utility verification to avoid excessive data perturbation and a sharp drop in utility due to excessively high weights, or privacy protection vulnerabilities caused by excessively low weights.
[0031] Furthermore, the trustworthiness of trusted aggregation nodes must be guaranteed through multiple security mechanisms, including node identity authentication, data transmission encryption, and full auditing of operation logs, to prevent the theft or tampering of the first perturbation data during the aggregation process. Moreover, aggregation nodes are only responsible for data statistics and correction, and do not have the ability to reverse-engineer the original interaction data, thus technically preventing the leakage of individual privacy information. Additionally, the determination of the first-layer privacy budget value needs to reserve budget coordination space with subsequent secondary perturbations. That is, when calculating the first-layer budget, the local decision algorithm will refer to the total privacy budget range recommended by the server to avoid insufficient budget for subsequent secondary perturbations due to excessive allocation of the first-layer budget. This ensures a balanced allocation of privacy budget throughout the entire process of "local perturbation - aggregation correction - secondary perturbation," satisfying the privacy protection needs of each stage while minimizing the impact on overall data utility.
[0032] One specific implementation of the local decision-making algorithm is based on a linearly weighted budget mapping model. The input to this model is the base budget ceiling recommended by the server. Privacy sensitivity weight of current interaction data and a system-preset baseline sensitivity weight Its output is the first-level privacy budget value. The formula for calculating is: in, It is the absolute upper limit set by the server for this type of data. This is an anchor value (e.g., set to 1.0) used to adjust the magnitude of budget allocation. This formula ensures that highly sensitive data ( A larger value will result in a smaller, more stringent privacy budget. This adds more noise locally, providing stronger protection.
[0033] Setting the weight of privacy sensitivity: The preset privacy sensitivity weights are pre-defined based on data classification and its potential risks. A feasible setting example is shown in Table 1 below: Table 1. List of Privacy Sensitivity Weights These weight values can be stored in configuration files on both the client and server sides and can be updated according to changes in laws, regulations, and business needs.
[0034] The server-recommended privacy budget range is dynamically generated based on global privacy protection strength and utility goals. One strategy is to adjust it based on the accuracy of historical queries and the incidence of privacy incidents. For example, the initial default range is... If there is a high demand for data utility in the near term and no privacy risks, the restrictions can be relaxed to... If a potential attack risk is detected, the restrictions will be tightened. .
[0035] In this embodiment of the application, the first-level privacy budget value is determined by a local decision algorithm based on context parameters and preset privacy sensitivity weights. This includes comparing the upper limit of the privacy budget range recommended by the server with the local budget reference value obtained by mapping based on the privacy sensitivity weights, and determining the smaller of the two values as the first-level privacy budget value.
[0036] Understandably, this application embodiment avoids excessive local budget limits on the client side from exceeding the system's global privacy and security policy by using server-side upper limits, thus preventing the risk of overall data leakage caused by excessive relaxation of privacy protection by a single client. Furthermore, by using reference values for local sensitivity weight mapping, it ensures that the budget is adapted to the sensitivity of local data. Sensitive data corresponds to higher protection requirements, thereby allocating a stricter budget to strengthen perturbation and reduce the risk of leakage, while non-sensitive data can have a more relaxed budget to reduce utility loss. This effectively avoids the problems of "insufficient or excessive local data protection due to a uniform budget on the server side" and "ignoring global privacy rules by allocating budgets based solely on local weights." While ensuring the overall privacy and security of the system, it ensures that the first-layer budget accurately matches the local data privacy requirements, laying a reasonable foundation for balancing the strength of privacy protection and data utility in subsequent local perturbations.
[0037] Specifically, for user data interaction scenarios on e-commerce platforms, the server may set the global privacy budget limit to ε=2 to ensure that local disturbances of all clients do not exceed the overall privacy risk boundary that the system can bear. The local budget reference value based on privacy sensitivity weight mapping needs to be matched with a preset weight according to the current data type of the client interaction, such as setting the sensitivity weight of user payment records to 1.5 and the weight of product browsing records to 0.8. Then, it is calculated through preset mapping rules (such as "local budget reference value = basic budget value / sensitivity weight", where the basic budget value can be set to 3 according to historical utility data). If the current data is a payment record, the local budget reference value is 3 / 1.5=2, and if it is a browsing record, it is 3 / 0.8=3.75. Then, the local decision algorithm compares the two types of values: when the data is a payment record, the server limit value (2) is equal to the local reference value (2), and 2 is taken as the first-level privacy budget value; when the data is a browsing record, the server limit value (2) is less than the local reference value (3.75), and 2 is taken as the first-level privacy budget value.
[0038] This calculation method avoids exceeding the budget and breaching the system's global privacy policy due to excessively high local reference values for browsing records. It also allows payment records to obtain stronger local disturbance protection through a strict budget that matches the server's upper limit. At the same time, it ensures that non-sensitive data retains its utility as much as possible within the system's security framework, achieving a precise fit between global security constraints and differentiated protection of local data.
[0039] In this embodiment, the original interaction data is perturbed by calling a local differential privacy perturbation algorithm based on the first-layer privacy budget value. This includes: when the original interaction data is discrete classification data, a generalized random response mechanism is used for perturbation; when the original interaction data is numerical data, a Laplace mechanism or a Gaussian mechanism is used for perturbation. The scale parameter of the added noise is jointly determined by the first-layer privacy budget value and the global sensitivity of the data type.
[0040] Discrete categorical data refers to categorical data with a finite number of values that are not continuous. Global sensitivity is an indicator that measures the maximum change in the statistical result when a single data record in the dataset changes.
[0041] It is understood that the embodiments of this application employ a generalized random response mechanism for discrete categorical data, which can achieve efficient desensitization through probabilistic category adjustment and avoid information distortion caused by numerical processing of categorical data. For numerical data, a Laplace or Gaussian mechanism is used, which can select a more suitable noise distribution according to the data characteristics and reduce the damage to the quantitative characteristics of the data. At the same time, the noise scale is jointly determined by the first-layer privacy budget value and the global sensitivity, which ensures that sensitive data or high privacy requirements can be protected by stronger noise, while avoiding the loss of value of non-sensitive data or high-utility requirements due to excessive noise. Ultimately, while accurately protecting the privacy of different types of data, the statistical utility of the data is preserved to the greatest extent.
[0042] Specifically, if the original interaction data is discrete categorical data, such as user preference tags for products like "home appliances," "cosmetics," and "food," the generalized random response mechanism will first preset two types of probabilities: one is the "true retention probability" (e.g., 85%), meaning there is an 85% probability of directly retaining the user's true preference tag "home appliances"; the other is the "random replacement probability" (e.g., 15%), meaning there is a remaining 15% probability of randomly selecting one from other tags such as "cosmetics" or "food" to replace the true tag. This probabilistic processing avoids directly exposing individual true preferences, and because it retains most of the true data characteristics, subsequent trusted aggregation nodes can achieve bias removal through reverse probability calculation (e.g., using "the actual number of 'home appliances' tags ÷ the true retention probability"), ensuring the accuracy of the aggregation results.
[0043] If the original interaction data is numerical, the perturbation mechanism needs to be selected based on the scenario: When the data is low-dimensional, a single query scenario (e.g., a user's single consumption amount, ranging from 0 to 2000 yuan, with a global sensitivity Δ=2000), and the first-level privacy budget ε=2, the Laplace mechanism is used. The noise scale parameter b=Δ / ε=2000 / 2=1000. Noise with a scale of 1000 that conforms to a Laplace distribution is added to the actual consumption amount (e.g., 500 yuan) (e.g., adding -120 yuan), resulting in a perturbed amount of 380 yuan. This mechanism can quickly achieve privacy protection and noise reduction. It is highly centralized and suitable for scenarios with moderate accuracy requirements. When the data is high-dimensional and involves multiple iterations of queries (such as the daily consumption amount of a user for 7 consecutive days, which needs to be averaged multiple times), with the first-level privacy budget value ε=1.5 and the global sensitivity Δ=2000, a Gaussian mechanism is adopted. Based on the pre-set confidence level (such as 95%), the noise scale parameter σ≈Δ×1.645 / ε≈2000×1.645 / 1.5≈2193 is calculated. Noise that conforms to the Gaussian distribution is added to the daily consumption amount. Its smooth noise distribution can reduce the accumulation of noise after multiple queries and avoid distortion of subsequent aggregation results.
[0044] In this embodiment of the application, the trusted aggregation node performs aggregation and debiasing correction processing, including: performing debiasing estimation on the collected first perturbation data according to the mathematical model and parameters of the local differential privacy perturbation algorithm adopted by the client, and calculating the unbiased estimate of the aggregation statistic.
[0045] Among them, the unbiased estimate can be the aggregate statistic obtained after debiasing, whose mathematical expectation is equal to the value of the true aggregate statistic, and there is no systematic bias.
[0046] It is understood that the embodiments of this application combine the mathematical model of the client-side local differential privacy perturbation algorithm (such as the probabilistic logic of generalized random response and the noise formula of the Laplace mechanism) with key parameters (such as retention probability and noise scale) to perform targeted debiasing estimation on the collected first perturbation data, and calculate the unbiased estimate of the aggregate statistics. This can effectively eliminate the systematic bias (such as category statistical error and numerical offset) introduced by local perturbation to protect privacy, and make the aggregation result closer to the real global data characteristics. Under the premise of ensuring that individual privacy is not leaked, the statistical utility of the data is preserved to the greatest extent, providing high-precision data support for subsequent secondary perturbation and result release, and further consolidating the balance between privacy protection and data availability.
[0047] It should be noted that when calculating the unbiased estimate of aggregated statistics, the complete and accurate synchronization of the mathematical model and parameters of the local perturbation algorithm on the client side is crucial. Missing or inconsistent parameters will directly lead to the failure of debiasing. The sample size is also a factor; when the sample size is small, the random error is large, and a certain scale is required for the estimated value to stably approach the true value. Strict privacy boundaries must be maintained. Trusted aggregation nodes can only calculate the global estimate and cannot derive the original data of a single client to avoid privacy leaks. It is necessary to ensure that the debiasing method and the perturbation algorithm are strictly compatible. Different algorithms correspond to different debiasing formulas and cannot be mixed. Furthermore, for complex scenarios, iterative debiasing logic needs to be designed specifically to avoid deviations caused by improper adaptation.
[0048] The specific implementation of bias correction is as follows: The trusted aggregation node performs bias correction based on the precise mathematical model of the local perturbation algorithm used by the client. Taking the generalized random response mechanism as an example: Suppose the client has a The discrete data of each category uses a random response, and its true retention probability is... The probability of random replacement is uniformly distributed. Let the collected data be... In the first perturbation data, a certain category was observed. The number of times .
[0049] Then the actual number of this category The unbiased estimate is calculated using the following formula: Aggregated statistics (such as percentages) can be calculated based on this unbiased estimate. For numerical data using the Laplace mechanism, since the added noise has a mean of zero, no special debiasing step is needed after aggregation; the average value can be directly calculated as the unbiased estimate.
[0050] In step S103, a second perturbation is performed based on the query request of the aggregated statistics, the second perturbation data is processed for consistency, and the target result is published.
[0051] It is understood that the embodiments of this application perform secondary perturbation on the query request for aggregated statistics to strengthen privacy, and at the same time perform consistency processing on the second perturbation data, and finally publish the target result that is both leak-proof and in line with business logic and has practical value, thus completing the closed loop of the entire privacy protection process.
[0052] In this embodiment, the process of performing a second perturbation on the query request of the aggregated statistics, performing consistency processing on the second perturbation data, and publishing the target result includes: calculating the effective sensitivity of the query data based on the privacy sensitivity weight corresponding to the query data, performing a second interaction, and determining the second-layer privacy budget value used for this query; performing a second perturbation on the aggregated statistics using a centralized differential privacy mechanism based on the effective sensitivity and the second-layer privacy budget value to generate the second perturbation data; performing post-consistency processing on the second perturbation data, and publishing the final result.
[0053] The second-layer privacy budget value is used as a quantification indicator of privacy protection resources by performing a second perturbation on the aggregated statistics. The second perturbation data can be the data generated after the aggregated statistics are perturbed by a centralized differential privacy mechanism.
[0054] Understandably, this application's embodiments first calculate the effective sensitivity based on the privacy sensitivity weights of the query data, then determine the second-layer privacy budget value suitable for this query through secondary interaction; subsequently, a centralized differential privacy mechanism is adopted to perform secondary perturbation on the aggregated statistics by combining the effective sensitivity and the second-layer budget value to strengthen privacy; finally, post-consistency processing is performed on the generated second-perturbation data before the final result is published. This approach ensures that privacy protection resources are accurately matched to the risk levels of different queries (strong protection for high-sensitivity queries, and precision for low-sensitivity queries), while also safeguarding business value through secondary perturbation and superimposed protective barriers and consistency processing, achieving a deep balance between privacy security and result usability in query scenarios.
[0055] In this embodiment of the application, the effective sensitivity of the query data is calculated based on the privacy sensitivity weight corresponding to the query data, including: obtaining the user group covered by the query; calculating the average value of the privacy sensitivity weight corresponding to the query data and the global sensitivity of the query request according to the user group; and multiplying the global sensitivity by the average value to obtain the effective sensitivity.
[0056] It is understood that the embodiments of this application first obtain the user group covered by the query, then calculate the average privacy sensitivity weight of the corresponding group and the global sensitivity of the query request, and finally multiply the global sensitivity by the average weight to obtain the effective sensitivity. This can not only reflect the degree of impact of the query operation on the data, but also incorporate the differences in privacy needs of the target user group, accurately quantify the privacy leakage risk of the query, and provide a scientific basis for the subsequent allocation of the second-layer privacy budget and the setting of the secondary perturbation intensity, so as to ensure that privacy protection is both in line with the actual scenario and can reasonably preserve the data utility.
[0057] In this embodiment, based on the effective sensitivity and the second-layer privacy budget value, a centralized differential privacy mechanism is used to perform a secondary perturbation on the aggregated statistics to generate second perturbation data. This includes: selecting a target algorithm based on the query type and the magnitude of the second-layer privacy budget value; selecting a target centralized differential privacy algorithm from a predefined algorithm pool, wherein the algorithm pool includes at least Laplace's mechanism, Gaussian mechanism, and exponential mechanism; determining the noise scale parameter of the selected target algorithm based on the ratio of the effective sensitivity to the second-layer privacy budget value; and processing the aggregated statistics using the target algorithm with added noise to generate the second perturbation data.
[0058] It is understood that, in this application embodiment, the target algorithm is selected from the algorithm pool containing Laplace, Gaussian and exponential mechanisms according to the query type and the second-layer privacy budget. The noise scale parameter is determined according to the ratio of effective sensitivity to the budget. Then, the aggregation statistics are processed by the noise-adding algorithm to generate the second perturbation data, thereby realizing the scenario adaptation and precise control of the intensity of the secondary perturbation, and balancing privacy hardening and data utility.
[0059] Specifically, the core of the Laplace mechanism is the convergence statistic. ( Inject Laplace-distributed noise into the dataset, where the noise follows a location parameter of 0 and a scale parameter of 0. The Laplace distribution of has a probability density function (PDF) as follows: Where x is the noise value and b is the scale parameter; To implement the Laplace mechanism, the scale parameters must first be calculated. Then, noise is generated and added to the statistics. The specific steps are as follows: Calculate global sensitivity Global sensitivity measures the impact of changes in a single data record on a statistical function. The maximum impact is calculated using the formula: in, and It is a "neighboring dataset" that differs by only one record. yes Norm.
[0060] Calculate noise scale parameters : Scale parameters are determined by global sensitivity and privacy budget (Control the level of privacy, The smaller the size, the stricter the protection. The formula is: ; Generate perturbation results: to the true statistics Add Laplace noise The final perturbation result is: .
[0061] The Gaussian mechanism is designed for high-dimensional data and multiple iterative queries (such as multi-dimensional feature statistics and machine learning gradient perturbations). By using Gaussian noise with a "bell-shaped flat tail", it solves the problem of "noise accumulation and distortion" in high-dimensional scenarios of the Laplace mechanism, and provides more stable privacy protection.
[0062] Gaussian mechanism to aggregate statistics Inject Gaussian distributed noise with a mean of 0 and a standard deviation of 0. The Gaussian distribution of has a probability density function (PDF) as follows: Where x is the noise value, Standard deviation; Gaussian mechanism provides Differential privacy ( This is the upper limit of the probability of privacy failure, usually taken as... ), specific steps: Calculate global sensitivity :use Norm, the formula is: Calculate the standard deviation of noise Standard deviation is determined by , , A joint decision needs to be made, and the introduction of [relevant parties] is required. Related constants (like hour, ; hour, The formula is: Generate perturbation results: to the true statistics Add Gaussian noise The final perturbation result is: .
[0063] The core of the index mechanism is to provide a "candidate result set" Each result in The probability is assigned, and the probability is positively correlated with the "outcome score". An exponential function is used to amplify score differences, while also introducing privacy perturbations. The probability formula is as follows: in, For the scoring function (quantification result) With dataset (match degree) For rating sensitivity, ), For privacy budget, This is the candidate result set.
[0064] In this embodiment of the application, the target algorithm is selected based on the type of query and the size of the second-level privacy budget value. The target algorithm includes a Laplace mechanism, a Gaussian mechanism, or an exponential mechanism. Specifically, for counting queries and histogram publishing, the Laplace mechanism is preferred; for high-dimensional data queries or queries with multiple iterations, the Gaussian mechanism is preferred; and for non-numerical preferred queries, the exponential mechanism is used.
[0065] It is understood that the embodiments of this application can ensure the accuracy of the results of counting / histogram queries through the Laplace mechanism, the stability of noise accumulation in high-dimensional / multiple queries through the Gaussian mechanism, and the adaptability of the discrete results requirements of non-numerical queries through the exponential mechanism. It can also avoid the problems of "insufficient privacy protection" or "waste of data utility" caused by algorithm mismatch, and ensure that the secondary perturbation achieves the optimal balance between privacy and security and the availability of results from the source of algorithm selection.
[0066] In this embodiment of the application, the second perturbation data is subjected to post-consistency processing, including numerical range constraints or logical consistency constraints.
[0067] Among them, the numerical range constraint corrects negative values in the numerical results to 0 or a preset positive lower limit, and the logical consistency constraint uses iterative proportional fitting or projection algorithms to ensure that multiple published data items meet the predefined summation consistency or proportional relationship.
[0068] It is understood that the embodiments of this application perform post-consistency processing on the second perturbation data to eliminate invalid results and logical contradictions caused by the perturbation, and to ensure the privacy and security of the published results.
[0069] The differential privacy-enhanced interactive data perturbation method proposed in this application obtains client interaction requests and context parameters including data type, utility goal, and privacy budget range. It then determines the first-layer privacy budget locally by combining privacy sensitivity weights and performs local perturbation. After aggregation and correction by trusted aggregation nodes to obtain aggregated statistics, a second perturbation and consistency processing are performed on query requests. This dynamically adapts to data and query scenarios to achieve reasonable allocation of the privacy budget. The combination of local and centralized perturbation layers enhances privacy protection and reduces the risk of privacy leakage from a single perturbation. Furthermore, it dynamically allocates the privacy budget by combining context and privacy sensitivity weights to adapt to privacy and utility needs in different scenarios. Simultaneously, it reduces noise impact through debiasing correction in the aggregation stage and consistency processing in the publishing stage, significantly improving data utility. It also supports various data types such as discrete and numerical types, adapting to diverse scenarios such as counting, high-dimensional queries, and non-numerical optimization. This effectively solves the problems of rigid budget allocation, difficulty in balancing privacy and utility with single perturbation, and inconsistent data logic in existing technologies, ultimately achieving an optimized balance between interactive data privacy protection and usability.
[0070] The following is a specific example illustrating the interactive data perturbation method for enhancing differential privacy, using the scenario of "user's daily consumption data upload and global statistical query" on an e-commerce platform as an example. I. Obtaining Interaction Requests and Context Parameters The client (an e-commerce user) initiated a request to "upload the day's consumption record," which included two types of core data: numerical data: the actual consumption amount of 800 yuan on that day; and discrete categorical data: the category of purchased goods "home appliances" (candidate categories: home appliances, cosmetics, food). The server returns key information related to privacy protection and data utility to the client, specifically: Data type: Numeric (consumption amount, ranging from 0 to 5000 yuan), Discrete (product category, 3 candidate values); Expected data utility target: In subsequent global statistics, the average error of consumption amount is ≤10%, and the accuracy of product category statistics is ≥80%; Recommended privacy budget range by the server: Global total privacy budget εtotal = 1.5-3.0 (to avoid excessive budget for a single client exceeding the platform's privacy and security threshold).
[0071] II. Local Disturbance and Trusted Aggregation Bias Removal (1) Preset privacy sensitivity weights The platform predefines weights based on the sensitivity of data: consumption amount (directly related to user financial information, highly sensitive): weight w1=2.0; product category (preference information, moderately sensitive): weight w2=1.2.
[0072] (2) Calculate the local budget reference value using the preset rule: local budget reference value = basic budget value / sensitivity weight, where the basic budget value B = 5.0 (calibrated based on the platform's historical utility data): consumption amount reference value: 5.0 / 2.0 = 2.5; commodity category reference value: 5.0 / 1.2 ≈ 4.17.
[0073] (3) Determine the final ε1 server-side global first-level budget limit ε1_max=2.5 (to avoid excessive privacy protection for a single client), and take the smaller value between the "server-side limit" and the "local reference value": consumption amount ε1: min(2.5,2.5)=2.5; product category ε1: min(2.5,4.17)=2.5.
[0074] Local differential privacy perturbation (generating the first perturbation data) (1) Numerical data (consumption amount of 800 yuan): global sensitivity of Laplace mechanism Δ1: the maximum value of consumption amount is 5000 yuan, and the maximum impact of a single user's data change on the consumption amount is 5000 yuan, so Δ1=5000; noise scale parameter b1: calculated according to the formula b=Δ / ε, b1=5000 / 2.5=2000; generating noise and first disturbance data: generating noise η1=-150 yuan that conforms to the Laplace distribution (position 0, scale 2000), and the amount after disturbance is 800-150=650 yuan (first disturbance data).
[0075] (2) Discrete data (product category "home appliances"): Generalized random response mechanism preset probability: real retention probability p=80% (directly retain the user's real category), random replacement probability q=20% (when replacing, it is evenly distributed to "cosmetics" and "food", and the single-category replacement probability is 10%); generate the first perturbation data: this time, the "real retention" is randomly triggered, and the first perturbation data is still "home appliances" (if replacement is triggered, it may become "cosmetics" or "food").
[0076] Aggregation and Bias Correction of Trusted Aggregation Nodes Assuming the platform collects initial perturbation data from 1000 clients, the trusted aggregation node processes it according to the following procedure: (1) Aggregate statistic 1: Average consumption amount of users: The sum of the first disturbance data of 1000 consumption amounts is Σ disturbance = 620000 yuan; Debias correction: The mean of Laplace noise is 0, and the unbiased estimate is Σ disturbance. Therefore, the aggregate statistic (average consumption amount) = 620000 / 1000 = 620 yuan (the actual global average consumption is 630 yuan, the error is ≈1.6%, which meets the utility target of ≤10%).
[0077] (2) Aggregate statistic 2: Data collection on the proportion of product category preferences: Among the first perturbation data of 1000 categories, there are 760 for "home appliances", 120 for "beauty", and 120 for "food"; Correction of bias: According to the generalized random response correction formula, the actual number T = (number of observations ON × (q / (k-1))) / (pq / (k-1)) (N=1000, k=3 categories, q / (k-1)=10%): The estimated actual number of home appliances is: (760-1000×10%) / (80%-10%) = 660 / 0.7≈943; Aggregate statistic (proportion of home appliance preferences) = 943 / 1000≈94.3% (the actual proportion is 95%, the accuracy is ≈99.3%, which meets the utility target of ≥80%).
[0078] After bias correction, the unbiased estimate of the true number of home appliance categories calculated by the trusted aggregation nodes is approximately 943. Therefore, the unbiased estimate of its proportion is 943 / 1000 = 94.3%. This "94.3%" is an aggregation statistic, a high-precision estimate that can be used for subsequent analysis.
[0079] When the server receives a query request and performs a secondary perturbation using the exponential mechanism, the scoring function u(D,a) should directly use the unbiased estimate (i.e., 94.3, 5.7, 0) as the score for each candidate result. This design ensures that the scoring function truly reflects the statistical characteristics of the data, and the exponential mechanism performs probabilistic perturbation on this basis to achieve privacy protection.
[0080] III. Secondary Perturbation and Post-Consistency Processing Upon receiving merchant query requests: "Query the average spending amount of 1000 users (count-based query)" and "Query the top 1 preferred product category for users (non-numerical preference query)," the server performs the following operations: Determine the second-level privacy budget value (ε2) and effective sensitivity. (1) The query covers the user group of 1,000 users participating in the aggregation, with no additional expansion.
[0081] (2) Calculate the effective sensitivity of the average consumption amount query: Query privacy sensitivity weight w_query1 = 1.8 (involves financial statistics, high sensitivity); Query global sensitivity Δ_query1: A single user's consumption change of 5000 yuan has a maximum impact on "average consumption" = 5000 / 1000 = 5 yuan; Effective sensitivity = Δ_query1 × average weight (the weight of each user group is 1.8) = 5 × 1.8 = 9. Category TOP1 query: Query privacy sensitivity weight w_query2 = 1.0 (preference statistics, medium sensitivity); Rating sensitivity Δ_u: A single user's preference change has a maximum impact on "category rating" = 2; Effective sensitivity = Δ_u × average weight = 2 × 1.0 = 2.
[0082] (3) The remaining total budget of the server is determined by the second interaction. The total budget is ε2 - ε1 = 3.0 - 2.5 = 0.5. Based on the sensitivity of the query, the average consumption amount is ε2 = 0.3; the category TOP1 is ε2 = 0.2.
[0083] Secondary perturbation (generating second perturbation data) (1) Average consumption amount (count query): Priority Laplace mechanism noise scale parameter b2: b2=effective sensitivity / ε2=9 / 0.3=30; generated noise and second disturbance data: generated Laplace noise η2=+25 yuan, second disturbance data=620+25=645 yuan.
[0084] (2) Category TOP1 (non-numerical preferred query): Index mechanism candidate set S: {home appliances, cosmetics, food}; scoring function u: based on the proportion of aggregated statistics (home appliances 94.3→u=94.3, cosmetics 5.7→u=5.7, food 0→u=0); calculate the selection probability: according to the formula P(a)∝exp(ε2×u / (2×Δu)) (ε2=0.2, Δu=2): home appliance probability: exp(0.2×94.3 / (4))=exp(4.715)≈112; cosmetics probability: exp(0.2×5.7 / 4)=exp(0.285)≈1.33; food probability: exp(0)=1; normalization and random selection: home appliance probability≈98.8%, and finally randomly select "home appliances" (second perturbation data).
[0085] Post-consistency processing For numerical range constraints, a simple clipping algorithm can be used: x′=max(x,0) to ensure non-negativity.
[0086] For logical consistency constraints (such as multiple statistical values needing to satisfy a summation constraint), the Iterative Proportional Fit (IPF) algorithm (also known as Raking) can be used. This algorithm projects the perturbed data values onto the marginal constraints that need to be satisfied through multiple iterations, and finally obtains a set of data publications that both satisfy the constraints and are as close as possible to the original perturbed values.
[0087] (1) The average consumption amount is constrained. The second disturbance data of 645 yuan is positive and does not need to be corrected (if a negative value appears, it needs to be corrected to 0 or a preset lower limit, such as 1 yuan).
[0088] (2) Logical consistency constraint: This query does not require "summing / proportion of multiple data items" (e.g., it does not query "total consumption of each category" and "total consumption" at the same time), so there is no need for iterative proportion fitting or projection algorithm correction.
[0089] The final results were released to merchants: "The average daily spending of 1,000 users was 645 yuan, and the top preferred product category was home appliances." This result not only protects user privacy through two layers of perturbation (no risk of individual data leakage) but also meets the utility needs of merchants for statistical analysis (the error is within the preset range).
[0090] Next, referring to the accompanying drawings, a differential privacy-enhancing interactive data perturbation device according to an embodiment of this application is described.
[0091] Figure 2 This is a block diagram of a differential privacy-enhanced interactive data perturbation device according to an embodiment of this application.
[0092] like Figure 2 As shown, the differential privacy-enhanced interactive data perturbation device 10 includes: an acquisition module 100, a perturbation module 200, and a processing module 300.
[0093] The acquisition module 100 is used to acquire the client's interaction request and context parameters. The context parameters include at least the data type, the expected data utility target, and the privacy budget range recommended based on the server-side policy. The perturbation module 200 is used to determine the first-level privacy budget value through a local decision algorithm based on the context parameters and preset privacy sensitivity weights. Based on the first-level privacy budget value, the local differential privacy perturbation algorithm is called to perturb the original interaction data, generate the first perturbation data, and send it to the trusted aggregation node. The trusted aggregation node performs aggregation and debiasing correction to obtain the aggregated statistics. The processing module 300 is used to perform a second perturbation based on the query request of the aggregated statistics, perform consistency processing on the second perturbation data, and publish the target result.
[0094] It should be noted that the foregoing explanation of the embodiment of the differential privacy-enhanced interactive data perturbation method also applies to the differential privacy-enhanced interactive data perturbation device of this embodiment, and will not be repeated here.
[0095] The differential privacy-enhanced interactive data perturbation device proposed in this application obtains client interaction requests and context parameters including data type, utility goal, and privacy budget range. It then determines the first-layer privacy budget locally by combining privacy sensitivity weights and performs local perturbation. After aggregation and correction by trusted aggregation nodes to obtain aggregated statistics, a second perturbation and consistency processing are performed on query requests. This dynamically adapts to data and query scenarios to achieve reasonable allocation of the privacy budget. The combination of local and centralized perturbation layers enhances privacy protection, reducing the risk of privacy leakage from a single perturbation. Furthermore, it dynamically allocates the privacy budget by combining context and privacy sensitivity weights, adapting to privacy and utility needs in different scenarios. Simultaneously, it reduces noise impact through debiasing correction in the aggregation stage and consistency processing in the publishing stage, significantly improving data utility. It also supports various data types such as discrete and numerical types, adapting to diverse scenarios such as counting, high-dimensional queries, and non-numerical optimization. This effectively solves the problems of rigid budget allocation, difficulty in balancing privacy and utility with single perturbation, and inconsistent data logic in existing technologies, ultimately achieving an optimized balance between interactive data privacy protection and usability.
[0096] Figure 3 A schematic diagram of the structure of an electronic device provided in an embodiment of this application. The electronic device may include: The memory 301, the processor 302, and the computer program stored on the memory 301 and capable of running on the processor 302.
[0097] When the processor 302 executes the program, it implements the differential privacy-enhancing interactive data perturbation method provided in the above embodiments.
[0098] Furthermore, electronic devices also include: Communication interface 303 is used for communication between memory 301 and processor 302.
[0099] The memory 301 is used to store computer programs that can run on the processor 302.
[0100] The memory 301 may include high-speed RAM memory, and may also include non-volatile memory, such as at least one disk storage.
[0101] If the memory 301, processor 302, and communication interface 303 are implemented independently, then the communication interface 303, memory 301, and processor 302 can be interconnected via a bus to complete communication between them. The bus can be an Industry Standard Architecture (ISA) bus, a Peripheral Component Interconnect (PCI) bus, or an Extended Industry Standard Architecture (EISA) bus, etc. Buses can be categorized as address buses, data buses, control buses, etc. For ease of representation, Figure 3 The bus is represented by a single thick line, but this does not mean that there is only one bus or one type of bus.
[0102] Optionally, in a specific implementation, if the memory 301, processor 302, and communication interface 303 are integrated on a single chip, then the memory 301, processor 302, and communication interface 303 can communicate with each other through an internal interface.
[0103] Processor 302 may be a central processing unit (CPU), an application specific integrated circuit (ASIC), or one or more integrated circuits configured to implement the embodiments of this application.
[0104] In the description of this specification, the references to terms such as "one embodiment," "some embodiments," "example," "specific example," or "some examples," etc., indicate that a specific feature, structure, material, or characteristic described in connection with that embodiment or example is included in at least one embodiment or example of this application. In this specification, the illustrative expressions of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the specific features, structures, materials, or characteristics described may be combined in any suitable manner in one or more embodiments or examples. Moreover, without contradiction, those skilled in the art can combine and integrate the different embodiments or examples described in this specification, as well as the features of different embodiments or examples.
[0105] Furthermore, the terms "first" and "second" are used for descriptive purposes only and should not be construed as indicating or implying relative importance or implicitly specifying the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one of that feature. In the description of this application, "N" means at least two, such as two, three, etc., unless otherwise explicitly specified.
[0106] Any process or method described in the flowchart or otherwise herein can be understood as representing a module, segment, or portion of code comprising one or N executable instructions for implementing custom logic functions or processes, and the scope of the preferred embodiments of this application includes additional implementations in which functions may be performed not in the order shown or discussed, including substantially simultaneously or in reverse order depending on the functions involved, as should be understood by those skilled in the art to which embodiments of this application pertain.
[0107] It should be understood that the various parts of this application can be implemented using hardware, software, firmware, or a combination thereof. In the above embodiments, the N steps or methods can be implemented using software or firmware stored in memory and executed by a suitable instruction execution system. For example, if implemented in hardware, as in another embodiment, it can be implemented using any one or more of the following techniques known in the art: discrete logic circuits having logic gates for implementing logical functions on data signals, application-specific integrated circuits (ASICs) having suitable combinational logic gates, programmable gate arrays (PGAs), field-programmable gate arrays (FPGAs), etc.
[0108] Those skilled in the art will understand that all or part of the steps of the methods in the above embodiments can be implemented by a program instructing related hardware. The program can be stored in a computer-readable storage medium, and when executed, the program includes one or a combination of the steps of the method embodiments.
Claims
1. A method for perturbing interactive data with differential privacy enhancement, characterized in that, Includes the following steps: Obtain the client's interaction request and context parameters, wherein the context parameters include at least the data type, the expected data utility target, and the privacy budget range recommended based on the server-side policy; Based on the context parameters and preset privacy sensitivity weights, a first-layer privacy budget value is determined through a local decision algorithm. According to the first-layer privacy budget value, a local differential privacy perturbation algorithm is called to perturb the original interaction data, generate first perturbation data, and send it to a trusted aggregation node. The trusted aggregation node performs aggregation and debiasing correction to obtain aggregate statistics. The aggregated statistics are subjected to a second perturbation based on the query request. The second perturbation data is then processed for consistency and the target result is published.
2. The differential privacy-enhanced interactive data perturbation method according to claim 1, characterized in that, Based on the query request for the aggregated statistics, a second perturbation is performed, the second perturbation data undergoes consistency processing, and the target result is published, including: Based on the privacy sensitivity weights corresponding to the query data, the effective sensitivity of the query data is calculated, and a second interaction is performed to determine the second-level privacy budget value used for this query. Based on the effective sensitivity and the second-layer privacy budget value, a centralized differential privacy mechanism is used to perform a secondary perturbation on the aggregated statistics to generate second perturbation data; The second perturbation data is subjected to post-consistency processing, and the final result is published.
3. The differential privacy-enhanced interactive data perturbation method according to claim 2, characterized in that, Based on the privacy sensitivity weights corresponding to the query data, the effective sensitivity of the query data is calculated, including: Obtain the user group covered by the query; Based on the user group, calculate the average value of the privacy sensitivity weights corresponding to the query data and the global sensitivity of the query request; The effective sensitivity is obtained by multiplying the global sensitivity by the average value.
4. The differential privacy-enhanced interactive data perturbation method according to claim 2, characterized in that, Based on the effective sensitivity and the second-layer privacy budget value, a centralized differential privacy mechanism is used to perform a secondary perturbation on the aggregated statistics to generate second perturbation data, including: The target algorithm is selected based on the type of query and the size of the second-level privacy budget value. The target centralized differential privacy algorithm is selected from a predefined algorithm pool, wherein the algorithm pool includes at least the Laplace mechanism, the Gaussian mechanism, and the exponential mechanism. Based on the ratio of the effective sensitivity to the second-layer privacy budget value, the noise scale parameter of the selected target algorithm is determined; The aggregated statistics are processed using the target algorithm with added noise to generate the second perturbation data.
5. The differential privacy-enhanced interactive data perturbation method according to claim 4, characterized in that, The target algorithm is selected based on the query type and the size of the second-level privacy budget value, wherein the target algorithm includes a Laplace mechanism, a Gaussian mechanism, or an exponential mechanism, including: For count queries and histogram publishing, the Laplace mechanism should be preferred; For high-dimensional data queries or queries involving multiple iterations, the Gaussian mechanism should be preferred. For non-numerical optimization queries, an index mechanism is used.
6. The differential privacy-enhanced interactive data perturbation method according to claim 2, characterized in that, The second perturbation data is subjected to post-consistency processing, including numerical range constraints or logical consistency constraints. The numerical range constraints correct negative values in the numerical results to 0 or a preset lower limit of positive values. The logical consistency constraints use iterative proportional fitting or projection algorithms to ensure that multiple published data items meet predefined summation consistency or proportional relationships.
7. The differential privacy-enhanced interactive data perturbation method according to claim 1, characterized in that, Based on the context parameters and preset privacy sensitivity weights, a first-level privacy budget value is determined through a local decision-making algorithm, including: The upper limit of the privacy budget range recommended by the server is compared with the local budget reference value obtained based on the privacy sensitivity weight mapping, and the smaller value between the two is determined as the first-level privacy budget value.
8. The differential privacy-enhanced interactive data perturbation method according to claim 1, characterized in that, Based on the first-layer privacy budget value, the local differential privacy perturbation algorithm is invoked to perturb the original interaction data, including: When the original interactive data is discrete categorical data, a generalized random response mechanism is used for perturbation; When the original interaction data is numerical data, a Laplace or Gaussian perturbation mechanism is used, wherein the scale parameter of the added noise is jointly determined by the first-layer privacy budget value and the global sensitivity of the data type.
9. The differential privacy-enhanced interactive data perturbation method according to claim 1, characterized in that, The trusted aggregation node performs aggregation and bias correction processing, including: Based on the mathematical model and parameters of the local differential privacy perturbation algorithm used by the client, the collected first perturbation data is debiased and the unbiased estimate of the aggregated statistic is calculated.
10. A differential privacy-enhanced interactive data perturbation device, characterized in that, include: The acquisition module is used to acquire the client's interaction request and context parameters, wherein the context parameters include at least the data type, the expected data utility target, and the privacy budget range recommended based on the server-side policy; The perturbation module is used to determine the first-layer privacy budget value based on the context parameters and the preset privacy sensitivity weight through a local decision algorithm, and to call the local differential privacy perturbation algorithm to perturb the original interaction data according to the first-layer privacy budget value, generate the first perturbation data and send it to the trusted aggregation node, which performs aggregation and debiasing correction to obtain the aggregated statistics. The processing module is used to perform secondary perturbation based on the query request of the aggregated statistics, perform consistency processing on the second perturbation data, and publish the target result.