Data asset security risk dynamic early warning system based on big data analysis

By constructing a dynamic early warning system for data asset security risks based on big data analytics, analyzing data call requests and building a multi-dimensional dynamic joint distribution model, the problem of accurately measuring the risk of multi-dimensional data combination overflow in existing technologies is solved, and a balance between security strategy and business continuity is achieved.

CN122395077APending Publication Date: 2026-07-14GOLDEN SHIELD TESTING TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
GOLDEN SHIELD TESTING TECH CO LTD
Filing Date
2026-06-15
Publication Date
2026-07-14

AI Technical Summary

Technical Problem

Existing technologies are insufficient to accurately measure and dynamically warn of the nonlinear combination overflow risks caused by the exposure of multidimensional related data fields while ensuring the continuity of business systems and core utility. Furthermore, the lack of a multidimensional dynamic joint distribution model leads to security policies inadvertently harming core business operations.

Method used

The data asset security risk dynamic early warning system based on big data analysis includes a feature parsing module, a risk measurement module, a strategy optimization module, and a degradation execution module. By parsing data call requests, it constructs a multi-dimensional dynamic joint distribution model, calculates the combined spillover risk value, and finds the optimal degradation strategy while satisfying the rigid utility constraints of the business.

Benefits of technology

It enables accurate measurement and dynamic early warning of the risk of overflow from multidimensional data combinations, avoids the accidental damage of security policies to core businesses, and achieves a Pareto optimal balance between minimizing residual risk and preserving business utility.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122395077A_ABST
    Figure CN122395077A_ABST
Patent Text Reader

Abstract

The application discloses a data asset security risk dynamic early warning system based on big data analysis, and relates to the technical field of risk early warning.The application comprises a feature analysis module, a risk measurement module, a strategy optimization module and a degradation execution module.The feature analysis module analyzes data calling requests and calculates a business rigidity utility index in combination with business attribute parameters.The risk measurement module calculates an initial comprehensive combination overflow risk value of a field set based on a multi-dimensional dynamic joint distribution model.The strategy optimization module solves an optimal degradation strategy vector with the minimum residual risk and the maximum business utility as the target under the condition of meeting the index constraint.The degradation execution module executes line-level cutting, dynamic masking and time decay processing on data response messages accordingly.The application completely breaks the traditional static interception mechanism, maximally reduces the data combination leakage risk, and ensures the continuity and elastic balance of core business flow.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of risk warning technology, and in particular to a dynamic early warning system for data asset security risks based on big data analysis. Background Technology

[0002] In modern network architectures, application programming interfaces (APIs) are crucial channels for the flow and interaction of data assets. Due to increasingly complex business scenarios, data access requests exhibit characteristics of high concurrency, multi-dimensionality, and multi-scenario complexity. Data assets face significant security threats during frequent flows, such as malicious crawling, unauthorized access, and excessive exposure of large amounts of sensitive data. Chinese invention patent application CN119740237A discloses a detection method and system based on data asset risk assessment. This scheme collects data asset data from target users through a data acquisition module, calculates security risk values ​​based on data sensitivity, access frequency, and the number of times data is marked, and establishes a threat assessment coefficient by combining the number of attacks, severity, and vulnerability information. Furthermore, it comprehensively calculates the overall assessment coefficient of the data asset, compares it with a preset threshold, outputs a warning, or executes preset adjustment measures, and simultaneously predicts future risk values ​​through a curve showing changes over time. Existing technologies often separate security risks from the data needs of the business itself during risk assessment, relying solely on objective indicators such as access frequency, vulnerabilities, or sensitivity for threshold judgments. They fail to take into account the specific business utility attributes of the caller. Different business processes have vastly different degrees of rigid dependence on data integrity and accuracy. Risk control that deviates from the bottom line of business utility can easily lead to security policies inadvertently harming core businesses and causing business flow interruptions. In massive API calls, a single request often involves a collection of multiple data fields. Existing methods usually evaluate each field independently or simply perform linear superposition, lacking in-depth mining of the overflow risks under the exposure of multi-dimensional data field combinations. When multiple conditional fields with contextual relationships are simultaneously exposed to extremes, it can trigger a non-linear risk surge against core target fields. Existing technologies lack multi-dimensional dynamic joint distribution models to accurately measure this conditional combination overflow effect. Summary of the Invention

[0003] The technical problem solved by this invention is that existing technologies are unable to accurately measure and dynamically warn of the nonlinear combination overflow risk caused by the exposure of multidimensional related data fields while ensuring the continuity of business systems and core utility. Existing technologies are also unable to break away from the traditional security control mode based on static rules and coarse-grained blocking.

[0004] To address the aforementioned technical problems, this invention provides the following technical solution: a dynamic early warning system for data asset security risks based on big data analysis, comprising: a feature parsing module, a risk measurement module, a strategy optimization module, and a degradation execution module; The feature parsing module is used to parse the data call request, obtain the set of data fields to be called and the corresponding business attribute parameters, and calculate the business rigidity utility index based on the business attribute parameters. The risk measurement module is used to receive the data field set, construct a probability distribution model for each field based on historical call data, calculate the probability quantile value of each field at the current time, and calculate the initial comprehensive combined overflow risk value of the data field set based on the multidimensional dynamic joint distribution model. The strategy optimization module is used to receive the business rigidity utility index and the initial comprehensive combination spillover risk value, and with the goal of minimizing residual risk and maximizing business utility, solve for the optimal degradation strategy vector under the condition of satisfying the business rigidity utility index constraint. The degradation execution module is used to receive the degradation policy vector and perform degradation processing on the data response message based on the degradation policy vector.

[0005] Preferably, the process of obtaining the business rigidity utility index specifically includes: The set of data fields to be called is parsed from the request body and URL path of the data call request, and the unique identifier of the calling API is extracted from the data call request header; Based on the unique identifier, the corresponding row is matched from the preset business tag matrix, and the corresponding business evaluation dimension is extracted. The business evaluation dimension includes the regulatory compliance strictness parameter, the financial audit accuracy parameter, and the macroeconomic statistical tolerance parameter. The process of calculating the surge ratio of call frequency includes: The actual number of times the unique identifier is called within a preset first time period before the current moment is obtained, and the historical average number of times it is called within the same preset historical time period is calculated by extrapolating the same time period from the current moment. The actual number of times is called is divided by the historical average number of times to obtain the call frequency surge ratio.

[0006] Preferably, the process of obtaining the business rigidity utility index further includes: Using the aforementioned business evaluation dimensions combined with the call frequency surge ratio, the original business rigidity utility index (without boundary truncation) is calculated. The mathematical expression for the original business rigidity utility index is: ; in, The original business rigid utility index, , and These are parameters for regulatory compliance stringency, financial audit accuracy, and macroeconomic statistical tolerance. The ratio of surges in call frequency; , , These are the preset dimension weight coefficients. This is the preset exception penalty coefficient; The original business rigidity utility index is truncated at its boundaries to obtain the business rigidity utility index.

[0007] Preferably, the process of calculating the initial composite spillover risk value in the risk measurement module specifically includes: From the set of data fields, based on the preset data dictionary sensitivity classification, the field with the highest sensitivity score is identified as the target field, and the remaining fields are used as the set of condition fields; Retrieve historical request logs, and use a preset sliding time window to count the call frequency of all fields in the data field set during historical periods. Construct a call frequency sequence for each field, and normalize the call frequency sequence to obtain a normalized call frequency sequence. An empirical cumulative distribution function is constructed based on the normalized call frequency sequence as the cumulative probability distribution function for each field; After obtaining the actual call frequency of each field and normalizing it, the corresponding cumulative probability distribution function is substituted to calculate the probability quantile value of each field at the current time, which is used as the marginal exposure probability.

[0008] Preferably, the process of calculating the initial composite spillover risk value in the risk measurement module further includes: Using multidimensional Gumbel Copula as the basis function, a multidimensional dynamic joint distribution model is constructed. The mathematical expression of its basic joint distribution formula is as follows: ; in, Let be the joint probability value output by the n-dimensional joint probability distribution function. θ represents the edge exposure probability of each data field at the current time, and θ is the dynamic dependency parameter. The dynamic dependence parameters are dynamically updated using a generalized autoregressive scoring mechanism; The conditional spillover increment is calculated based on the aforementioned multidimensional dynamic joint distribution model. The specific process includes: Calculate the unconditional basic risk value of the target field at the preset extreme quantiles; Given that the marginal exposure probability of all fields in the set of conditional fields reaches the preset extreme quantile, the conditional risk value of the target field is solved using the multidimensional dynamic joint distribution model under this joint extreme condition. The difference between the conditional risk value and the unconditional basic risk value is used as the conditional overflow increment.

[0009] Preferably, the process of calculating the initial composite spillover risk value in the risk measurement module further includes: Combining the preset basic risk weights and spillover amplification weights, the initial composite portfolio spillover risk value is calculated. The mathematical expression for the initial composite portfolio spillover risk is: ; in, This is the initial composite portfolio overflow risk value. Basic risk weights Basic risk value, To amplify the overflow weight, This is the conditional overflow increment.

[0010] Preferably, the process of solving for the optimal degradation strategy vector in the strategy optimization module specifically includes: Construct a degradation strategy vector, the elements of which include: data row-level sampling filtering rate, key field mask blur strength, and data timeliness decay degree; The probability of exposure to the transformation edge of each field after implementing the degradation strategy vector is calculated using the algebraic decay formula. The mathematical expression for the probability of exposure to the transformation edge is: For the target field: ; For condition fields: ; in, For the first The probability of exposure to the conversion edge of each field. For the first Edge exposure probability of each field , and These are, respectively, the data row-level sampling filtering rate, the blurring intensity of the key field mask, and the data timeliness decay. , and These are the sampling attenuation coefficient, the mask attenuation coefficient, and the time attenuation coefficient, respectively. Substitute the transformation edge exposure probability of all fields into the multidimensional dynamic joint distribution model, recalculate the conditional quantile of the target field, and then obtain the conditional overflow increment. Combine the basic risk weight and the overflow amplification weight for weighted fusion to calculate the residual comprehensive combined exposure risk value after executing the downgrade strategy vector. Construct a security risk minimization objective function, the mathematical expression of which is: ; in, For the degradation policy vector, For the safety risk objective function, This represents the residual combined exposure risk value.

[0011] Preferably, the process of solving for the optimal degradation strategy vector in the strategy optimization module specifically includes: The mathematical expression for the business utility objective function is: ; in, To retain business utility , and These are the business utility weights for data integrity, accuracy, and timeliness, respectively. , and These are fuzzy membership decay variables constructed for the three dimensions of data integrity, accuracy, and timeliness. Establish rigid constraint inequalities: ; in, To retain business utility This refers to the rigid utility index of the aforementioned business. Traverse the preset risk utility coordinate grid points. For each coordinate point, use a constrained multi-objective evolutionary algorithm with orthogonal learning strategy to solve for the Pareto optimal policy vector that satisfies the rigid constraint inequality. If a solution that satisfies the constraints cannot be found, the coordinate point is marked as a deadlock point, and a preset fallback strategy vector is bound to the deadlock point. Generate a Pareto optimal policy mapping table covering all scenarios. The mapping table records the mapping relationship between each coordinate point and the corresponding optimal policy vector or fallback policy vector. Based on the initial comprehensive combination spillover risk value and business rigidity utility index calculated in real time, the Pareto optimal strategy mapping table is queried. If a deadlock point is hit, the fallback strategy vector is directly output. If no deadlock point is found, an interpolation algorithm is used to calculate and output the final degradation policy vector based on the nearest neighbor grid point policy vector in the mapping table.

[0012] Preferably, after receiving the original data response message generated by the underlying business server based on the data call request, the degradation execution module performs degradation processing on the original data response message. The process of performing degradation processing on the data response message includes: row-level pruning, dynamic masking, and time-decrease cache mapping.

[0013] The data asset security risk dynamic early warning system based on big data analysis further includes an early warning module, which is used to trigger a corresponding early warning action based on the initial comprehensive combined overflow risk value and the final executed degradation strategy vector after the data response message is downgraded and allowed to pass. The logic for triggering the early warning includes: If a deadlock point is hit during the strategy optimization phase and the fallback strategy vector is executed, an advanced warning signal is generated. If a deadlock point is not hit during the strategy optimization phase, and the initial comprehensive combination overflow risk value is greater than the preset risk alarm threshold, a medium-level early warning signal is generated. If a deadlock point is not hit during the strategy optimization phase, and the initial comprehensive combination overflow risk value is less than or equal to the preset risk alarm threshold, then the process will proceed silently without triggering an early warning signal.

[0014] The beneficial effects of this invention are as follows: By proactively combining tolerance levels from dimensions such as regulatory compliance, financial auditing, and macroeconomic statistics for dynamic evaluation, this invention effectively avoids unintended damage to the continuity of core business by security interception strategies; Addressing the potential for simultaneous leakage of multidimensional data in complex API requests, this invention constructs a multidimensional dynamic joint distribution model, quantifying the nonlinear combination overflow risk of multiple associated condition fields to the target field under extreme exposure scenarios; This invention constructs a multi-objective strategy optimization mechanism, achieving a Pareto optimal balance between minimizing residual combination risk and maximizing business utility retention. Attached Figure Description

[0015] Figure 1 This is a basic flowchart of a dynamic early warning system for data asset security risks based on big data analysis, provided as an embodiment of the present invention. Detailed Implementation

[0016] To make the above-mentioned objects, features and advantages of the present invention more apparent and understandable, the specific embodiments of the present invention will be described in detail below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments.

[0017] Example, refer to Figure 1 It provides a dynamic early warning system for data asset security risks based on big data analysis, including: feature analysis module, risk measurement module, strategy optimization module, and degradation execution module; The feature parsing module is used to parse data call requests, obtain the set of data fields to be called and the corresponding business attribute parameters, and calculate the business rigid utility index based on the business attribute parameters; The risk measurement module is used to receive a set of data fields, construct a probability distribution model for each field based on historical call data, calculate the probability quantile value of each field at the current time, and calculate the initial comprehensive combined spillover risk value of the set of data fields based on a multidimensional dynamic joint distribution model. The strategy optimization module receives the business rigidity utility index and the initial comprehensive combination spillover risk value. With the goal of minimizing residual risk and maximizing business utility, it solves for the optimal degradation strategy vector under the constraint of the business rigidity utility index. The degradation execution module is used to receive degradation policy vectors and perform degradation processing on data response messages based on the degradation policy vectors.

[0018] This invention can dynamically parse the business attributes of data requests and measure the combined overflow risk, thereby finding the best degradation strategy under the constraint of meeting the rigid bottom line of business, effectively solving the contradiction between security control and business continuity, and realizing an intelligent and elastic balance between risk defense and business data response.

[0019] The process of obtaining the business rigidity utility index specifically includes: Parse the set of data fields to be called from the request body and URL path of the data call request, and extract the unique identifier of the calling API from the data call request header; Based on the unique identifier, the corresponding row is matched from the preset business tag matrix, and the corresponding business evaluation dimension is extracted. The business evaluation dimension includes the regulatory compliance strictness parameter, the financial audit accuracy parameter, and the macro statistical tolerance parameter. Each row of the business tag matrix corresponds to an API interface. The process of calculating the surge ratio of call frequency includes: The actual number of calls within a preset first time period before the current moment is obtained by comparing the number of calls within the same preset historical time period with the number of calls over the same period starting from the current moment. The actual number of calls is then divided by the historical average number of calls to obtain the call frequency surge ratio.

[0020] In one specific embodiment of the present invention, the execution carrier of the feature parsing module is an API gateway server deployed at the front end of the enterprise intranet. When the client application initiates an HTTP data call request to the API gateway server, the feature parsing module parses the request body and URL path of the HTTP request. Based on the RESTful API design specifications, a mapping table between URL paths and response data structures is pre-stored. By matching the URL path of this request, the mapping table is queried to extract the identifiers of the data fields requested by this API request, i.e., the specific data column names being queried, and the queried data column names are combined into a set of data fields. ,in A positive integer, representing the total number of fields requested in this request. Representative data field set The specific fields that are called in, such as For user ID, The transaction amount; The feature parsing module reads the unique identifier of the calling API from the HTTP request header. This unique identifier is pre-configured and stored by security administrators in a business tag matrix. The business tag matrix is ​​a two-dimensional matrix; each row represents an independent API interface registered within the system, and each column represents a business evaluation dimension. In this embodiment, the business tag matrix has three columns: the first column represents regulatory compliance strictness, the second column represents financial audit accuracy, and the third column represents macro-statistical tolerance. The elements in the matrix are dimensionless decimal values ​​between 0 and 1, pre-configured by the security administrator based on business attributes. The specific configuration logic includes: First column elements This value indicates the stringency of regulatory compliance. A higher value means the data involved in the API is subject to stronger regulatory constraints from company rules. For example, APIs involving core user payment passwords or ID transmissions... The value is 0.95, while the API involved in querying public product catalogs... The value is 0.1; Second column elements This value represents the accuracy of financial auditing. The higher the value, the stronger the business process's dependence on data integrity and accuracy. For example, in APIs used for month-end financial settlement and reconciliation, any ambiguity in the amount will lead to accounting errors. The value is 0.9, while the API used for fuzzy search suggestions on front-end pages... The value is 0.2; Third column elements This value represents the tolerance for macro-level statistical manipulation. A higher value indicates a lower requirement for data precision and greater tolerance for data sampling or masking. For example, a macro-level reporting API used to calculate the average daily active users in cities of a province can still achieve regional aggregated statistical results even with strong masking of individual user identities. The value is 0.85; Based on the unique identifier of the calling API, match the corresponding row in the business tag matrix, and extract the three element values ​​corresponding to that row in column order, denoted as follows: , and The purpose of extracting these three elements is to transform abstract business attributes into specific coefficients that can be used for mathematical operations; The process of calculating the surge ratio of call frequency includes: The feature parsing module queries the total number of actual calls to the unique identifier in the five minutes before the current time, divides it by the number of calls to the unique identifier in the past thirty days, and extrapolates the same time length from the current time. For example, if the current time is 14:05, the module extracts the average number of calls to the historical time slices from 14:00 to 14:05 every day in the past thirty days. To prevent system crashes caused by division by zero, Laplace smoothing is introduced for the historical average total number of calls. This involves adding a preset smoothing constant to both the numerator and denominator, which is set to 1 in this embodiment. If the historical actual average number of calls is 0, but the current actual number of calls exceeds a preset burst threshold (set to 10 times / minute in this embodiment), the call frequency surge ratio will be forcibly output as a preset penalty upper limit value (set to 10 in this embodiment). The penalty upper limit value of 10 is chosen to limit the surge ratio of the dormant API to a penalty range of one order of magnitude, thus fully expressing the high-risk signal while avoiding the collapse of downstream formulas due to extremely large values, thereby combating sudden detection attacks on the dormant API.

[0021] This invention accurately characterizes the dependence of different API interfaces on the true quality of data by extracting unique identifiers and matching them with the regulatory compliance strictness, financial audit accuracy, and macro-statistical tolerance in the business tag matrix. It introduces a method for calculating the surge ratio of historical average call count to Laplace smoothing, which can not only keenly capture and punish the risk of sudden probing attacks, but also avoid system crashes caused by division by zero.

[0022] The process of obtaining the business rigidity utility index also includes: By combining business evaluation dimensions with the call frequency surge ratio, the original business rigidity utility index without boundary truncation is calculated. The mathematical expression for the original business rigidity utility index is: ; in, This is the original business rigidity utility index without boundary truncation. , and These are parameters for regulatory compliance stringency, financial audit accuracy, and macroeconomic statistical tolerance. The ratio of surges in call frequency; , , In this embodiment, the preset dimension weight coefficients are used. , , The reason for selecting this set of values ​​is that regulatory compliance and financial auditing businesses have an absolute and strong dependence on the authenticity of the original data; any tampering will lead to business errors, hence the high weight given to these values. In contrast, macroeconomic statistics businesses allow for a certain degree of fuzzy error in the data, hence the inverse value for their tolerance. By assigning lower weights, the sum of the three weights always equals 1, ensuring the normalization of the dimensions of the basic utility. The preset abnormality penalty coefficient is set to a value in this embodiment. This value is based on empirical calibration, indicating that when the call frequency doubles, the rigidity of business utility is proactively reduced by about 5%, achieving a balance between risk suppression and utility preservation. This indicates the logic for determining one-way exception penalties. When the scenario is determined to be a normal or low-frequency call, this item outputs 0, and no exception penalty is initiated; when... When a sudden surge is detected, the output value exceeds the normal baseline. The original business rigidity utility index is truncated at its boundaries to obtain the business rigidity utility index. The logic of the boundary truncation process includes: If the original business rigid utility index is less than the preset lower limit, the business rigid utility index will be assigned the preset lower limit. If the original business rigid utility index is greater than the preset upper limit, the business rigid utility index will be assigned the preset upper limit. If the original business rigidity utility index is greater than or equal to the preset lower limit and less than or equal to the preset upper limit, then the business rigidity utility index is equal to the original business rigidity utility index.

[0023] In a specific embodiment of the present invention, the matrix elements obtained by the foregoing steps are: , and The ratio of the surge in call frequency is dynamically fitted and calculated to obtain the business rigidity utility index. This value represents the minimum quality requirement for the returned data to be neither de-identified nor obfuscated in order for the current business process to operate normally. The process of obtaining the business rigidity utility index specifically includes: The mathematical expression for the original business rigid utility index does not have a hard truncation, thus preserving the capacity to handle extreme abnormal traffic conditions, such as sudden attacks of tens of thousands of crawling requests. The mathematical probability of the penalty term being negative is extremely high. This abnormal feature will be retained and passed to the subsequent mandatory boundary judgment for unified processing. The purpose of the mathematical expression of the original value is to proactively and appropriately reduce the rigid requirements of the business in the face of sudden surge in calls to release a wider space for desensitization, and to prioritize the protection of the enterprise's core data assets from being leaked in large quantities. In low-frequency or normal call scenarios, the original data quality requirements will remain unchanged. The original value was calculated. Then, if the calculated result is If the value is less than 0.1, the rigid utility index of the business will be forcibly adjusted. Assign a value of 0.1; if the calculated value is... If the value is greater than 0.95, then force... Assign a value of 0.95; if the value is between 0.95 and 0.95, keep the original value. The logic for setting the upper and lower bounds to 0.1 and 0.95 includes: 0.1 represents the lower limit for maintaining basic readability of the business logic, and 0.95 represents the upper limit for the effectiveness of avoiding small floating-point errors.

[0024] When faced with a sudden surge in abnormal calls, this invention can proactively lower the rigid utility index of the business, thereby prioritizing the release of a wider space for data desensitization to protect core data assets. At the same time, it sets reasonable upper and lower limits for forced assignment, which maintains the lower limit of basic readability of the business and avoids the overflow of the upper limit of calculation caused by small floating-point errors, thus ensuring the robustness of the model under extreme conditions.

[0025] The process of calculating the initial portfolio spillover risk value in the risk measurement module specifically includes: From the set of data fields, based on the preset data dictionary sensitivity classification, the field with the highest sensitivity score is identified as the target field, and the remaining fields are used as the set of condition fields; Retrieve historical request logs, use a preset sliding time window to count the call frequency of all fields in the statistical data field set during the historical period, construct a call frequency sequence for each field, and normalize the call frequency sequence to obtain a normalized call frequency sequence. An empirical cumulative distribution function is constructed based on the normalized call frequency sequence as the cumulative probability distribution function for each field; At the current moment, the actual call frequency of each field is obtained and normalized, then substituted into the corresponding cumulative probability distribution function to calculate the probability quantile value of each field at the current moment, which is used as the marginal exposure probability.

[0026] In one specific embodiment of the present invention, the risk measurement module receives a set of data fields transmitted by the feature parsing module. Pre-classify data based on the sensitivity of the data dictionary, from the set The field with the highest sensitivity score is identified and recorded as the target field, and the remaining fields are... Each field is denoted as the set of condition fields; The data dictionary records the definitions of all data fields of the enterprise and their corresponding sensitivity scores; The risk measurement module calls the historical request log database to extract a set of data fields from the 30 days prior to the current time. All For each field's API call record, with a sliding time window of one minute, the call frequency of each field within each window is counted, constructing a call frequency sequence. The call frequencies in this sequence are then normalized using minimum-maximum normalization to obtain a normalized call frequency sequence. If the actual call frequency at the current moment exceeds the historical extreme value range, the normalized value is forcibly truncated to [a specific value]. Within the range, this prevents domain overflow when inputting Copula functions.

[0027] This invention extracts the actual traffic frequency based on a sliding time window and performs extreme value normalization to construct an empirical cumulative probability distribution function that reflects the historical distribution. This approach enables the risk benchmark of each data field to adapt to changes in the current actual call frequency, providing timely and accurate data input for comprehensive evaluation.

[0028] The process of calculating the initial composite portfolio spillover risk value in the risk measurement module also includes: Using multidimensional Gumbel Copula as the basis function, a multidimensional dynamic joint distribution model is constructed. The mathematical expression of its basic joint distribution formula is as follows: ; in, Let be the joint probability value output by the n-dimensional joint probability distribution function. The edge exposure probability of each data field at the current time is given by θ, which is the probability quantile value. θ is the dynamic dependency parameter. The dynamic dependence parameters are dynamically updated using a generalized autoregressive scoring mechanism; The conditional spillover increment is calculated based on a multidimensional dynamic joint distribution model. The specific process includes: Calculate the unconditional basic risk value of the target field at the preset extreme quantiles; Given that the marginal exposure probabilities of all fields in the set of conditional fields reach a preset extreme quantile, a multidimensional dynamic joint distribution model is used to solve for the conditional risk value of the target field under this joint extreme condition.

[0029] The difference between the conditional risk value and the unconditional basic risk value is used as the conditional spillover increment; Conditional overflow increments represent the risk of additional increases in the target field due to extreme exposure of context-related fields.

[0030] In one specific embodiment of the present invention, upon receiving a real-time API request at the current moment, the current time window is extracted. The actual original frequencies of each field, after extreme value normalization mapping, are substituted into the aforementioned cumulative distribution function. In the process, the current time is calculated. The probability quantile values ​​of each field are denoted as follows: To prevent subsequent logarithmic operations from overflowing and crashing, an absolute lower bound truncation protection is set for all probability quantile values. That is, if the probability quantile value is less than 0.0001, it is forcibly assigned the value of 0.0001. Using a generalized autoregressive scoring mechanism, indexed by minute time. To dynamically update the dependency parameter θ using a step size, the probability quantile sequences of each field over the past thirty days are extracted as sample data, and the initial values ​​of the dependency parameter are determined using the maximum likelihood estimation algorithm. ; The updated mathematical expression is: ; in, The dependent parameters output at the current moment; The partial derivative of the log-likelihood function of the Copula density function at the previous moment with respect to the dependence parameter is obtained by the analytical gradient formula of Gumbel Copula. , , As a preset constant coefficient, the value in this embodiment is [value]. , , For the output Apply a lower bound boundary constraint, i.e., if If the calculation result is less than 1, it is forcibly truncated and assigned a value of 1 in order to establish an effective dynamic joint distribution; The intercept term ensures that the dependency parameters maintain baseline levels when there are no drastic historical fluctuations. The coefficient for the scoring item controls the magnitude of the current surge's impact on the next moment; These are autoregressive coefficients, ensuring the smoothness of the time series; all three satisfy... To ensure the model covariance is stable; The mathematical expression is: ; in, For partial derivatives, Let be the joint probability value output by the n-dimensional joint probability distribution function. The edge exposure probability of each data field at the current moment. These are the dependency parameters output at the current moment. These are the dependency parameters output at the previous time step; To assess the additional risk to the target field under extreme correlation exposure scenarios, the system presets an extreme quantile threshold α = 0.95. This threshold is independent of the actual edge exposure probability of each field and represents a stress test condition where all conditional field sets simultaneously reach this extreme quantile threshold, i.e., assuming... As a stress test condition, the n-dimensional dynamic joint distribution function is used. Calculate the conditional risk value of the target field under this joint extreme assumption. That is, to solve for the unknowns in the following conditional probability equation, the mathematical expression of which is: ; in, Let be a random variable representing the probability quantile of the target field. The conditional quantile of the target field to be solved, i.e., the conditional risk value. These are random variables representing the probability quantiles of each associated condition field; The fixed threshold of 0.95 used here is not based on the current actual exposure probability, but to quantify the risk spillover effect of the target field under the extreme scenario of high-risk exposure occurring simultaneously in all associated fields, so as to obtain a conservative risk estimate. The conditional probability equation is solved using a numerical bisection approximation algorithm within the interval... Inner Iteration Input The guess value is up to In the dynamic joint distribution function, conditional probability numerical integration is performed. The conditional probability result is considered complete when the absolute error between the calculated result and the target value of 0.95 is less than the preset convergence tolerance. When the iteration stops, the input is... The guessed value is the conditional quantile of the target field, i.e., the conditional risk value; The numerical integration of conditional probability specifically includes: For multidimensional Copula functions In the given Under the conditions, The conditional cumulative distribution function is: ; in, The cumulative probability value of the target field under a given exposure level of the conditional field represents the probability of the observed conditional field set. The edge exposure probabilities are respectively Under the premise that the target field The edge exposure probability is less than or equal to a certain specific value. The probability; θ is the dynamic dependence parameter; A random variable representing the probability of edge exposure of the target field; A random variable representing the probability of edge exposure for each field in the set of conditional fields; It represents the edge exposure probability of each condition field at the current moment; Let be the mixed partial derivative of the joint probability distribution function with respect to the marginal probabilities of all condition fields. For the differential product term of the marginal distribution of the condition field, for Copula density function; Since direct analytical solutions are complex, this invention employs a numerical integration method for solving the problem, given a hypothetical value. The mixed partial derivatives in the numerator are approximated using the central difference method, and the conditional probability is approximated by accumulating the joint probability mass at discretized grid points. During the bisection iteration process, this conditional probability value needs to be calculated at each step until its error from the target value of 0.95 is less than the convergence tolerance. The condition for conditional probability is that the exposure probability of all conditional fields is equal to their preset pressure threshold or the current actual value. In this example, the pressure threshold is 0.95.

[0031] This invention employs a multidimensional Gumbel Copula function combined with a generalized autoregressive scoring mechanism to iteratively update dynamic dependency parameters, ensuring the model's covariance stability and response agility over time. By solving the conditional risk value of the target field under extreme stress test conditions, i.e., when each conditional field reaches the preset extreme quantile, the potential for data combination leakage caused by contextual correlation is captured.

[0032] The process of calculating the initial composite portfolio spillover risk value in the risk measurement module also includes: Combining the preset basic risk weights and spillover amplification weights, the initial portfolio spillover risk value is calculated. The mathematical expression for the initial portfolio spillover risk is: ; in, This is the initial composite portfolio overflow risk value. The basic risk weight is set to 0.3 in this embodiment. The basic risk value is taken as the preset extreme quantile. That is, its probability quantile value, representing the baseline of the target field's self-exposure risk when exposed to no related fields. As the overflow amplification weight, this embodiment uses a value of 0.7. This is the conditional overflow increment; In the mathematical expression for the initial composite spillover risk value, multiplying by 100 is to convert the probability dimension from 0 to 1 into a percentage rating scale. The final output R is a dimensionless pure numerical value limited to the range of 0 to 100, representing the absolute risk score exposed by the data combination in this API call.

[0033] Basic risk weights characterize the basic degree of harm exposed by a single field; The overflow amplification weights characterize the degree of nonlinear emergent harm caused by field combinations. These weight parameters are pre-calibrated by the security administrator based on attribution analysis results of historical leakage events. In this embodiment, they are preset. , .

[0034] By pre-setting basic risk weights and spillover amplification weights, this invention integrates the basic exposure benchmark of a single field with the derived risk quantity brought about by the combination of multiple fields. This weighted calculation not only truly reflects the nonlinear emergent hazard characteristics in historical leakage events, but also effectively maps complex probability measures into an absolute risk scoring scale from zero to one hundred, providing a unified and intuitive decision-making basis for subsequent strategy formulation.

[0035] The process of finding the optimal degradation policy vector in the policy optimization module specifically includes: Construct a degradation strategy vector, the elements of which include: data row-level sampling filtering rate, key field mask blur strength, and data timeliness decay. The algebraic decay formula is used to calculate the probability of exposure of the transformation edge for each field after the degradation strategy vector is executed. The mathematical expression for the probability of exposure of the transformation edge is: For the target field: ; For condition fields: ; in, For the first The probability of exposure to the conversion edge of each field. For the first Edge exposure probability of each field , and These are, respectively, the data row-level sampling filtering rate, the blurring intensity of the key field mask, and the data timeliness decay. , and These are the sampling attenuation coefficient, the mask attenuation coefficient, and the time attenuation coefficient, respectively. Substitute the transformation edge exposure probability of all fields into the multidimensional dynamic joint distribution model, recalculate the conditional quantile of the target field, and then obtain the conditional spillover increment. Combine the basic risk weight and the spillover amplification weight for weighted fusion to calculate the residual comprehensive combined exposure risk value after executing the downgrade strategy vector. We construct a security risk minimization objective function to find the degradation strategy that minimizes residual risk. The mathematical expression for the security risk minimization objective function is: ; in, For the degradation policy vector, For the safety risk objective function, This represents the residual combined exposure risk value.

[0036] In a specific embodiment of the present invention, the main objective of the strategy optimization module is, after receiving the initial comprehensive combined spillover risk value and the business rigidity utility index, to establish a multi-objective optimization model to find a degradation strategy that can minimize risk to the greatest extent while ensuring the bottom line of business operations. The specific process of multi-objective modeling and constraints includes: To transform physical interception actions at the gateway level into computable mathematical variables, this embodiment constructs a degradation policy vector. ,in, Constrained Within a continuous closed interval, the downgrade strategy vector contains three elements, representing the downgrade operation to be performed; This indicates the data row-level sampling filtering rate. 0 means intercepting and filtering 0% of the data rows, i.e., returning all rows; 1 means filtering 100% of the data rows, i.e., returning an empty set. This indicates the fuzziness strength of the key field mask. 0 represents returning the plaintext, 1 represents performing a full irreversible hash replacement on the field, and the middle value represents performing an asterisk mask replacement on only half the length of the field (such as the middle four digits of a mobile phone number). This indicates the data timeliness decay rate. 0 means that the underlying database is required to perform a real-time query and return the latest data, while 1 means that the oldest snapshot data allowed in the system cache is returned directly. In this embodiment, the maximum cache lifespan of the underlying layer is fixed at 24 hours. The intermediate value represents the time offset of linear interpolation between 0 and 24 hours. To quantify the effect of the degradation strategy vector on the reduction of initial risk, a minimum security risk objective function is established. The specific process includes: Extract the edge exposure probability of each field at the current time. Edge exposure probability characterizes the probability that each independent field will obtain complete plaintext information in the current API call; The elements in the degradation strategy vector are mathematical abstractions of the physical operations that the subsequent degradation execution module will perform, namely row-level pruning, dynamic masking, and time-based decay. In the optimization phase, these three operation parameters to be executed are transformed into decay perturbations on the edge exposure probability of each field, that is, simulating the suppression effect of physical degradation operations on information leakage. Three preset attenuation coefficients , and These correspond to the suppression effects of sampling, masking, and timeliness on the exposure probability, respectively. In this embodiment, a preset... , , The reason for selecting this set of values ​​is as follows: the masking operation directly destroys the data content, which has the most direct effect on reducing the risk of re-identification and has the highest attenuation coefficient. The sampling operation indirectly reduces the risk by reducing the hit rate of data rows, and its effect is second. The timeliness attenuation reduces the information utilization value of non-real-time data in specific real-time attack scenarios by returning non-real-time data. The conversion edge exposure probability of each field after the downgrade strategy vector is calculated using the algebraic decay formula. The conversion edge exposure probability of all fields is substituted into the multidimensional dynamic joint distribution model. The conditional quantile and conditional overflow increment of the target field are recalculated. The residual comprehensive combined exposure risk value after the downgrade strategy is obtained by combining the basic risk weight and the overflow amplification weight.

[0037] This invention utilizes an algebraic decay formula that includes sampling, masking, and timeliness coefficients to quantify and simulate the actual suppression effect of various physical degradation operations on the probability of information exposure. It constructs an objective function oriented towards minimizing the risk of residual combined exposure, and mathematically ensures that the selected execution actions can reduce data risk to the maximum extent.

[0038] The process of finding the optimal degradation policy vector in the policy optimization module specifically includes: The mathematical expression for the business utility objective function is: ; in, To retain business utility , and These are the business utility weights for data integrity, accuracy, and timeliness, respectively. , and These are fuzzy membership decay variables constructed for the three dimensions of data integrity, accuracy, and timeliness. Establish rigid constraint inequalities: ; in, To retain business utility It is a rigid utility index for business; Traverse the preset risk utility coordinate grid points. For each coordinate point, use a constrained multi-objective evolutionary algorithm with orthogonal learning strategy to solve for the Pareto optimal policy vector that satisfies the rigid constraint inequality. If a solution that satisfies the constraints cannot be found, the coordinate point is marked as a deadlock point, and a preset fallback strategy vector is bound to the deadlock point. Generate a Pareto optimal policy mapping table covering all scenarios. The mapping table records the mapping relationship between each coordinate point and the corresponding optimal policy vector or fallback policy vector. Based on the initial comprehensive combination spillover risk value and business rigidity utility index calculated in real time, the Pareto optimal strategy mapping table is queried. If a deadlock point is hit, the fallback strategy vector is directly output. If no deadlock point is found, an interpolation algorithm is used to calculate and output the final degradation policy vector based on the nearest neighbor grid point policy vector in the mapping table.

[0039] In one specific embodiment of the present invention, in order to quantify the negative impact of the degradation strategy on the normal operation of the business, a multi-attribute fuzzy comprehensive evaluation model is used to construct an objective function that maximizes the business utility. The specific process includes: Fuzzy membership decay variables are constructed for the three dimensions of data integrity, accuracy, and timeliness. , , Since the degradation strategy vector is positively correlated with the service quality degradation, in this embodiment, an integrity degradation is set. Accuracy decay Time-related decay ; Pre-assign business utility weights to data integrity, accuracy, and timeliness. In this embodiment, a fixed preset is used. The reason for selecting this set of weights is that completeness and accuracy are the cornerstones for maintaining the core business logic, and have an equal and significant impact on utility, while timeliness delays within a certain range can usually be tolerated by the business, so they are given a lower weight. The business utility retention after implementing the degradation strategy vector is calculated using a nonlinear penalty integration formula based on Euclidean distance. ; For the middle The dimensionless continuous values ​​between them, the purpose of the nonlinear square root penalty is to impose a more severe decay penalty on the total utility when a single dimension is extremely high, so as to prevent the generation of an extremely distorted degradation strategy. The objective function for maximizing business utility is ; To ensure that the generated strategy does not paralyze the business, it is also necessary to establish a rigid constraint inequality for model solving. The physical meaning of the rigid constraint inequality is that within the normal optimization space, any optimization-generated degradation strategy vector must not cause the business utility retention rate to fall below the business rigid bottom line analyzed in step 1. To ensure millisecond-level stability of the gateway system, this embodiment employs a decoupling mechanism combining offline pre-simulation and online interpolation. This mechanism exhaustively enumerates all possible combinations of risks and benefits in advance and solidifies the calculated optimal strategy into a lookup table dictionary. The decoupling mechanism process specifically includes: A baseline grid matrix is ​​constructed, containing 10,000 rows and 2 columns. The first column represents risk baseline coordinates covering the range of 0 to 100, and the second column represents utility baseline coordinates covering the range of 0 to 1. Within this two-dimensional continuous space, 10,000 rows of baseline coordinates are generated through uniform discretization sampling. Each row in the matrix represents a specific... Combination of scenario assumptions.

[0040] For each row of the matrix, a constrained multi-objective evolutionary algorithm with orthogonal learning strategy is used for global optimization. This algorithm is based on a non-dominated sorting genetic algorithm and its specific process includes: For the degradation policy vector Instead of random initialization, the solution space is initialized using a pre-defined orthogonal experimental design table. This means that the interval between 0 and 1 for each variable is divided into 9 uniform discrete numerical levels. An orthogonal matrix is ​​used to generate 81 initial population vectors X that are uniformly distributed in the solution space. This orthogonal sampling operation ensures that the initial population has an absolutely uniform coverage in the solution space, avoiding local deadlock caused by random sampling. The division of the interval between 0 and 1 into 9 levels is a trade-off between computational resources and optimization accuracy. The square of 9, i.e., 81 initial points, can ensure sufficient coverage density in the three-dimensional solution space to avoid premature convergence, while also preventing the offline simulation time from becoming unacceptable due to an excessively large population. Calculate the objective function value for each vector in the initial population. and ; Eliminate The population vector is used to calculate the remaining feasible solutions based on Pareto non-dominated sorting and crowding degree. Simulated binary crossover and polynomial mutation operators are used for evolutionary iteration, with the maximum number of iterations set to 200. If, in 200 iterations, the algorithm fails to find any solution that satisfies the condition... The module marks the coordinates in this scenario as deadlock points using the degradation strategy vector. Triggering a deadlock means facing an irreconcilable conflict. At this time, the system's security defense priority automatically takes precedence over business constraints, and a specific fallback strategy vector is bound to the deadlock point. This allows it to break rigid constraints as the highest level of emergency circuit breaker mechanism; Physical scenarios where deadlock points occur include forced degradation strategies, rigid business anomalies, and multi-objective conflicts. Forced degradation strategies include requiring a degradation operation when the initial composite spillover risk value R exceeds a certain extremely high threshold, such as 95. The value must not be lower than 0.2, otherwise the feasible solution space will shrink, potentially leading to a maximum reachable value of 0.2. Less than ; Business rigidity anomalies include those caused by computational errors in the feature parsing module or malicious attacks. If a value is incorrectly calculated to be greater than 1, then no degradation strategy can be satisfied. Multi-objective conflicts are included in Pareto optimization, satisfying Although feasible solutions exist, they are all compromised by the security objective. Extreme value search is excluded, such as premature convergence of evolutionary algorithms. If the algorithm cannot find a feasible solution after 200 iterations, it is also marked as deadlock to ensure real-time performance. The selection of the fallback strategy vector is based on the following: when the degradation strength of all three dimensions reaches 0.9, the information exposure probability can be reduced to about 30% of the original value through the algebraic decay formula, providing extremely high safety circuit breaker strength. At the same time, the reserved 0.1 non-degradation space avoids the system from completely crashing or returning garbled characters that completely destroy the system. If the convergence is normal, the policy vector closest to the ideal optimal point is selected from the Pareto front solution set as the optimal solution; In evolutionary algorithms, constraints The processing methods include: For each individual X, calculate its constraint violation degree. ,when If the condition is met, the individual is a feasible solution; otherwise, it is an infeasible solution. Any feasible solution takes precedence over any infeasible solution. Two feasible solutions are compared according to Pareto non-dominance, and two infeasible solutions are prioritized according to the degree of constraint violation. Crossover operations use simulated binary crossover, distribution index The mutation operation uses multinomial mutation, with a distribution index. Probability of mutation Where n is the dimension of the decision variables, n=3; After each generation of evolution, if the number of feasible solutions is zero, the mutation probability is dynamically increased to 0.2, and the individual with the smallest constraint violation among the infeasible solutions of the previous generation is retained as a repair seed to guide the population to search for feasible domains. After a maximum of 200 iterations, if the Pareto front among all feasible solutions in the current generation is not empty, then select the point closest to the ideal (…). The non-dominated solution with the closest Euclidean distance is taken as the optimal strategy. If the Pareto front is empty in all feasible solutions of the previous generation, then mark the grid point as a deadlock point. After traversing all 10,000 coordinate points, the algorithm finally generates and outputs a Pareto optimal policy mapping table covering the entire scene. The optimal policy mapping table records the... The mapping relationship between coordinate points and the corresponding optimal strategy vector or fallback strategy vector; When a real-time API request arrives at the gateway, the strategy optimization module extracts the calculated... and ; The module performs rapid retrieval within the baseline grid matrix. To address the issue of incomplete and precise alignment between real-time numerical values ​​and offline grid points, this embodiment employs a radial basis function-dimensional continuous interpolation algorithm. To eliminate the dimensional differences and order-of-magnitude imbalances between the risk dimension (0-100) and the utility dimension (0-1), the coordinates of the first two columns of the baseline grid matrix and the real-time input are pre-defined. Perform extreme value normalization mapping to the interval between 0 and 1; Calculate the normalized input points The Euclidean distances to the reference coordinates of each row of the matrix are sorted in ascending order. The first four nearest neighbor grid points are selected, and weighting coefficients are calculated for each of the four nearest neighbor grid points based on their Euclidean distances. The mathematical expression for the weighting coefficients is as follows: ; in, For the first Weighted coefficients for nearest neighbor grid points, For input points With the Euclidean distance between nearest neighbor grid points To achieve the desired smooth control parameters, this embodiment pre-sets... This value ensures the smoothness and locality of the interpolation in the normalized space. The four weighting coefficients After normalization, the vector is multiplied and accumulated with the corresponding policy vector to output the final downgrade policy vector. .

[0041] The multi-objective fuzzy comprehensive evaluation and solution architecture established in this invention takes into account both risk prevention and maintenance of business utility. By introducing an evolutionary algorithm with orthogonal learning strategy to generate Pareto optimal policy mapping table offline, and combining it with online radial basis function space continuous interpolation, the scheme successfully decouples the high computing power consumption of multi-objective optimization from the performance requirements of API gateway millisecond-level response. For the extremely strong fallback strategy of deadlock point binding, it provides circuit breaker protection in the face of algorithm non-convergence or extreme conflict scenarios.

[0042] After receiving the original data response message generated by the underlying business server based on the data call request, the degradation execution module performs degradation processing on the original data response message. The degradation processing of the data response message includes: row-level pruning, dynamic masking, and time-decrease cache mapping.

[0043] In a specific embodiment of the present invention, after the final report's degradation policy vector is generated, the policy is temporarily stored, and the data call request is allowed to the enterprise's backend real business server. After the business server processes the request, it generates an original data response message containing all plaintext data in JSON format and returns it to the data gateway. The degradation execution module deployed in the gateway's memory intercepts the original data response message and strictly follows the final degradation strategy vector. Perform the downgrade steps in sequence: The real-time line-level pruning operation includes: the module parses the JSON array of the original data response message, extracts the total number of data lines contained therein, the module iterates through the message line by line, and generates a pseudo-random decimal between 0 and 1 for each line of data. If this random decimal is strictly less than a parameter... If so, the module calls the memory processing instruction to directly remove the JSON node data of that line from the message, thus achieving data line sampling and filtering; Dynamic masking operations include: the module performing JSON key-value pair matching in the original data response message, locating the specific numeric string corresponding to the target field, such as an ID number string, obtaining the total length of the string, and multiplying it by a parameter. The number of characters to be masked is then rounded down. The module then extends symmetrically from the center of the string outwards, replacing the corresponding number of characters with preset asterisks. This enables targeted masking of specific fields. The time-decrease cache mapping operation includes: the gateway system has a locally configured Redis cache database, which continuously listens for and saves the recent historical data response messages returned by each API interface, and uses them as historical data snapshots, along with timestamps for storage. The module extracts the maximum cache delay time set by the system, which is 24 hours in this embodiment, and modifies it with parameters. Multiplying these values ​​yields the target time offset. The module calculates the current timestamp minus this target time offset, then queries the local Redis cache database for the latest available historical data snapshot with a timestamp less than or equal to the calculated value. If the snapshot is found, the original data response message to be returned is replaced with the entire data from that historical snapshot. If the offset is 0, skip this replacement step.

[0044] This invention employs row-level data sampling and pruning based on random numbers, dynamic masking extending from the character center to both ends, and a historical cache snapshot mapping mechanism based on timestamp offsets for message reconstruction. This not only effectively cuts off the substantial outflow of high-risk and sensitive data, but also ensures the complete return of the basic format of the backend service response message, thereby enhancing the fault tolerance capability of the frontend business system.

[0045] The data asset security risk dynamic early warning system based on big data analytics also includes an early warning module. This module triggers corresponding early warning actions based on the initial comprehensive combined overflow risk value and the final executed degradation strategy vector after a data response message has been downgraded and allowed to pass. The logic for triggering the early warning includes: If a deadlock point is hit during the strategy optimization phase and the fallback strategy vector is executed, an advanced warning signal is generated. If a deadlock point is not hit during the strategy optimization phase, and the initial comprehensive combination overflow risk value is greater than the preset risk alarm threshold (in this embodiment, the value is 80), then a medium-level warning signal is generated. If a deadlock point is not hit during the strategy optimization phase, and the initial comprehensive combination overflow risk value is less than or equal to the preset risk alarm threshold, then the process will proceed silently without triggering an early warning signal.

[0046] This invention integrates the security risk management of data assets with the underlying business needs, and breaks the traditional one-size-fits-all blocking mechanism based on static thresholds by parsing the business attributes of the called data fields and calculating the rigid utility index of the business. This invention can proactively and dynamically assess the tolerance levels of regulatory compliance, financial auditing, and macroeconomic statistics when encountering sudden high-risk calls, thereby effectively avoiding the accidental damage to the continuity of core business by security interception strategies and ensuring the basic readability and smooth flow of business. In response to the hidden danger of simultaneous leakage of multi-dimensional data in complex API requests, this invention constructs a multi-dimensional dynamic joint distribution model, which quantifies the nonlinear combination overflow risk of multiple related condition fields to the target field under extreme exposure scenarios. This method overcomes the defect of risk underestimation that is easily caused by independent assessment of single fields, and improves the depth perception and measurement accuracy of complex data leakage threats. This invention constructs a multi-objective strategy optimization mechanism under the rigid bottom-line constraint of ensuring business utility, and achieves a Pareto optimal balance between minimizing residual combination risk and maximizing business utility retention. Furthermore, it transforms the abstract security strategy generated by optimization into fine-grained physical degradation actions such as row-level data pruning, dynamic masking of key fields, and time-lapse cache mapping. This enables the reduction of the risk of core data asset re-identification and leakage in high-risk scenarios such as malicious data crawling or a surge in abnormal frequency without the need for direct circuit breaking.

[0047] Those skilled in the art will understand that embodiments of the present invention can be provided as methods, systems, or computer program products. Therefore, the present invention can take the form of a completely hardware embodiment, a completely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention can take the form of a computer program product implemented on one or more computer-usable storage media containing computer-usable program code. The storage medium can be implemented by any type of volatile or non-volatile storage device or a combination thereof, such as Static Random Access Memory (SRAM), Electrically Erasable Programmable Read-Only Memory (EEPROM), Erasable Programmable Read Only Memory (EPROM), Programmable Read-Only Memory (PROM), Read-Only Memory (ROM), magnetic storage, flash memory, magnetic disk, or optical disk. These computer program instructions may also be stored in a computer-readable storage medium that can direct a computer or other programmable data processing device to function in a particular manner, such that the instructions stored in the computer-readable storage medium produce an article of manufacture including instruction means, which are implemented in a process Figure 1 One or more processes and / or boxes Figure 1 The function specified in one or more boxes.

[0048] It should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention and are not intended to limit it. Although the present invention has been described in detail with reference to preferred embodiments, those skilled in the art should understand that modifications or equivalent substitutions can be made to the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention, and all such modifications or substitutions should be covered within the protection scope of the present invention.

Claims

1. A dynamic early warning system for data asset security risks based on big data analysis, characterized in that: include: The module includes a feature parsing module, a risk measurement module, a strategy optimization module, and a degradation execution module. The feature parsing module is used to parse the data call request, obtain the set of data fields to be called and the corresponding business attribute parameters, and calculate the business rigidity utility index based on the business attribute parameters. The risk measurement module is used to receive the data field set, construct a probability distribution model for each field based on historical call data, calculate the probability quantile value of each field at the current time, and calculate the initial comprehensive combined overflow risk value of the data field set based on the multidimensional dynamic joint distribution model. The strategy optimization module is used to receive the business rigidity utility index and the initial comprehensive combination spillover risk value, and with the goal of minimizing residual risk and maximizing business utility, solve for the optimal degradation strategy vector under the condition of satisfying the business rigidity utility index constraint. The degradation execution module is used to receive the degradation policy vector and perform degradation processing on the data response message based on the degradation policy vector.

2. The data asset security risk dynamic early warning system based on big data analysis as described in claim 1, characterized in that, The process of obtaining the business rigidity utility index specifically includes: The set of data fields to be called is parsed from the request body and URL path of the data call request, and the unique identifier of the calling API is extracted from the data call request header; Based on the unique identifier, the corresponding row is matched from the preset business tag matrix, and the corresponding business evaluation dimension is extracted. The business evaluation dimension includes the regulatory compliance strictness parameter, the financial audit accuracy parameter, and the macroeconomic statistical tolerance parameter. The process of calculating the surge ratio of call frequency specifically includes: The actual number of times the unique identifier is called within a preset first time period before the current moment is obtained, and the historical average number of times it is called within the same preset historical time period is calculated by extrapolating the same time period from the current moment. The actual number of times is called is divided by the historical average number of times to obtain the call frequency surge ratio.

3. The data asset security risk dynamic early warning system based on big data analysis as described in claim 2, characterized in that, The process of obtaining the business rigidity utility index also includes: Using the aforementioned business evaluation dimensions combined with the call frequency surge ratio, the original business rigidity utility index (without boundary truncation) is calculated. The mathematical expression for the original business rigidity utility index is: ; in, The original business rigid utility index, , and These are parameters for regulatory compliance stringency, financial audit accuracy, and macroeconomic statistical tolerance. The ratio of surges in call frequency; , , These are the preset dimension weight coefficients. This is the preset exception penalty coefficient; The original business rigidity utility index is truncated at its boundaries to obtain the business rigidity utility index.

4. The data asset security risk dynamic early warning system based on big data analysis as described in claim 3, characterized in that, The process of calculating the initial composite portfolio spillover risk value in the risk measurement module specifically includes: From the set of data fields, based on the preset data dictionary sensitivity classification, the field with the highest sensitivity score is identified as the target field, and the remaining fields are used as the set of condition fields; Retrieve historical request logs, and use a preset sliding time window to count the call frequency of all fields in the data field set during historical periods. Construct a call frequency sequence for each field, and normalize the call frequency sequence to obtain a normalized call frequency sequence. An empirical cumulative distribution function is constructed based on the normalized call frequency sequence as the cumulative probability distribution function for each field; After obtaining the actual call frequency of each field and normalizing it, the corresponding cumulative probability distribution function is substituted to calculate the probability quantile value of each field at the current time, which is used as the marginal exposure probability.

5. The data asset security risk dynamic early warning system based on big data analysis as described in claim 4, characterized in that, The process of calculating the initial composite spillover risk value in the risk measurement module further includes: Using multidimensional Gumbel Copula as the basis function, a multidimensional dynamic joint distribution model is constructed. The mathematical expression of its basic joint distribution formula is as follows: ; in, Let be the joint probability value output by the n-dimensional joint probability distribution function. θ represents the edge exposure probability of each data field at the current time, and θ is the dynamic dependency parameter. The dynamic dependence parameters are dynamically updated using a generalized autoregressive scoring mechanism; The conditional spillover increment is calculated based on the aforementioned multidimensional dynamic joint distribution model. The specific process includes: Calculate the unconditional basic risk value of the target field at the preset extreme quantiles; Given that the marginal exposure probability of all fields in the set of conditional fields reaches the preset extreme quantile, the conditional risk value of the target field is solved using the multidimensional dynamic joint distribution model. The difference between the conditional risk value and the unconditional basic risk value is used as the conditional overflow increment.

6. The data asset security risk dynamic early warning system based on big data analysis as described in claim 5, characterized in that, The process of calculating the initial composite spillover risk value in the risk measurement module further includes: Combining the preset basic risk weights and spillover amplification weights, the initial composite portfolio spillover risk value is calculated. The mathematical expression for the initial composite portfolio spillover risk is: ; in, This is the initial composite portfolio overflow risk value. Basic risk weights Basic risk value, For overflow amplification weights, This is the conditional overflow increment.

7. The data asset security risk dynamic early warning system based on big data analysis as described in claim 6, characterized in that, The process of finding the optimal degradation strategy vector in the strategy optimization module specifically includes: Construct a degradation strategy vector, the elements of which include: data row-level sampling filtering rate, key field mask blur strength, and data timeliness decay degree; The probability of exposure to the transformation edge of each field after implementing the degradation strategy vector is calculated using the algebraic decay formula. The mathematical expression for the probability of exposure to the transformation edge is: For the target field: ; For condition fields: ; in, For the first The probability of conversion edge exposure for each field. For the first Edge exposure probability of each field , and These are, respectively, the data row-level sampling filtering rate, the blurring intensity of the key field mask, and the data timeliness decay. , and These are the sampling attenuation coefficient, the mask attenuation coefficient, and the time attenuation coefficient, respectively. Substitute the transformation edge exposure probability of all fields into the multidimensional dynamic joint distribution model, recalculate the conditional quantile of the target field, and then obtain the conditional overflow increment. Combine the basic risk weight and the overflow amplification weight for weighted fusion to calculate the residual comprehensive combined exposure risk value after executing the downgrade strategy vector. Construct a security risk minimization objective function, the mathematical expression of which is: ; in, For the degradation policy vector, For the safety risk objective function, This represents the residual combined exposure risk value.

8. The data asset security risk dynamic early warning system based on big data analysis as described in claim 7, characterized in that, The process of finding the optimal degradation strategy vector in the strategy optimization module specifically includes: The mathematical expression for the business utility objective function is: ; in, To retain business utility , and These are the business utility weights for data integrity, accuracy, and timeliness, respectively. , and These are fuzzy membership decay variables constructed for the three dimensions of data integrity, accuracy, and timeliness. Establish rigid constraint inequalities: ; in, To retain business utility This refers to the rigid utility index of the aforementioned business. Traverse the preset risk utility coordinate grid points. For each coordinate point, use a constrained multi-objective evolutionary algorithm with orthogonal learning strategy to solve for the Pareto optimal policy vector that satisfies the rigid constraint inequality. If a solution that satisfies the constraints cannot be found, the coordinate point is marked as a deadlock point, and a preset fallback strategy vector is bound to the deadlock point. Generate a Pareto optimal policy mapping table covering all scenarios. The mapping table records the mapping relationship between each coordinate point and the corresponding optimal policy vector or fallback policy vector. Based on the initial comprehensive combination spillover risk value and business rigidity utility index calculated in real time, the Pareto optimal strategy mapping table is queried. If a deadlock point is hit, the fallback strategy vector is directly output. If no deadlock point is found, an interpolation algorithm is used to calculate and output the final degradation policy vector based on the nearest neighbor grid point policy vector in the mapping table.

9. The data asset security risk dynamic early warning system based on big data analysis as described in claim 8, characterized in that, After receiving the original data response message generated by the underlying business server based on the data call request, the degradation execution module performs degradation processing on the original data response message. The degradation processing of the data response message includes: row-level pruning, dynamic masking, and time-decrease cache mapping.

10. The data asset security risk dynamic early warning system based on big data analysis as described in claim 9, characterized in that, The data asset security risk dynamic early warning system based on big data analysis also includes an early warning module, which is used to trigger a corresponding early warning action based on the initial comprehensive combined overflow risk value and the final executed degradation strategy vector after the data response message is downgraded and allowed to pass. The logic for triggering the early warning includes: If a deadlock point is hit during the strategy optimization phase and the fallback strategy vector is executed, an advanced warning signal is generated. If a deadlock point is not hit during the strategy optimization phase, and the initial comprehensive combination overflow risk value is greater than the preset risk alarm threshold, a medium-level early warning signal is generated. If a deadlock point is not hit during the strategy optimization phase, and the initial comprehensive combination overflow risk value is less than or equal to the preset risk alarm threshold, then the process will proceed silently without triggering an early warning signal.