CN113536095A - Data recommendation method and device and storage medium - Google Patents

Abstract

The invention discloses a data recommendation method, device and storage medium, wherein the method includes: determining first data to be sent; the first data is behavior data collected locally by a terminal; sending the second data to a server Wherein, when it is determined that the first data does not meet the conversion conditions, the second data is the first data; when it is determined that the first data meets the conversion conditions, the second data is based on the first data obtaining the disturbance data; and receiving the recommendation data determined and sent by the server according to the second data.

Description

A data recommendation method, device and storage medium

technical field

The present invention relates to data privacy technology, and in particular, to a data recommendation method, device and storage medium.

Background technique

The recommendation system usually recommends the information and products that the user is interested in according to the user's interest characteristics and purchasing behavior. According to the different locations of recommendation algorithms, recommendation systems are divided into server-side recommendation systems, client-side recommendation systems, and proxy server-side recommendation systems. The existing privacy protection schemes for recommendation systems generally perturb the uploaded or collected data on the client or server side through various technologies, or rewrite the recommendation algorithm to achieve the purpose of privacy protection, such as using centralized differential privacy technology to achieve privacy protection.

However, the centralized differential privacy technology requires the data collector to be an honest party and will not cause malicious behavior to the real data uploaded by the user. In real scenarios, there is no completely trusted data collector, and many users do not It is hoped that manufacturers can obtain their own private data, but applications such as precision marketing, advertisement placement, and personalized recommendation need to perform data mining on a large amount of user data to obtain more accurate user portraits and improve user experience; how to ensure user privacy on the basis of Achieving accurate recommendation is a problem that needs to be solved at present.

SUMMARY OF THE INVENTION

In view of this, the main purpose of the present invention is to provide a data recommendation method, device and storage medium.

In order to achieve the above object, the technical scheme of the present invention is achieved in this way:

An embodiment of the present invention provides a data recommendation method, the method is applied to a terminal, and the method includes:

Determine the first data to be sent; the first data is behavior data collected locally by the terminal;

Send the second data to the server; wherein, when it is determined that the first data does not meet the conversion conditions, the second data is the first data; when it is determined that the first data meets the conversion conditions, the second data is the disturbance data obtained based on the first data;

Receive recommendation data determined and sent by the server according to the second data.

In the above scheme, the method further comprises: judging whether the first data satisfies the conversion condition;

The judging whether the first data satisfies the conversion condition includes:

Determine a preset privacy parameter; the privacy parameter is associated with a preset privacy protection degree;

determining a perturbation probability value according to the preset privacy parameter;

According to the perturbation probability value, a binary random response is performed on the first data to obtain a response result; the response result represents whether the first data is converted;

Corresponding to the response result indicating that the first data is not converted, the first data does not meet the conversion condition;

In the case that the first data is transformed corresponding to the response result, the first data satisfies the transformation condition.

In the above solution, the first data includes: at least one parameter and a value corresponding to each parameter in the at least one parameter;

Transforming the first data includes:

Perform a multi-value random response on the numerical value corresponding to each parameter in the at least one parameter, and obtain a random response result corresponding to each parameter in the at least one parameter;

The second data is obtained according to the random response result corresponding to each parameter in the at least one parameter.

In the above solution, the multi-value random response is performed on the numerical value corresponding to each parameter in the at least one parameter, and the random response result corresponding to each parameter in the at least one parameter is obtained, including:

According to a preset privacy parameter, a multi-value random response is performed on the value corresponding to each parameter in the at least one parameter, and a random response result corresponding to each parameter in the at least one parameter is obtained; the privacy parameter is the same as the preset privacy protection degree related.

In the above solution, the method further includes: determining the similarity between the first data and the second data;

Before the sending the second data to the server, the method further includes:

Add a label to the second data according to the similarity; the label indicates whether the recommendation data determined based on the second data is adopted;

After receiving the recommendation data determined and sent by the server according to the second data, the method further includes:

determining the label of the second data corresponding to the recommended data;

The recommendation result is determined according to the label of the second data corresponding to the recommendation data; the recommendation result represents whether the recommendation is performed according to the recommendation data.

An embodiment of the present invention provides a data recommendation device, the device includes: a first processing module, a second processing module, and a third processing module; wherein,

The first processing module is used to determine the first data to be sent; the first data is behavior data collected locally by the terminal;

The second processing module is configured to send the second data to the server; wherein, when it is determined that the first data does not meet the conversion condition, the second data is the first data; when it is determined that the first data meets the When converting conditions, the second data is the disturbance data obtained based on the first data;

The third processing module is configured to receive recommendation data determined and sent by the server according to the second data.

In the above solution, the second processing module is used to determine a preset privacy parameter; the privacy parameter is associated with a preset privacy protection degree;

determining a perturbation probability value according to the preset privacy parameter;

According to the perturbation probability value, a binary random response is performed on the first data to obtain a response result; the response result represents whether the first data is converted;

Corresponding to the response result indicating that the first data is not converted, the first data does not meet the conversion condition;

In the case that the first data is transformed corresponding to the response result, the first data satisfies the transformation condition.

In the above solution, the first data includes: at least one parameter and a value corresponding to each parameter in the at least one parameter;

The second processing module is configured to perform a multi-value random response to the numerical value corresponding to each parameter in the at least one parameter, and obtain a random response result corresponding to each parameter in the at least one parameter;

The second data is obtained according to the random response result corresponding to each parameter in the at least one parameter.

In the above solution, the second processing module is configured to perform a multi-value random response to the value corresponding to each parameter in the at least one parameter according to the preset privacy parameter, and obtain the random value corresponding to each parameter in the at least one parameter. A response result; the privacy parameter is associated with a preset privacy protection degree.

In the above solution, the second processing module is further configured to determine the similarity between the first data and the second data;

And, the second processing module is further configured to add a label to the second data according to the similarity before sending the second data to the server; the label indicates whether a method determined based on the second data is used recommended data;

The third processing module is further configured to, after receiving the recommendation data determined and sent by the server according to the second data, determine the label of the second data corresponding to the recommendation data;

The recommendation result is determined according to the label of the second data corresponding to the recommendation data; the recommendation result represents whether the recommendation is performed according to the recommendation data.

An embodiment of the present invention provides a data recommendation apparatus, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the steps of the above data recommendation method when the program is executed.

Embodiments of the present invention further provide a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed by a processor, implements the steps of the above data recommendation method.

The data recommendation method, device, and storage medium provided by the embodiments of the present invention determine the first data to be sent; the first data is behavior data collected locally by the terminal; send the second data to the server; When the first data does not meet the conversion conditions, the second data is the first data; when it is determined that the first data meets the conversion conditions, the second data is the disturbance data obtained based on the first data; receiving The recommended data determined and sent by the server according to the second data; in this way, by performing localized differential privacy (LDP, Local Differential Privacy) processing on the uploaded data, it is possible to resist the situation that untrustworthy data collectors leak user private data .

Description of drawings

1 is a schematic flowchart of a data recommendation method according to an embodiment of the present invention;

2 is a schematic flowchart of another data recommendation method provided by an embodiment of the present invention;

3 is a schematic flowchart of still another data recommendation method provided by an embodiment of the present invention;

4 is a schematic structural diagram of a data recommendation apparatus according to an embodiment of the present invention;

5 is a schematic structural diagram of a data recommendation system according to an embodiment of the present invention;

FIG. 6 is a schematic structural diagram of another data recommendation apparatus provided by an embodiment of the present invention.

Detailed ways

Before the present invention is further described in detail with reference to the embodiments, privacy protection and related technologies for recommendation based on data after privacy protection are described first.

The rapid development of the Internet industry has brought people the convenience and speed of data sharing, but the risk of privacy leakage caused by this has been increasing day by day. high demands. With the advent of the era of big data, manufacturers are increasingly focusing on user data. Existing research shows that attackers can discover user privacy information from massive data, instead of directly obtaining it by accessing data, which makes traditional encryption and access control technologies unable to resist this type of attack. There are three main ways to protect privacy: data distortion, data encryption, and access control. The current privacy protection technology combines the above-mentioned various schemes, such as K-anonymity, l-diversity, T-closeness and other technologies play a certain role in resisting consistency attacks, background knowledge attacks, and similarity attacks , these technologies all rely on the background knowledge of the attacker, but do not make reasonable assumptions about the attack model; another example is the differential privacy model proposed by C.Dwork et al., which provides a higher level of security for personal information without relying on How much background knowledge the attacker has, the purpose of protecting privacy in data analysis is achieved by introducing noise and other data randomization methods.

The recommendation system usually recommends the information and products that the user is interested in according to the user's interest characteristics and purchasing behavior. According to the different locations of recommendation algorithms, recommendation systems are divided into server-side recommendation systems, client-side recommendation systems, and proxy server-side recommendation systems. Existing privacy protection schemes for recommendation systems generally use various techniques to perturb the uploaded or collected data on the client or server side, or rewrite the recommendation algorithm to achieve the purpose of privacy protection. In the prior art, a recommendation system based on differential privacy protection is proposed. For example, the differential privacy method is introduced into the recommendation algorithm based on K-nearest neighbors, and the privacy of neighbors is selected under the framework of differential privacy and recommended based on this method. Effectively resist attacks based on similar users; Arnaud et al. proposed a matrix factorization method for differential privacy protection. Under the algorithm that uses the matrix factorization method for recommendation, the method introduces user rating data and stochastic gradient descent process to satisfy differential privacy. Conditional noise disturbance, this scheme can resist attacks on the server side to a certain extent; Shen et al. proposed a recommendation system that applies differential privacy to the client side, and uses public data to calculate the size of the disturbance to the user data to ensure the user data after disturbance. availability.

However, the above methods adopt a central differential privacy model with a key assumption, that is, the data collectors are honest parties and do not maliciously act on the real data uploaded by users. In real scenarios, completely trusted data collectors do not exist, and in many cases users do not want manufacturers to obtain their private data. And precision marketing, advertising, personalized recommendation and other applications need to mine a large amount of user data to obtain more accurate user portraits and improve user experience.

For recommender systems, an important issue in the research on the architecture of recommender systems is where user information collection and user description files are placed, on the server or on the client, or on the proxy server in between. When the recommendation algorithm is implemented on the server or proxy server, the security of users' private data will not be guaranteed. Both the administrator of the recommendation system and the person who hacks the recommendation system can easily obtain the user data stored on the server. Since the user's personal data is of high value, some people who come into contact with the user's data will sell the user's data or use the user's data for illegal purposes. It is difficult for client-based recommendation systems to obtain data from other users, and it is difficult to obtain user description files, and it is also difficult to implement collaborative recommendation strategies, often requiring the design of more complex recommendation algorithms.

In response to the above problems, the solution provided by the embodiment of the present invention is to determine the first data to be sent; the first data is the behavior data collected locally by the terminal; the second data is sent to the server; wherein, after determining the first data When the conversion condition is not met, the second data is the first data; when it is determined that the first data meets the conversion condition, the second data is the disturbance data obtained based on the first data; The second data is the recommended data determined and sent.

The present invention will be described in further detail below in conjunction with the embodiments.

FIG. 1 is a schematic flowchart of a data recommendation method provided by an embodiment of the present invention; as shown in FIG. 1 , the data recommendation method is applied to a terminal (such as a mobile phone, a tablet computer, a personal computer, a notebook computer, etc.); the method include:

Step 101: Determine the first data to be sent; the first data is behavior data collected locally by the terminal;

Step 102: Send the second data to the server; wherein, when it is determined that the first data does not meet the conversion conditions, the second data is the first data; when it is determined that the first data meets the conversion conditions, the The second data is the disturbance data obtained based on the first data;

Step 103: Receive recommendation data determined and sent by the server according to the second data.

In one embodiment, the method further includes: judging whether the first data satisfies conversion conditions;

The judging whether the first data satisfies the conversion condition includes:

Determine a preset privacy parameter; the privacy parameter is associated with a preset privacy protection degree;

determining a perturbation probability value according to the preset privacy parameter;

According to the perturbation probability value, a binary random response is performed on the first data to obtain a response result; the response result represents whether the first data is converted;

When the response result indicates that the first data is not converted, the first data does not meet the conversion conditions; correspondingly, the first data can be used as the second data;

In the case where the first data is transformed corresponding to the response result, the second data satisfies the transformation conditions; correspondingly, the disturbance data obtained based on the first data may be used as the second data.

Specifically, to determine whether the first data satisfies the transformation condition here, a binary random response may be performed on the first data according to the disturbance probability value, and the determination may be made according to the response result. That is, when the response result indicates that the first data is not transformed, it can be determined that the first data does not meet the transformation conditions, and when the response result indicates that the first data is transformed, it can be determined that the second data meets the requirements. Conversion conditions.

Here, the perturbation probability value is a probability value representing whether to perform privacy protection on the first data to be uploaded.

The binary random response is described in detail below.

In the binary random response, upload the user's real data with the probability of p, that is, the above-mentioned real first data, and upload a disturbance data ( i.e. distorted data). Here, the binary random response satisfies the following formula (1):

That is to say, corresponding to the case where the response result indicates that the first data is not transformed, that is, under the probability of p, the first data is used as the second data;

In the case of transforming the first data corresponding to the response result, that is, under the probability of 1-p, the disturbance data obtained by transforming the first data is used as the second data.

Here, by using the Randomized Response technology, it is difficult for the server to distinguish between real data (ie, first data) or disturbed data uploaded by the user, and the terminal side can deny the real data uploaded by itself with a probability of 1-p.

It should be noted that, in the binary random response technology, the relationship between the probability p of answering the real answer (here refers to uploading the real first data) and the preset privacy parameter ε of localized differential privacy satisfies the following formula (2) :

When the user chooses a higher degree of privacy protection, the value of the privacy budget parameter ε of localized differential privacy will be smaller, and correspondingly, the probability p of the terminal uploading real data to the server will be lower.

That is to say, the determining the perturbation probability value according to the preset privacy parameter may include:

According to the preset privacy parameter, the corresponding relationship between the privacy parameter and the disturbance probability value is queried, and the disturbance probability value corresponding to the preset privacy parameter is determined.

The corresponding relationship between the privacy parameter and the perturbation probability value may be preset by the developer and stored in the server, and automatically obtained by the terminal from the server when the perturbation probability value is determined, or may be stored in the client loaded by the terminal. , which is not limited here.

Here, setting the corresponding relationship between the privacy parameter and the perturbation probability value can be determined according to the above formula (2).

Specifically, the privacy parameter is associated with a preset privacy protection degree, and the preset privacy protection degree can be specifically set by the user through the human-computer interaction interface of the terminal; different protection degrees correspond to different privacy parameters; for example : The terminal (specifically, it can be understood as the client loaded on the terminal) provides selection buttons, corresponding to the first-level protection level, the second-level protection level, and the third-level protection level; wherein, the first-level protection level is greater than the second-level protection level , the second-level protection degree is greater than the third-level protection degree; correspondingly, the privacy parameter corresponding to the first-level protection degree is smaller than the privacy parameter corresponding to the second-level protection degree, and the privacy parameter corresponding to the second-level protection degree is smaller than the third-level protection degree The privacy parameter corresponding to the degree. The user selects different privacy protection degrees through their own requirements, and then the terminal can determine different privacy protection degrees and corresponding privacy parameters.

Here, before the data recommendation method is enabled, the user can also choose whether to adopt privacy protection according to his own needs. For example, the terminal provides a close button. When the user selects the privacy protection level of historical data on the terminal, in addition to the above-mentioned first-level protection level, second-level protection level, and third-level protection level, the terminal can also provide a close button. If the close button is selected , the representation does not use privacy protection.

In one embodiment, the first data includes: at least one parameter and a value corresponding to each parameter in the at least one parameter;

Transforming the first data includes:

Perform a multi-value random response on the numerical value corresponding to each parameter in the at least one parameter, and obtain a random response result corresponding to each parameter in the at least one parameter;

The second data is obtained according to the random response result corresponding to each parameter in the at least one parameter.

By transforming the first data in the above manner, disturbance data can be obtained based on the first data, and the obtained disturbance data can be used as the second data.

Specifically, performing a multi-value random response to the value corresponding to each parameter in the at least one parameter to obtain a random response result corresponding to each parameter in the at least one parameter, including:

According to a preset privacy parameter, a multi-value random response is performed on the value corresponding to each parameter in the at least one parameter, and a random response result corresponding to each parameter in the at least one parameter is obtained; the privacy parameter is the same as the preset privacy protection degree related.

Specifically, the multi-valued response refers to performing a random response with respect to the value corresponding to each parameter according to preset privacy parameters.

For example, the first data includes: at least one commodity (that is, the at least one parameter) and a score corresponding to each commodity (that is, the value corresponding to each parameter); the first data may be recorded in the form of a vector, which is recorded as X=(x ₁ , x ₂ ,...x _i ,...x _n ), where x _i represents the user's evaluation of the i-th product, generally, a score of 0 means that the user has not used the product, or has not Evaluation of this product.

Multi-value random responses are performed for the scores corresponding to each item, including:

When the random response technology judges that the real data is not to be uploaded to the server this time, the terminal will make a multi-value random response to each bit x _i of the vector X; For k levels, the terminal will perform a multi-valued random response to each bit x _i in the vector X by the following formula (3):

Among them, e represents a natural constant, ε represents a preset privacy parameter, and k represents the original value of x _i , that is, the original score;

的概率被置为原来的值，有

的概率被置为1,2,…,k中不等于x_i的任意一个值，算法输出结果记为y_i,最终，得到一条每一位经过扰动后的扰动数据Y＝(y₁,y₂,…y_i,…y_n)。Specifically, for a certain bit x _i in the vector X, we have

The probability of is set to the original value, there is

The probability of is set to 1,2,...,k which is not equal to any value of x _i , the output result of the algorithm is recorded as y _i , and finally, a disturbed data Y=(y ₁ ,y ₂ ,…y _i ,…y _n ).

In practical application, considering that the disturbance data is quite different from the original data (that is, the original first data), the recommended data determined according to the disturbance data does not match the result required by the user. If the recommended data is still recommended to the user It will reduce the user's experience, so here it is judged whether to use the recommended data determined according to the disturbance data to recommend to the user.

Based on this, in an embodiment, the method further includes: determining a similarity between the first data and the second data;

Before the sending the second data to the server, the method further includes:

Add a label to the second data according to the similarity; the label indicates whether the recommendation data determined based on the second data is adopted;

After receiving the recommendation data determined and sent by the server according to the second data, the method further includes:

determining the label of the second data corresponding to the recommended data;

The recommendation result is determined according to the label of the second data corresponding to the recommendation data; the recommendation result represents whether the recommendation is performed according to the recommendation data.

Here, after the disturbance data (denoted as Y) is obtained through random response, the Euclidean distance between the original data (ie the first data X) and the disturbance data Y (ie the second data) is calculated to characterize the original data X and the disturbance data Y The similarity between , where the Euclidean distance is calculated as follows:

Here, the similarity is used to determine whether the recommendation condition is met, the recommendation result is used when the recommendation condition is met, and the recommendation result is not used when the recommendation condition is not met. The said meeting the recommendation condition means that the similarity exceeds the preset similarity threshold; on the contrary, the said not meeting the recommendation condition means that the similarity does not exceed the preset similarity threshold; the similarity threshold is preset by the developer and saved in the server middle.

The label may be marked in the form of numbers, for example, a number 1 indicates that the recommended data determined based on the second data can be used, and a number 0 indicates that the recommended data determined based on the second data is not used; of course, the label can also be used. Use other characters such as numbers or letters to mark, which is not limited here.

The second data carries a label. After receiving the second data carrying the label, the server determines recommended data according to the second data; and adds the same label to the recommended data based on the carried label, that is, The recommendation data sent to the terminal also carries tags, so that the terminal can determine the tag of the second data corresponding to the recommendation data based on the received recommendation data, and determine the recommendation result according to the tag of the second data corresponding to the recommendation data .

Correspondingly, an embodiment of the present invention further provides a data recommendation method, where the data recommendation method is applied to a server, and the server performs recommendation by using the data recommendation method. FIG. 2 is a schematic flowchart of another data recommendation method provided by an embodiment of the present invention. As shown in FIG. 2 , the method includes:

Step 201: Receive second data sent by the terminal; the second data is the first data or the disturbance data converted based on the first data; the first data is the original data collected from the terminal;

Step 202: Determine recommendation data based on the received second data; the recommendation data carries a label, and the label indicates whether the recommendation data determined based on the second data is adopted;

Step 203: Send the recommendation data to the terminal.

After the server receives the second data sent by the terminal, the recommended data may be determined according to the second data. Specifically, the server may use any data recommendation method for determining the recommended data based on the received second data. Not limited.

The following provides a method for determining recommendation data based on the received second data, including:

Determine the characteristics of each parameter in the second data and the value corresponding to each parameter, and determine the first vector according to the characteristics of each parameter in the second data and the value corresponding to each parameter;

Obtain at least one second vector; the second vector is obtained based on second data obtained from other terminals;

determining the similarity between the first vector and each of the second vectors in the at least one second vector;

Determine a target second vector whose similarity with the first vector exceeds a preset threshold from at least one second vector according to the similarity; the preset threshold is preset by the developer and stored in the server;

The terminal corresponding to the target second vector is determined, and recommendation data is determined based on data sent by the terminal corresponding to the target second vector.

Specifically, the recommendation data is determined based on the data sent by the terminal corresponding to the target second vector, including:

determining at least one first parameter included in the data sent by the terminal corresponding to the target second vector;

determining at least one second parameter included in the data sent by the terminal corresponding to the first vector;

The at least one second parameter is filtered out from the at least one first parameter, and the remaining second parameter is used as recommendation data.

The above is only to provide a reference method for determining the recommendation data, and other methods may also be used in practical applications, and there is no limitation on how to determine the recommendation data in the embodiment of the present invention.

The determining of recommendation data based on the received second data includes:

determining a tag carried by the second data;

Determine recommended data based on the second data, and add the tag to the recommended data;

Correspondingly, the sending the recommendation data to the terminal includes: sending the recommendation data carrying the tag to the terminal.

FIG. 3 is a schematic flowchart of still another data recommendation method provided by an embodiment of the present invention; as shown in FIG. 3 , the data recommendation method includes:

Step 301, the client uses the localized differential privacy technology to randomize the historical data to be uploaded;

Here, the client can be implemented by being loaded on a device, and the device can be a terminal to which the method shown in FIG. 1 is applied.

Specifically, the step 301 includes:

Step 3011: Perform a binary random response on whether to upload real historical data to the server, and obtain a random response result; the random response result represents whether to upload real historical data. In this binary random response, the real historical data is uploaded with the probability of p, and a disturbance data in the same form as the real historical data is uploaded with the probability of 1-p; the binary random response satisfies the following formula (4):

Here, using the random response technology, it is difficult for the server to distinguish the data uploaded by the client as real historical data or disturbance data, and the user can deny himself uploading real historical data with a probability of 1-p.

In the recommendation algorithm, the historical data uploaded by the client can generally be expressed as a vector X=(x ₁ ,x ₂ ,...x _i ,...x _n ) in the form of "product-rating", where x _i represents the user's The evaluation of the i-th product, generally, a score of 0 indicates that the user has not used the product, or has not commented on the product.

For example, the historical data may be data related to movies watched by the user, data of books read by the user, data of a certain type of items purchased by the user;

Taking the commodity as a movie as an example, the rating is the rating of the user for the movie; that is, the historical data includes: at least one movie and the rating corresponding to each movie;

For example, the historical data includes: Movie 1-3 points, Movie 2-5 points, Movie 3-9 points, ..., Movie N-6 points.

Step 3012: When the random response technology judges not to upload real historical data to the server, the client will make a multi-value random response to each bit x _i of the vector X; specifically, it is assumed that the score can be 1, 2, . . . ,k, a total of k levels, the client will perform a multi-value random response to each bit x _i in the vector X according to the formula (5):

Among them, e represents a natural constant, ε represents a preset privacy parameter, and k represents the value in the original _xi ;

的概率被置为原来的值，有

的概率被置为1,2,…,k中不等于x_i的任意一个值,算法输出结果记为y_i,最终，得到一条每一位经过扰动后的扰动数据向量Y＝(y₁,y₂,…y_i,…y_n)。Specifically, for a certain bit x _i in the vector X, we have

The probability of is set to the original value, there is

The probability of is set to 1,2,...,k is not equal to any value of x _i , the output result of the algorithm is recorded as y _i , and finally, a perturbed data vector Y=(y ₁ , y ₂ ,…y _i ,…y _n ).

Specifically, before the step 301, the method further includes:

Before the recommendation service is enabled, users can choose the privacy protection degree of historical data on the client side, corresponding to whether to use localized differential privacy to protect historical data and the degree of protection of localized differential privacy.

Step 302: The client determines the target data, and sends the target data to the server.

Here, the target data is the uploaded data obtained after processing in step 301, and specifically may be real historical data or disturbance data obtained after processing the historical data.

Specifically, the step 302 further includes:

After the disturbance data Y is obtained through random response, the Euclidean distance between the original historical data X and the disturbance data Y is calculated as the similarity between the original data X and the disturbance data Y; here the Euclidean distance is calculated as follows (6 ):

According to the calculated similarity, the label corresponding to the target data is determined, and the label characterizes whether the recommendation data determined based on the target data is adopted;

Correspondingly, the sending the target data to the server includes:

Send the target data with the tag to the server.

Specifically, the historical data, that is, the vector X, is subjected to localized differential privacy processing and denoted as X' (X'=X, X'=Y), and the client marks X' before uploading X', such as adding it to represent Whether to use the label of the recommended data determined based on the X'; when the client receives the recommended data, it can determine whether to use the corresponding recommended data according to the label carried by the recommended data (for details, see the method shown in Figure 1, which is not repeated here. repeat).

Or, the client side marks X' before uploading X', and records the relationship between the uploaded X' and X locally; for example, add a unique label a to X; when the uploaded X'=X, add a label to X' (ie a), or when the uploaded X'=Y and the similarity between X and Y is higher than the set similarity threshold, add a label (such as a') to Y, where the similarity between Y and X is not If it is higher than the set similarity threshold, it can be unmarked or marked with other characters to indicate that the recommendation data based on Y is not used; here, a' and a have a corresponding relationship; when the client receives the recommendation data, it compares and recommends The label of the data (that is, the label a or a' corresponding to X') and the local labeled label (including the label a of the real historical data X, and the label a' of the disturbance data Y with a high similarity to the real historical data ), if the label carried by the returned recommendation data is a' or a, and it can be determined that it matches the locally marked label, the current recommendation data is used; otherwise, the current recommendation data is not used.

Step 303: The server receives the target data sent by the client, and according to the received target data, uses a preset recommendation method to determine the recommended data;

It should be noted that since the perturbed data is in the same form as the real uploaded data, the data processed by localized differential privacy can still be recommended by the existing recommendation algorithm. After running the recommendation algorithm, the server returns the recommendation data to the client with the tag.

Here, the preset recommendation method specifically refers to the method shown in FIG. 2 , which will not be repeated here.

Step 304, the server sends the recommended data and the tags corresponding to the recommended data to the client;

Step 305: The client determines the recommendation result according to the recommendation data and the tags corresponding to the recommendation data.

The following is a further description of the localized differential privacy technology and random response technology involved in the above scheme.

Differential privacy technology is an important privacy protection method, which has been widely used in many fields in recent years. Differential privacy does not require guaranteeing the overall privacy of the data set, but provides protection for the privacy of individuals in the data set. It distorts the original statistical data by adding random noise, etc., so that the change of any record in the data set has a limited impact on the query output result, so that the attacker cannot know the private information of the individual by observing the query result. Safety is guaranteed at the expense of a certain degree of accuracy.

Localized differential privacy technology is a data collection framework based on centralized differential privacy protection technology, which is different from the assumption of centralized differential privacy for trusted third parties, which is aimed at untrusted third-party data collectors.

The protection model under localized differential privacy fully considers the possibility of data collectors stealing or leaking user privacy during data collection. In this model, each user first performs privacy processing on the data, and then sends the processed data to the data collector, who makes statistics on the collected data to obtain effective analysis results. That is, while performing statistical analysis on the data, it ensures that the private information of individuals is not leaked. The formal definition of localized differential privacy is as follows.

满足下列不等式，则M满足ε-本地化差分隐私：Given n users, each user corresponds to a privacy algorithm M and its definition domain Dom(M) and value domain Ran(M). If algorithm M is in any two records t and t′(t _, t′∈Dom( M)) to get the same output

If the following inequalities are satisfied, then M satisfies ε-localized differential privacy:

ε is the privacy protection budget, which is used to represent the level of privacy protection. The smaller the value, the more similar the probability distribution of the query results of the algorithm on adjacent data sets, and the higher the level of privacy protection. When ε = 0, the data collector will be completely unable to distinguish t and t' from the received results, and the degree of protection is highest at this time. However, an increase in the level of privacy protection often results in a decrease in data availability.

It can be seen from the definition that the localized differential privacy technology ensures that the algorithm M satisfies ε-localized differential privacy by controlling the similarity of the output results of any two records. In short, according to a certain output result of the privacy algorithm M, it is almost impossible to infer which record its input data is.

Random response technology is the mainstream perturbation mechanism of localized differential privacy technology. The random response technique mainly includes two steps: perturbation statistics and correction.

进行统计。于是发起一个敏感的问题:“你是否为艾滋病患者？”，每个用户对此进行响应，第i个用户的答案X_i为是或否，但出于隐私性考虑，用户不会直接响应真实答案。假设其借助于一枚非均匀的硬币来给出答案，其正面向上的概率为p，反面向上的概率为1-p。抛出该硬币，若正面向上，则回答真实答案，反面向上，则回答相反的答案。In order to introduce the random response technology in detail, a specific problem scenario is first introduced below. Suppose there are n users, of which the true proportion of AIDS patients is π, but we do not know it. we want the proportion of

Do statistics. So a sensitive question is initiated: "Are you an AIDS patient?", each user responds to this, and the _i -th user's answer Xi is yes or no, but for privacy reasons, the user will not directly respond to the real Answer. Suppose it gives the answer by means of a non-uniform coin with probability p of heads and 1-p of tails. Toss the coin, if it comes up heads, the answer is the true answer, and if it comes up tails, the answer is the opposite.

First, perform perturbation statistics. The above perturbation method is used to count the responses of n users, and the statistical value of the number of AIDS patients can be obtained. Assuming that in the statistical results, the number of people who answered "yes" is n ₁ , the number of people who answered "no" is nn ₁ . Obviously, according to the above statistics, the proportion of users who answered "yes" and "no" is as follows:

Pr(X _i ='yes')=πp+(1-π)(1-p)

Pr(X _i ='No')=(1-π)p+π(1-p)

且计算

的期望可知，

为π的无偏估计：

According to the statistical results, the maximum likelihood estimate of the true proportion π of AIDS patients can be obtained

and calculate

expectations, it can be seen that

is an unbiased estimate of π:

This gives the total number of people with HIV as:

Consider the random response technique from the perspective of differential privacy. Suppose a patient is an AIDS patient. When he answers the sensitive question "Are you an AIDS patient?", he has a probability of p to answer "yes", and the probability is A 1-p probability would answer "no", while for an unaffected patient, there would be a p probability of answering "no" and a 1-p probability of answering "yes". From this, we can get the definition of differential privacy that the random response technique satisfies:

The relationship between the privacy budget parameter ε and p can be obtained by substituting the probability p of the real situation into the formula:

When the probability p of answering the true situation is larger, the privacy budget parameter ε will also become larger, that is, the lower the degree of protection of localized differential privacy.

FIG. 4 is a schematic structural diagram of a data recommendation apparatus according to an embodiment of the present invention. The data recommendation apparatus is applied to a terminal. As shown in FIG. 4 , the apparatus includes: a first processing module, a second processing module, a third processing module; wherein,

The first processing module is used to determine the first data to be sent; the first data is behavior data collected locally by the terminal;

The second processing module is configured to send the second data to the server; wherein, when it is determined that the first data does not meet the conversion condition, the second data is the first data; when it is determined that the first data meets the When converting conditions, the second data is the disturbance data obtained based on the first data;

The third processing module is configured to receive recommendation data determined and sent by the server according to the second data.

Specifically, the second processing module is used to determine a preset privacy parameter; the privacy parameter is associated with a preset privacy protection degree;

determining a perturbation probability value according to the preset privacy parameter;

According to the perturbation probability value, a binary random response is performed on the first data to obtain a response result; the response result represents whether the first data is converted;

Corresponding to the response result indicating that the first data is not converted, the first data does not meet the conversion condition;

In the case that the first data is transformed corresponding to the response result, the first data satisfies the transformation condition.

Specifically, the first data includes: at least one parameter and a value corresponding to each parameter in the at least one parameter;

The second processing module is configured to perform a multi-value random response to the numerical value corresponding to each parameter in the at least one parameter, and obtain a random response result corresponding to each parameter in the at least one parameter;

The second data is obtained according to the random response result corresponding to each parameter in the at least one parameter.

Specifically, the second processing module is configured to perform a multi-value random response to the value corresponding to each parameter in the at least one parameter according to a preset privacy parameter, and obtain a random response corresponding to each parameter in the at least one parameter As a result; the privacy parameter is associated with a preset degree of privacy protection.

Specifically, the second processing module is further configured to determine the similarity between the first data and the second data;

And, the second processing module is further configured to add a label to the second data according to the similarity before sending the second data to the server; the label indicates whether a method determined based on the second data is used recommended data;

The third processing module is further configured to, after receiving the recommendation data determined and sent by the server according to the second data, determine the label of the second data corresponding to the recommendation data;

The recommendation result is determined according to the label of the second data corresponding to the recommendation data; the recommendation result represents whether the recommendation is performed according to the recommendation data.

It should be noted that: when implementing the corresponding data recommendation method, the data recommendation apparatus provided in the above-mentioned embodiments only takes the division of the above-mentioned program modules as an example. In practical applications, the above-mentioned processing may be allocated to different program modules as required. To complete, that is, to divide the internal structure of the server into different program modules to complete all or part of the above-described processing. In addition, the apparatus provided in the above-mentioned embodiment and the embodiment of the corresponding method belong to the same concept, and the specific implementation process thereof is detailed in the method embodiment, which will not be repeated here.

FIG. 5 is a schematic structural diagram of a data recommendation system according to an embodiment of the present invention. The data recommendation system includes: a terminal and a server, and the terminal is loaded with a client that can implement the data recommendation method shown in FIG. 1 , as shown in FIG. 5 . As shown, the client sends data to the server, where the sent data is original data or disturbed data; after receiving the data, the server determines recommended data based on the data, and sends the recommended data to the client.

When the client implements the corresponding data recommendation method, specific reference may be made to the method shown in FIG. 1 ; details are not repeated here.

When the server implements the corresponding data recommendation method, specific reference may be made to the method shown in FIG. 2 ; details are not repeated here.

FIG. 6 is a schematic structural diagram of a data recommendation apparatus according to an embodiment of the present invention; as shown in FIG. 6 , the apparatus 60 includes: a processor 601 and a memory for storing a computer program that can run on the processor 602; wherein, when the processor 601 is configured to run the computer program, execute: determine the first data to be sent; the first data is behavior data collected locally by the terminal; send the second data to the server; wherein , when it is determined that the first data does not meet the conversion conditions, the second data is the first data; when it is determined that the first data meets the conversion conditions, the second data is obtained based on the first data Disturbance data; receive recommendation data determined and sent by the server according to the second data.

In one embodiment, when the processor 601 is configured to run the computer program, execute: determine a preset privacy parameter; the privacy parameter is associated with a preset privacy protection degree; according to the preset privacy parameters, to determine a perturbation probability value; according to the perturbation probability value, perform a binary random response on the first data to obtain a response result; the response result represents whether the first data is transformed;

Corresponding to the response result indicating that the first data is not converted, the first data does not meet the conversion condition;

In the case that the first data is transformed corresponding to the response result, the first data satisfies the transformation condition.

In an embodiment, when the processor 601 is configured to run the computer program, execute: perform a multi-value random response to the value corresponding to each parameter in the at least one parameter, and obtain the corresponding value of each parameter in the at least one parameter. The random response result of ;

The second data is obtained according to the random response result corresponding to each parameter in the at least one parameter.

In one embodiment, when the processor 601 is configured to run the computer program, execute: according to a preset privacy parameter, perform a multi-value random response to the value corresponding to each parameter in the at least one parameter, to obtain the A random response result corresponding to each parameter in at least one parameter; the privacy parameter is associated with a preset privacy protection degree.

In an embodiment, when the processor 601 is configured to run the computer program, execute: determining the similarity between the first data and the second data;

Before sending the second data to the server, perform: adding a label to the second data according to the similarity; the label indicates whether the recommendation data determined based on the second data is adopted;

After receiving the recommendation data determined and sent by the server according to the second data, the following further steps are performed: determining the label of the second data corresponding to the recommendation data; and determining, according to the label of the second data corresponding to the recommendation data, Recommendation result; the recommendation result represents whether the recommendation is performed according to the recommendation data.

Specifically, the above-mentioned data recommendation apparatus specifically implements the method shown in FIG. 1 , which belongs to the same concept as the recommendation method embodiment shown in FIG.

In practical application, the apparatus 60 may further include: at least one network interface 603 . The various components in recommender 60 are coupled together by bus system 604 . It will be appreciated that the bus system 604 is used to implement connection communication between these components. In addition to the data bus, the bus system 604 also includes a power bus, a control bus and a status signal bus. However, for clarity of illustration, the various buses are labeled as bus system 604 in FIG. 6 . The number of the processors 601 may be at least one. The network interface 603 is used for wired or wireless communication between the data recommendation apparatus 60 and other devices.

The memory 602 in the embodiment of the present invention is used to store various types of data to support the operation of the data recommendation apparatus 60 .

The methods disclosed in the above embodiments of the present invention may be applied to the processor 601 or implemented by the processor 601 . The processor 601 may be an integrated circuit chip with signal processing capability. In the implementation process, each step of the above-mentioned method may be completed by an integrated logic circuit of hardware in the processor 601 or an instruction in the form of software. The above-mentioned processor 601 may be a general-purpose processor, a digital signal processor (DSP, DiGital Signal Processor), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, and the like. The processor 601 may implement or execute the methods, steps, and logical block diagrams disclosed in the embodiments of the present invention. A general purpose processor may be a microprocessor or any conventional processor or the like. The steps of the method disclosed in combination with the embodiments of the present invention can be directly embodied as being executed by a hardware decoding processor, or executed by a combination of hardware and software modules in the decoding processor. The software module may be located in a storage medium, and the storage medium is located in the memory 602, and the processor 601 reads the information in the memory 602, and completes the steps of the foregoing method in combination with its hardware.

In an exemplary embodiment, the data recommendation apparatus 60 may be implemented by one or more Application Specific Integrated Circuits (ASIC, Application Specific Integrated Circuits), DSPs, Programmable Logic Devices (PLDs, Programmable Logic Devices), Complex Programmable Logic Devices (CPLDs) , Complex Programmable Logic Device), Field-Programmable Gate Array (FPGA, Field-Programmable Gate Array), general-purpose processor, controller, microcontroller (MCU, Micro Controller Unit), microprocessor (Microprocessor), or other electronic Element implementation for performing the aforementioned method.

Embodiments of the present invention further provide a computer-readable storage medium, on which a computer program is stored, and when the computer program is run by a processor, execute: determine first data to be sent; the first data is local to the terminal The collected behavior data; sending the second data to the server; wherein, when it is determined that the first data does not meet the conversion conditions, the second data is the first data; when it is determined that the first data meets the conversion conditions, The second data is disturbance data obtained based on the first data; and recommendation data determined and sent by the server according to the second data is received.

In one embodiment, when the computer program is run by the processor, execute: determine a preset privacy parameter; the privacy parameter is associated with a preset privacy protection degree; determine the disturbance according to the preset privacy parameter probability value; according to the disturbance probability value, a binary random response is performed on the first data to obtain a response result; the response result represents whether the first data is transformed;

Corresponding to the response result indicating that the first data is not converted, the first data does not meet the conversion condition;

In the case that the first data is transformed corresponding to the response result, the first data satisfies the transformation condition.

In one embodiment, when the computer program is run by the processor, execute: perform a multi-value random response to the value corresponding to each parameter in the at least one parameter, and obtain a random response result corresponding to each parameter in the at least one parameter ;

The second data is obtained according to the random response result corresponding to each parameter in the at least one parameter.

In one embodiment, when the computer program is executed by the processor, execute: according to preset privacy parameters, perform a multi-value random response to the value corresponding to each parameter in the at least one parameter, and obtain the value in the at least one parameter. The random response result corresponding to each parameter; the privacy parameter is associated with a preset privacy protection degree.

In one embodiment, when the computer program is executed by the processor, execute: determining the similarity between the first data and the second data;

Before sending the second data to the server, perform: adding a label to the second data according to the similarity; the label indicates whether the recommendation data determined based on the second data is adopted;

After receiving the recommendation data determined and sent by the server according to the second data, the following further steps are performed: determining the label of the second data corresponding to the recommendation data; and determining, according to the label of the second data corresponding to the recommendation data, Recommendation result; the recommendation result represents whether the recommendation is performed according to the recommendation data.

In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The device embodiments described above are only illustrative. For example, the division of the units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components may be combined, or Can be integrated into another system, or some features can be ignored, or not implemented. In addition, the coupling, or direct coupling, or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection of devices or units may be electrical, mechanical or other forms. of.

The unit described above as a separate component may or may not be physically separated, and the component displayed as a unit may or may not be a physical unit, that is, it may be located in one place or distributed to multiple network units; Some or all of the units may be selected according to actual needs to achieve the purpose of the solution in this embodiment.

In addition, each functional unit in each embodiment of the present invention may all be integrated into one processing unit, or each unit may be separately used as a unit, or two or more units may be integrated into one unit; the above-mentioned integration The unit can be implemented either in the form of hardware or in the form of hardware plus software functional units.

Those of ordinary skill in the art can understand that all or part of the steps of implementing the above method embodiments can be completed by program instructions related to hardware, the aforementioned program can be stored in a computer-readable storage medium, and when the program is executed, execute Including the steps of the above-mentioned method embodiment; and the aforementioned storage medium includes: a mobile storage device, a read-only memory (ROM, Read-Only Memory), a random access memory (RAM, Random Access Memory), a magnetic disk or an optical disk and other various A medium on which program code can be stored.

Alternatively, if the above-mentioned integrated unit of the present invention is implemented in the form of a software function module and sold or used as an independent product, it may also be stored in a computer-readable storage medium. Based on this understanding, the technical solutions of the embodiments of the present invention may be embodied in the form of software products in essence or the parts that make contributions to the prior art. The computer software products are stored in a storage medium and include several instructions for A computer device (which may be a personal computer, a server, or a network device, etc.) is caused to execute all or part of the methods described in the various embodiments of the present invention. The aforementioned storage medium includes: a removable storage device, a ROM, a RAM, a magnetic disk or an optical disk and other mediums that can store program codes.

The above are only specific embodiments of the present invention, but the protection scope of the present invention is not limited thereto. Any person skilled in the art can easily think of changes or substitutions within the technical scope disclosed by the present invention. should be included within the protection scope of the present invention. Therefore, the protection scope of the present invention should be based on the protection scope of the claims.

Claims (12)

1. A data recommendation method, wherein the method is applied to a terminal, and the method comprises: Determine the first data to be sent; the first data is behavior data collected locally by the terminal; Send the second data to the server; wherein, when it is determined that the first data does not meet the conversion conditions, the second data is the first data; when it is determined that the first data meets the conversion conditions, the second data is the disturbance data obtained based on the first data; Receive recommendation data determined and sent by the server according to the second data. 2. The method according to claim 1, wherein the method further comprises: judging whether the first data satisfies a conversion condition; The judging whether the first data satisfies the conversion condition includes: Determine a preset privacy parameter; the privacy parameter is associated with a preset privacy protection degree; determining a perturbation probability value according to the preset privacy parameter; According to the perturbation probability value, a binary random response is performed on the first data to obtain a response result; the response result represents whether the first data is converted; Corresponding to the response result indicating that the first data is not converted, the first data does not meet the conversion condition; In the case that the first data is transformed corresponding to the response result, the first data satisfies the transformation condition. 3. The method according to claim 2, wherein the first data comprises: at least one parameter and a value corresponding to each parameter in the at least one parameter; Transforming the first data includes: Perform a multi-value random response on the numerical value corresponding to each parameter in the at least one parameter, and obtain a random response result corresponding to each parameter in the at least one parameter; The second data is obtained according to the random response result corresponding to each parameter in the at least one parameter. 4. The method according to claim 3, wherein the multi-value random response is performed to the numerical value corresponding to each parameter in the at least one parameter, and the random response result corresponding to each parameter in the at least one parameter is obtained, include: According to a preset privacy parameter, a multi-value random response is performed on the value corresponding to each parameter in the at least one parameter, and a random response result corresponding to each parameter in the at least one parameter is obtained; the privacy parameter is the same as the preset privacy protection degree related. 5. The method according to claim 1, wherein the method further comprises: determining the similarity between the first data and the second data; Before the sending the second data to the server, the method further includes: Add a label to the second data according to the similarity; the label indicates whether the recommendation data determined based on the second data is adopted; After receiving the recommendation data determined and sent by the server according to the second data, the method further includes: determining the label of the second data corresponding to the recommended data; The recommendation result is determined according to the label of the second data corresponding to the recommendation data; the recommendation result represents whether the recommendation is performed according to the recommendation data. 6. A data recommendation device, characterized in that the device comprises: a first processing module, a second processing module, and a third processing module; wherein, The first processing module is used to determine the first data to be sent; the first data is behavior data collected locally by the terminal; The second processing module is configured to send the second data to the server; wherein, when it is determined that the first data does not meet the conversion condition, the second data is the first data; when it is determined that the first data meets the When converting conditions, the second data is the disturbance data obtained based on the first data; The third processing module is configured to receive recommendation data determined and sent by the server according to the second data. 7. The apparatus according to claim 6, wherein the second processing module is configured to determine a preset privacy parameter; the privacy parameter is associated with a preset privacy protection degree; determining a perturbation probability value according to the preset privacy parameter; According to the perturbation probability value, a binary random response is performed on the first data to obtain a response result; the response result represents whether the first data is converted; Corresponding to the response result indicating that the first data is not converted, the first data does not meet the conversion condition; In the case that the first data is transformed corresponding to the response result, the first data satisfies the transformation condition. 8. The apparatus according to claim 7, wherein the first data comprises: at least one parameter and a value corresponding to each parameter in the at least one parameter; The second processing module is configured to perform a multi-value random response to the numerical value corresponding to each parameter in the at least one parameter, and obtain a random response result corresponding to each parameter in the at least one parameter; The second data is obtained according to the random response result corresponding to each parameter in the at least one parameter. 9 . The device according to claim 8 , wherein the second processing module is configured to perform a multi-value random response to the value corresponding to each parameter in the at least one parameter according to a preset privacy parameter, to obtain A random response result corresponding to each parameter in the at least one parameter; the privacy parameter is associated with a preset privacy protection degree. 10. The apparatus according to claim 6, wherein the second processing module is further configured to determine the similarity between the first data and the second data; And, the second processing module is further configured to add a label to the second data according to the similarity before sending the second data to the server; the label indicates whether a method determined based on the second data is used recommended data; The third processing module is further configured to, after receiving the recommendation data determined and sent by the server according to the second data, determine the label of the second data corresponding to the recommendation data; The recommendation result is determined according to the label of the second data corresponding to the recommendation data; the recommendation result represents whether the recommendation is performed according to the recommendation data. 11. A data recommendation device, comprising a memory, a processor and a computer program stored in the memory and running on the processor, wherein the processor implements any one of claims 1 to 5 when the processor executes the program the steps of the method described in item. 12. A computer-readable storage medium on which a computer program is stored, characterized in that, when the computer program is executed by a processor, the steps of the method according to any one of claims 1 to 5 are implemented.

Images