CN114840869A - Data sensitivity identification method and device based on sensitivity identification model - Google Patents

Abstract

The application provides a data sensitivity identification method based on a sensitivity identification model, a training method, a device, equipment and a computer readable storage medium of the sensitivity identification model; the sensitivity identification model comprises a feature extraction layer and a sensitivity identification layer, and the data sensitivity identification method comprises the following steps: acquiring metadata of data to be identified, wherein the metadata is used for describing the data to be identified; performing feature extraction on the metadata of the data to be identified through the feature extraction layer to obtain data features of the metadata; through the sensitivity identification layer, based on the data characteristics of the metadata, sensitivity identification is carried out on the data to be identified to obtain a sensitivity identification result; and the sensitivity identification result is used for indicating the data sensitivity corresponding to the data to be identified. Through the method and the device, the identification efficiency of the data sensitivity can be improved.

Description

Data sensitivity identification method and device based on sensitivity identification model

technical field

The present application relates to artificial intelligence and Internet technologies, and in particular, to a data sensitivity identification method based on a sensitivity identification model, a training method, apparatus, device, and computer-readable storage medium for the sensitivity identification model.

Background technique

In the data asset management of Internet companies, with the development of business and the improvement of user activity, a large amount of valuable data will be deposited in database tables or texts. Data sensitivity, as part of the metadata, categorizes data from exposure risk, ease of use by developers and confidentiality. However, if some valuable data lacks specific data sensitivity or risk level, and is not managed and maintained by developers, then this part of data may be leaked during use, which will have a great impact on the business .

In the related art, the data sensitivity is identified manually, that is, the database administrator identifies and determines the data sensitivity of the identified data based on personal experience, but this method is time-consuming and labor-intensive, and the probability of missing sensitive data is high.

SUMMARY OF THE INVENTION

The embodiments of the present application provide a data sensitivity identification method based on a sensitivity identification model, a training method, apparatus, device and computer-readable storage medium for the sensitivity identification model, which can improve the data sensitivity identification efficiency and reduce missed checks Probability of sensitive data.

The technical solutions of the embodiments of the present application are implemented as follows:

An embodiment of the present application provides a data sensitivity identification method based on a sensitivity identification model, where the sensitivity identification model includes a feature extraction layer and a sensitivity identification layer, including:

obtaining metadata of the data to be identified, the metadata being used to describe the data to be identified;

Through the feature extraction layer, feature extraction is performed on the metadata of the data to be identified to obtain the data features of the metadata;

Through the sensitivity identification layer, based on the data characteristics of the metadata, the sensitivity identification is performed on the to-be-identified data to obtain a sensitivity identification result;

The sensitivity identification result is used to indicate the data sensitivity corresponding to the data to be identified.

An embodiment of the present application provides a training method for a sensitivity identification model, where the sensitivity identification model includes a feature extraction layer and a sensitivity identification layer, and the method includes:

obtaining metadata of a data sample, where the data sample carries a sensitivity label, and the sensitivity label is used to indicate the data sensitivity corresponding to the data sample;

Through the feature extraction layer, feature extraction is performed on the metadata of the data sample to obtain sample data features of the metadata of the data sample;

Through the sensitivity identification layer, based on the characteristics of the sample data, the data sample is subjected to sensitivity identification to obtain a sample sensitivity identification result;

obtaining the difference between the sample sensitivity identification result and the sensitivity label carried by the data sample, and updating the model parameters of the sensitivity identification model based on the difference;

The sensitivity identification model is configured to output a sensitivity identification result indicating the data sensitivity corresponding to the data to be identified after the metadata of the data to be identified is input into the sensitivity identification model.

An embodiment of the present application provides a data sensitivity identification device based on a sensitivity identification model, where the sensitivity identification model includes a feature extraction layer and a sensitivity identification layer, and the device includes:

a first acquisition module, configured to acquire metadata of the data to be identified, where the metadata is used to describe the data to be identified;

a first extraction module, configured to perform feature extraction on the metadata of the data to be identified through the feature extraction layer to obtain data features of the metadata;

a first identification module, configured to perform sensitivity identification on the data to be identified through the sensitivity identification layer based on the data characteristics of the metadata to obtain a sensitivity identification result;

The sensitivity identification result is used to indicate the data sensitivity corresponding to the data to be identified.

In the above scheme, the first acquisition module is also used to acquire at least one of the following table elements from the data table when the storage form of the data to be identified is a data table: the name of the data table, the corresponding table in the data table Table description of the data to be identified, attribute fields corresponding to the data to be identified in the data table;

The acquired table element is determined as the metadata of the data to be identified.

In the above solution, the first obtaining module is further configured to obtain at least one of the following document contents from the document when the storage form of the data to be identified is a document: document title, document abstract, and document keywords;

The acquired document content is determined as the metadata of the data to be identified.

In the above solution, the first extraction module is further configured to perform word segmentation processing on the metadata of the data to be identified, to obtain a plurality of words corresponding to the metadata;

Carry out feature encoding on each of the described words respectively to obtain the word features corresponding to each of the described words;

Feature splicing is performed on the word features corresponding to each of the words to obtain data features corresponding to the metadata.

In the above scheme, the first extraction module is also used to perform bidirectional encoding processing on the word features of each word, respectively, to obtain the above encoding feature and the following encoding feature corresponding to each of the words;

Feature splicing is performed on the above coding features and the following coding features of each of the described words, respectively, to obtain the corresponding splicing coding features;

Feature splicing is performed on the splicing coding features corresponding to each of the words to obtain data features corresponding to the metadata.

In the above solution, the first identification module is further configured to perform classification prediction corresponding to at least two sensitivity levels on the data characteristics of the metadata through the sensitivity identification layer, and obtain the metadata corresponding to each of the Probability of sensitivity level;

The sensitivity level with the highest probability is selected as the sensitivity identification result of the data to be identified.

In the above solution, the first extraction module is further configured to perform feature extraction on each of the keywords through the feature extraction layer when the metadata includes at least two keywords, to obtain each of the key words. The feature corresponding to the word is used as the data feature of the metadata;

Correspondingly, the first extraction module is further configured to match the feature corresponding to each keyword with the feature corresponding to at least two sensitive words through the sensitivity identification layer to obtain the corresponding matching degree;

The data sensitivity corresponding to the sensitive word with the highest matching degree is selected as the sensitivity identification result of the data to be identified.

In the above scheme, the device also includes:

a processing module, configured to establish an association relationship between the sensitivity identification result and the data to be identified, and store the association relationship;

Wherein, the association relationship is used for searching the data sensitivity corresponding to the data to be identified based on the data to be identified.

In the above solution, the processing module is further configured to store the sensitivity identification result in the target area associated with the data to be identified, where the target area is the data sensitivity corresponding to the data in the storage area corresponding to the metadata. area.

In the above scheme, the device also includes:

A return module, configured to obtain the data sensitivity corresponding to the data to be identified in response to a data display request for the data to be identified;

When the data sensitivity corresponding to the to-be-identified data reaches the sensitivity threshold, return masking indication information corresponding to the to-be-identified data;

The shielding indication information is used to indicate that the to-be-identified data is shielded and displayed.

In the above scheme, the device also includes:

an output module, configured to output encryption prompt information corresponding to the data to be identified when the sensitivity identification result indicates that the data sensitivity of the data to be identified reaches the target data sensitivity;

Wherein, the encryption prompt information is used for prompting to perform encryption processing on the to-be-identified data.

An embodiment of the present application provides a training device for a sensitivity identification model, where the sensitivity identification model includes a feature extraction layer and a sensitivity identification layer, and the device includes:

a second acquisition module, configured to acquire metadata of a data sample, where the data sample carries a sensitivity label, and the sensitivity label is used to indicate the data sensitivity corresponding to the data sample;

a second extraction module, configured to perform feature extraction on the metadata of the data sample through the feature extraction layer to obtain sample data features of the metadata of the data sample;

a second identification module, configured to perform sensitivity identification on the data sample based on the sample data characteristics through the sensitivity identification layer, and obtain a sample sensitivity identification result;

an update module, configured to obtain the difference between the sample sensitivity identification result and the sensitivity label carried by the data sample, and update the model parameters of the sensitivity identification model based on the difference;

The sensitivity identification model is configured to output a sensitivity identification result indicating the data sensitivity corresponding to the data to be identified after the metadata of the data to be identified is input into the sensitivity identification model.

The embodiment of the present application provides an electronic device, including:

memory for storing executable instructions;

The processor is configured to implement the data sensitivity identification method based on the sensitivity identification model provided by the embodiment of the present application when executing the executable instructions stored in the memory.

The embodiment of the present application provides an electronic device, including:

memory for storing executable instructions;

The processor is configured to implement the training method of the sensitivity recognition model provided by the embodiment of the present application when executing the executable instructions stored in the memory.

The embodiments of the present application provide a computer-readable storage medium storing executable instructions for causing a processor to execute the data sensitivity identification method based on the sensitivity identification model provided by the embodiments of the present application.

Embodiments of the present application further provide a computer-readable storage medium storing executable instructions for causing a processor to execute the training method for the sensitivity recognition model provided by the embodiments of the present application.

The embodiment of the present application has the following beneficial effects:

The server performs sensitivity recognition on the metadata of the data to be recognized through the sensitivity recognition model, specifically obtains the metadata used to describe the data to be recognized, and performs feature extraction on the metadata of the data to be recognized through the feature extraction layer of the sensitivity recognition model, Obtain the data characteristics of the metadata; through the sensitivity identification layer of the sensitivity identification model, based on the data characteristics of the metadata, perform sensitivity identification on the data to be identified, and obtain the sensitivity identification result; in this way, input the metadata to be identified into the sensitive In the degree recognition model, the sensitivity recognition result indicating the data sensitivity corresponding to the data to be recognized can be automatically recognized. Compared with the manual recognition method, the recognition efficiency of data sensitivity can be greatly improved, and the leakage of data can be reduced. Probability of checking sensitive data.

Description of drawings

FIG. 1 is an optional schematic structural diagram of a data sensitivity identification system 100 based on a sensitivity identification model provided by an embodiment of the present application;

FIG. 2 is an optional schematic structural diagram of an electronic device 500 according to an embodiment of the present application;

3 is a schematic flowchart of a data sensitivity identification method based on a sensitivity identification model provided by an embodiment of the present application;

4 is a schematic structural diagram of a sensitivity identification model provided by an embodiment of the present application;

5 is a schematic structural diagram of a sensitivity identification model provided by an embodiment of the present application;

6 is a schematic structural diagram of a sensitivity identification model provided by an embodiment of the present application;

7 is a schematic flowchart of a training method for a sensitivity recognition model provided by an embodiment of the present application;

8 is a schematic flowchart of a data sensitivity identification method based on a sensitivity identification model provided by an embodiment of the present application;

9 is a schematic flowchart of a data sensitivity identification method based on a sensitivity identification model provided by an embodiment of the present application;

10 is a schematic structural diagram of a sensitivity identification model provided by an embodiment of the present application;

11 is a schematic structural diagram of a data sensitivity identification device based on a sensitivity identification model provided by an embodiment of the present application;

FIG. 12 is a schematic structural diagram of a training apparatus for a sensitivity recognition model provided by an embodiment of the present application.

Detailed ways

In order to make the purpose, technical solutions and advantages of the present application clearer, the present application will be described in further detail below with reference to the accompanying drawings. All other embodiments obtained under the premise of creative work fall within the scope of protection of the present application.

In the following description, reference is made to "some embodiments" which describe a subset of all possible embodiments, but it is understood that "some embodiments" can be the same or a different subset of all possible embodiments, and Can be combined with each other without conflict.

Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the technical field to which this application belongs. The terms used herein are only for the purpose of describing the embodiments of the present application, and are not intended to limit the present application.

Before further describing the embodiments of the present application in detail, the terms and terms involved in the embodiments of the present application are described, and the terms and terms involved in the embodiments of the present application are suitable for the following explanations.

1) Metadata, which is the data describing the data, or the structural data used to provide relevant information of a certain resource (that is, the data to be identified), mainly used to describe the data attribute information of the data to be identified, and used to support storage such as instructions. Location, historical data, resource search, file recording and other functions; metadata can be called an electronic catalog. In order to achieve the purpose of cataloging, it is necessary to describe and collect the content or characteristics of the data, and then achieve the purpose of assisting data retrieval.

2) In response, used to represent the condition or state on which the executed operation depends, when the dependent condition or state is satisfied, the executed one or more operations may be real-time or may have a set delay; Unless otherwise specified, there is no restriction on the order of execution of multiple operations to be executed.

Based on the above explanation of the terms and terms involved in the embodiments of the present application, the following describes the data sensitivity identification method based on the sensitivity identification model provided by the embodiments of the present application. Referring to FIG. 1 , FIG. 1 provides an embodiment of the present application. An optional schematic diagram of the architecture of the data sensitivity identification system 100 based on the sensitivity identification model, in order to support an exemplary application, the terminal (exemplarily shows the terminal 400-1 and the terminal 400-2) connect to the server through the network 300 200, the network 300 may be a wide area network or a local area network, or a combination of the two, using a wireless link to implement data transmission.

In practical applications, the terminal is provided with a client, such as Weibo, Zhihu, enterprise applications, etc., to provide the data to be identified related to the business, or the data to be identified related to user behavior, and to send the data to be identified. As for the server 200, the server 200 can be a server configured independently to support various services, a server cluster, a cloud server, etc., such as a background server for a client, or an information flow platform.

In actual implementation, the server 200 is used to obtain metadata of the data to be identified, wherein the metadata is used to describe the data to be identified; the feature extraction layer of the sensitivity identification model performs feature extraction on the metadata of the data to be identified, and obtains The data characteristics of the metadata; through the sensitivity identification layer of the sensitivity identification model, based on the data characteristics of the metadata, the sensitivity identification is performed on the data to be identified, and the sensitivity identification result is obtained; wherein, the sensitivity identification result is used to indicate the data to be identified. Corresponding data sensitivity.

Next, an electronic device implementing the data sensitivity identification method based on the sensitivity identification model according to the embodiment of the present application will be described. Referring to FIG. 2, FIG. 2 is an optional schematic structural diagram of an electronic device 500 provided in an embodiment of the present application. In practical applications, the electronic device 500 may be the terminals in FIG. 1 (such as the terminal 400-1 and the terminal 400-2). ) or server 200, taking the electronic device as the server 200 shown in FIG. 1 as an example, the electronic device 500 shown in FIG. The various components in electronic device 500 are coupled together by bus system 540 . It can be understood that the bus system 540 is used to implement the connection communication between these components. In addition to the data bus, the bus system 540 also includes a power bus, a control bus and a status signal bus. However, for clarity of illustration, the various buses are labeled as bus system 540 in FIG. 2 .

The processor 510 may be an integrated circuit chip with signal processing capabilities, such as a general-purpose processor, a digital signal processor (DSP, Digital Signal Processor), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc., where a general-purpose processor may be a microprocessor or any conventional processor or the like.

User interface 530 includes one or more output devices 531 that enable presentation of media content, including one or more speakers and/or one or more visual display screens. User interface 530 also includes one or more input devices 532, including user interface components that facilitate user input, such as a keyboard, mouse, microphone, touch screen display, camera, and other input buttons and controls.

Memory 550 may be removable, non-removable, or a combination thereof. Exemplary hardware devices include solid state memory, hard drives, optical drives, and the like. Memory 550 optionally includes one or more storage devices that are physically remote from processor 510 .

Memory 550 includes volatile memory or non-volatile memory, and may also include both volatile and non-volatile memory. The non-volatile memory may be Read Only Memory (ROM, Read Only Memory), and the volatile memory may be Random Access Memory (RAM, Random Access Memory). The memory 550 described in the embodiments of the present application is intended to include any suitable type of memory.

In some embodiments, memory 550 is capable of storing data to support various operations, examples of which include programs, modules, and data structures, or subsets or supersets thereof, as exemplified below.

The operating system 551 includes system programs for processing various basic system services and performing hardware-related tasks, such as a framework layer, a core library layer, a driver layer, etc., for implementing various basic services and processing hardware-based tasks;

A network communication module 552 for reaching other computing devices via one or more (wired or wireless) network interfaces 520, exemplary network interfaces 520 including: Bluetooth, Wireless Compatibility (WiFi), and Universal Serial Bus ( USB, Universal Serial Bus), etc.;

A presentation module 553 for enabling presentation of information (eg, a user interface for operating peripherals and displaying content and information) via one or more output devices 531 associated with the user interface 530 (eg, a display screen, speakers, etc.) );

An input processing module 554 for detecting one or more user inputs or interactions from one of the one or more input devices 532 and translating the detected inputs or interactions.

In some embodiments, the data sensitivity identification device based on the sensitivity identification model provided by the embodiments of the present application may be implemented in software. FIG. 2 shows the data sensitivity identification based on the sensitivity identification model stored in the memory 550 The device 555, which can be software in the form of programs and plug-ins, includes the following software modules: a first acquisition module 5551, a first extraction module 5552, and a first identification module 5553, these modules are logical, so according to the functions implemented Arbitrary combinations or further splits can be made, and the functions of each module will be explained below.

In other embodiments, the data sensitivity identification device based on the sensitivity identification model provided by the embodiments of the present application may be implemented in hardware. As an example, the data sensitivity identification device based on the sensitivity identification model provided by the embodiments of the present application It may be a processor in the form of a hardware decoding processor, which is programmed to execute the data sensitivity identification method based on the sensitivity identification model provided by the embodiments of the present application. For example, the processor in the form of a hardware decoding processor may adopt a or multiple application-specific integrated circuits (ASIC, Application Specific Integrated Circuit), DSP, Programmable Logic Device (PLD, Programmable Logic Device), Complex Programmable Logic Device (CPLD, Complex Programmable Logic Device), Field Programmable Gate Array (FPGA, Field-Programmable Gate Array) or other electronic components.

Based on the above description of the data sensitivity recognition system and electronic device based on the sensitivity recognition model of the embodiments of the present application, the following describes the data sensitivity recognition method based on the sensitivity recognition model provided by the embodiments of the present application. , the method can be implemented by a terminal or a server alone, such as by the terminal 400-1, the terminal 400-2 or the server 200 in FIG. 1, or by the server and the terminal collaboratively, such as by the terminal 400-1 in FIG. 1. It is implemented in conjunction with the server 200. Next, with reference to FIG. 1 and FIG. 3, FIG. 3 is a schematic flowchart of a data sensitivity identification method based on a sensitivity identification model provided by an embodiment of the present application. The server 200 in FIG. 1 is used to implement the implementation of the present application. The data sensitivity identification method based on the sensitivity identification model provided by the example is used as an example to illustrate.

Step 101: The server obtains metadata of the data to be identified, wherein the metadata is used to describe the data to be identified.

In practical applications, the data to be identified may be business-related data of an enterprise, data related to individual users, data obtained from a database, or data obtained in real time, and the storage form of the data to be identified may be The data table can also be in text form such as text or log. Metadata is mainly used to describe the attributes of the data to be identified. For example, if the data to be identified is data related to shopping business, the metadata can be data such as shopping account number, order number, name, mobile phone number, delivery address, etc.; Identification data is data related to individual users, and metadata can be data such as name, ID number, mobile phone number, email address, bank card number, home address, and work unit.

In some embodiments, the server may obtain the metadata of the data to be identified in the following manner: when the storage form of the data to be identified is a data table, obtain at least one of the following table elements from the data table: data table name, data table The table description corresponding to the data to be identified and the attribute field in the data table corresponding to the data to be identified; the acquired table element is determined as the metadata of the data to be identified.

Here, in practical applications, if the storage form of the data to be identified is a data table, the data table name, table description or attribute field in the data table is used as the metadata of the data to be identified. For example, attribute fields such as data table name, table Chinese name, table responsible person, field name or field type in the data table corresponding to the data to be identified are used as metadata.

In some embodiments, the server may also obtain metadata of the data to be identified in the following manner: when the storage form of the data to be identified is a document, obtain at least one of the following document contents from the document: document title, document abstract, document key Word; determine the content of the document obtained as the metadata of the data to be recognized.

Here, the document may be a word document or a notepad (eg, txt) document. When the storage form of the data to be identified is a document, the document title, document abstract, and document keywords of the data to be identified are used as metadata. When the data to be identified includes the document title and the document body, in addition to the document title as the metadata, the key abstract content (that is, the document abstract) can also be extracted from the document body as the metadata. The document body of the identification data may be lengthy. If all document bodies are identified, it will inevitably bring a lot of computational pressure, resulting in low identification efficiency; and usually, the core theme of the data to be identified can use one of the sentences. Or a few words to summarize, therefore, in order to effectively extract the core subject of the data to be identified while improving the recognition efficiency, the abstract content used to characterize the core subject of the data to be identified can be extracted from the document body as the metadata of the data to be identified. .

In some embodiments, the corresponding document keywords can be obtained by performing keyword extraction on the document body, and the document abstract of the data to be identified can be obtained by the following method: Sentence extraction is performed on the document body of the data to be identified to obtain the corresponding documents to be identified. Multiple target sentences of the data; according to the word weights of multiple keywords in each target sentence, the sentence weight of the corresponding target sentence is determined; based on the weight of each sentence, the target sentence is sorted in descending order to obtain the corresponding sentence sequence; Start with a target sentence, select a target number of target sentences, and use the target number of target sentences as a document summary corresponding to the data to be identified.

The server may perform the following operations on each target sentence respectively, so as to determine the sentence weight of the corresponding target sentence according to the word weights of multiple keywords in each target sentence: perform keyword extraction on the target sentence to obtain a plurality of corresponding key words. word; obtain the word frequency corresponding to each keyword in the document body, and the reverse file frequency of each keyword; determine the word weight of the corresponding keyword based on the word frequency and reverse file frequency; sum the word weights of each keyword Process to get the sentence weight corresponding to the target sentence.

Here, the word frequency represents the ratio of the frequency of the keyword appearing in the data to be recognized to the total number of words in the data to be recognized, and the reverse file frequency represents the rarity of the keyword, based on the total number of data in the data set to which the data to be recognized belongs and The data set to which the data to be identified belongs is represented by the logarithm of the ratio of the quantity of data corresponding to each keyword. In addition, in addition to considering the word frequency of keywords, the rarity of keywords is also considered comprehensively. In actual implementation, the importance of a keyword is not only proportional to its frequency in the data to be identified, but also inversely proportional to the attribute to which the data to be identified belongs. How much data in the dataset contains it. Generally speaking, the more data that contains the keyword, the more general it is, and the less it can reflect the characteristics of the data. Finally, the sum of the word weights of the keywords in the target sentence is determined as the sentence weight of the target sentence. In this way, the sentence weight of each target sentence is obtained. The greater the sentence weight, the more representative the corresponding target sentence is to be identified. The core theme of data.

In the above manner, the subsequent data sensitivity identification is performed based on the acquired metadata of the data to be identified. Since the metadata can not only represent the attribute characteristics of the data to be identified, but also the amount of data is greatly reduced corresponding to the to-be-identified data. Therefore, not only can To ensure the accuracy of recognition, but also to improve the efficiency of recognition.

Step 102: Through the feature extraction layer, feature extraction is performed on the metadata of the data to be identified to obtain data features of the metadata.

In some embodiments, referring to FIG. 4 , FIG. 4 is a schematic structural diagram of a sensitivity identification model provided by an embodiment of the present application. As shown in FIG. 4 , the sensitivity identification model includes a feature extraction layer and a sensitivity identification layer. In the data metadata input value sensitivity recognition model, the feature extraction layer is used to extract the metadata from the metadata to obtain the corresponding data features. Through the sensitivity recognition layer, the line sensitivity recognition is performed on the data features to obtain the sensitivity recognition result. .

In some embodiments, referring to FIG. 5, FIG. 5 is a schematic structural diagram of a sensitivity identification model provided by an embodiment of the present application. As shown in FIG. 5, the server may perform feature extraction on the metadata of the data to be identified in the following manner to obtain the metadata Data characteristics of the data:

Perform word segmentation processing on the metadata of the data to be identified to obtain multiple words corresponding to the metadata; perform feature encoding on each word to obtain the word features corresponding to each word; perform feature splicing on the word features corresponding to each word to obtain the corresponding metadata data characteristics.

Here, in actual implementation, the metadata of the data to be identified, such as the data table name or table description, is subjected to word segmentation processing to obtain multiple words or multiple characters corresponding to the metadata. In practical applications, in order to facilitate the retrieval of the corresponding words or characters, a unique index value can also be set for each word or character, that is, the corresponding word or character is obtained based on the index value of each word or character, and then Characteristic encoding of words or characters, such as word vector conversion, to obtain the corresponding word features, that is, word vectors;

In some embodiments, the server may perform feature splicing on the word features corresponding to each word in the following manner to obtain data features corresponding to the metadata:

The word features of each word are subjected to bidirectional encoding processing to obtain the above coding feature and the following coding feature corresponding to each word; the feature splicing is performed on the above coding feature and the following coding feature of each word respectively, and the corresponding splicing coding feature is obtained; The feature splicing is performed on the splicing coding features corresponding to each word to obtain the data features corresponding to the metadata.

Here, considering the word context features, after obtaining the word vector of each word, input the word vector of each word to the bidirectional coding layer, such as the bidirectional long short-term memory network (Bi-LSTM, Bi-directional Long Short-TermMemory) layer , where the Bi-LSTM layer includes two LSTMs: one is the forward input sequence and the other is the reverse input sequence. The above-coded features corresponding to each word are extracted through the forward process (such as from left to right), and through the backward process The process (such as from right to left) extracts the following coding feature vector corresponding to each word, and finally the splicing coding feature of the corresponding word is obtained by splicing the above coding feature and the following coding feature.

Step 103: Through the sensitivity identification layer, based on the data characteristics of the metadata, perform sensitivity identification on the data to be identified, and obtain a sensitivity identification result.

In some embodiments, the server can perform sensitivity identification on the data to be identified through the sensitivity identification layer based on the data characteristics of the metadata, and obtain the sensitivity identification result:

Through the sensitivity identification layer, the data characteristics of the metadata are classified and predicted corresponding to at least two sensitivity levels, and the probability of the metadata corresponding to each sensitivity level is obtained; the sensitivity level with the largest probability is selected as the sensitivity identification result of the data to be identified.

Among them, the sensitivity identification result is used to indicate the data sensitivity corresponding to the data to be identified. There are various forms of data sensitivity, such as sensitivity levels or sensitivity values. When the data sensitivity of the data, the larger the sensitivity value, the more sensitive the data to be identified; when the sensitivity level is used to represent the data sensitivity of the data to be identified, the custom sensitivity levels for the data sensitivity are as follows: external disclosure, Internally open, generally sensitive, particularly sensitive, and highly confidential, and correspond to five natural numbers from 1 to 5 in turn. You can define your own data sensitivity level standards by referring to industry standards and the relevant laws and regulations of the national legislative department on data security.

It should be noted that the determination of the number of sensitivity levels is not only conducive to the reasonable distinction of data sensitivity, but also considers the feasibility of implementing security control measures based on different sensitivity levels. Generally, levels 4 to 5 are more reasonable. When the level is high, from high to low, they are: 5 (highly confidential), 4 (extremely sensitive), 3 (generally sensitive), 2 (internal disclosure) and 1 (external disclosure); the definition of sensitivity level here, for the data table and language, to be precise to the sensitivity level of the field. For example, the ID number and mobile phone number in the fields are level 5, and the name, email address, and delivery address are level 4. In addition, only a user-defined sensitivity level can be used to represent the data sensitivity of the data to be identified. For example, the sensitivity level can be divided into five types: top secret, confidential, high sensitivity, medium sensitivity and low sensitivity.

Here, it is assumed that the sensitivity levels corresponding to the data to be identified are as follows: top secret, confidential, high sensitivity, medium sensitivity and low sensitivity. If the sensitivity identification layer is used to classify and predict the data characteristics of the metadata, the corresponding sensitivity levels can be obtained. The probability is: top secret (90%), confidential (40%), high sensitivity (30%), medium sensitivity (15%) and low sensitivity (10%), then it can be seen that the one with the highest probability (90%) is selected. The sensitivity level is top secret, and the top secret is used as the sensitivity identification result of the data to be identified.

In some embodiments, referring to FIG. 6, FIG. 6 is a schematic structural diagram of a sensitivity identification model provided by an embodiment of the present application. As shown in FIG. 6, the server may also pass the feature extraction layer in the following manner to obtain metadata of the data to be identified. Perform feature extraction to obtain the data features of the metadata, including: when the metadata includes at least two keywords, through the feature extraction layer, feature extraction is performed on each keyword respectively, and the feature corresponding to each keyword is obtained as the data of the metadata Correspondingly, the server can perform sensitivity identification on the data to be identified through the sensitivity identification layer, based on the data characteristics of the metadata, and obtain the sensitivity identification result: through the sensitivity identification layer, respectively The feature is matched with the features corresponding to at least two sensitive words to obtain the corresponding matching degree; the data sensitivity corresponding to the sensitive word with the highest matching degree is selected as the sensitivity recognition result of the data to be recognized.

Here, the server pre-stores the correspondence between the sensitive words and the corresponding data sensitivity. For example, the data sensitivity corresponding to sensitive word 1 is top secret, the data sensitivity corresponding to sensitive word 2 is confidential, and the data sensitivity corresponding to sensitive word 3 is is high sensitivity, the data sensitivity corresponding to sensitive word 4 is low sensitivity, and the data sensitivity corresponding to sensitive word 5 is low sensitivity. Assuming that the keywords corresponding to the metadata of the data to be identified include: keyword 1 and keyword 2, then Through the feature extraction layer, the features of keyword 1 and keyword 2 are respectively extracted to obtain the feature corresponding to keyword 1 and the feature corresponding to keyword 2; through the sensitivity recognition layer, the feature of keyword 1 and the above sensitive words are respectively extracted (such as sensitive word 1 to sensitive word 5) are matched, and the corresponding matching degrees are obtained as follows: 10%, 20%, 30%, 40%, 80%, respectively, the characteristics of keyword 2 and the above sensitive words ( For example, if the features of sensitive words 1 to 5) are matched, the corresponding matching degrees are obtained in order: 20%, 10%, 30%, 40%, 60%, then select the sensitive word 5 with the highest matching degree of 80%. The corresponding low sensitivity is used as the sensitivity recognition result of the data to be recognized.

In some embodiments, after obtaining the sensitivity identification result, the server may further establish an association relationship between the sensitivity identification result and the data to be identified, and store the association relationship; wherein, the association relationship is used for searching the corresponding to-be-identified data based on the to-be-identified data Data sensitivity of the data.

In some embodiments, the server may establish an association relationship between the sensitivity identification result and the data to be identified in the following manner:

The sensitivity identification result is stored in a target area associated with the data to be identified, where the target area is an area corresponding to the data sensitivity in the storage area corresponding to the metadata.

Here, after the server determines the data sensitivity of the data to be identified, the data sensitivity may also be added to the area associated with the data to be identified and used to indicate the data sensitivity, for example, in the "sensitivity level" column in the data label to supplement the data sensitivity. Check the data sensitivity of the data to be identified, and use the data sensitivity as part of the metadata for users to use and maintain.

In some embodiments, after obtaining the sensitivity identification result, the server may further obtain the data sensitivity corresponding to the to-be-identified data in response to a data display request for the to-be-identified data; when the data sensitivity corresponding to the to-be-identified data reaches the sensitivity When the threshold is set, the shielding indication information corresponding to the data to be identified is returned; wherein, the shielding indication information is used to indicate that the data to be identified is shielded and displayed.

Here, when the data sensitivity of the data to be identified reaches the sensitivity threshold, it indicates that the data to be identified is relatively sensitive, such as confidential or top-secret data, at this time, the server returns the shielding instruction information corresponding to the data to be identified to the terminal, so that the user Security maintenance is performed on the data to be identified at the terminal, such as shielding confidential or top-secret data to avoid leakage; in addition, part of the data to be identified can also be selectively displayed, such as some sensitive information in the table, such as the identity of the user ID number, if you don't want to show it to others, you can block this field with the view.

In some embodiments, after obtaining the sensitivity identification result, when the sensitivity identification result indicates that the data sensitivity of the data to be identified reaches the target data sensitivity, the server may also output encryption prompt information corresponding to the data to be identified ; Among them, the encryption prompt information is used to prompt the encryption processing of the data to be identified.

Through the above method, when the data sensitivity of the data to be identified reaches a certain level, the user is prompted to encrypt the data to be identified to avoid leakage when maintaining or using the data to be identified. When transferring to another database, the data sensitivity of the data to be identified is automatically identified by the method provided in the embodiment of the present application, and further encryption processing or fuzzification processing is performed on the to-be-identified data satisfying a certain sensitivity, so that the The security of the data to be identified to be transferred is further improved.

Next, the training of the sensitivity recognition model will be described. Referring to FIG. 7, FIG. 7 is a schematic flowchart of a training method of a sensitivity identification model provided by an embodiment of the present application. In some embodiments, the sensitivity identification model includes a feature extraction layer and a sensitivity identification layer, and the method includes:

Step 201: The server obtains metadata of the data sample, wherein the data sample carries a sensitivity label, and the sensitivity label is used to indicate the data sensitivity corresponding to the data sample.

Step 202: Perform feature extraction on the metadata of the data sample through the feature extraction layer to obtain sample data features of the metadata of the data sample.

Step 203: Through the sensitivity identification layer, based on the characteristics of the sample data, perform sensitivity identification on the data samples to obtain a sample sensitivity identification result.

Step 204: Obtain the difference between the sample sensitivity identification result and the sensitivity label carried by the data sample, and update the model parameters of the sensitivity identification model based on the obtained difference.

In actual implementation, the value of the loss function of the sensitivity identification model can be determined according to the difference between the sample sensitivity identification result and the sensitivity label carried by the data sample; when the value of the loss function reaches a preset threshold, based on the sensitivity The value of the loss function of the recognition model determines the corresponding error signal; the error signal is back-propagated in the sensitivity recognition model, and the model parameters of each layer of the sensitivity recognition model are updated in the process of propagation.

Here, the back propagation is explained, the training data samples are input into the input layer of the neural network model, through the hidden layer, and finally reach the output layer and output the result, which is the forward propagation process of the neural network model, because the neural network model If there is an error between the output result and the actual result, calculate the error between the output result and the actual value, and propagate the error back from the output layer to the hidden layer until it propagates to the input layer. The error adjusts the values of the model parameters; the above process is iterated continuously until convergence.

Through the above method, the server inputs the metadata to be identified into the sensitivity identification model, and can automatically identify and obtain the sensitivity identification result used to indicate the data sensitivity corresponding to the data to be identified. Compared with the manual identification method , which can greatly improve the identification efficiency of data sensitivity and reduce the probability of missing sensitive data.

Next, the data sensitivity identification method based on the sensitivity identification model provided by the embodiments of the present application will be described. In some embodiments, with reference to FIG. 1 and FIG. 8 , FIG. 8 is the sensitivity identification model provided by the embodiments of the present application. The schematic flowchart of the data sensitivity identification method shown in FIG. 1 is illustrated by taking the terminal and the server 200 in FIG. 1 as an example to implement the data sensitivity identification method based on the sensitivity identification model provided by the embodiment of the present application as an example. The degree recognition model includes a feature extraction layer and a sensitivity recognition layer, and the methods include:

Step 301: The server obtains metadata of the data sample, wherein the data sample carries a sensitivity label, and the sensitivity label is used to indicate the data sensitivity corresponding to the data sample.

Step 302: The server performs feature extraction on the metadata of the data sample through the feature extraction layer to obtain sample data features of the metadata of the data sample.

Step 303: The server performs sensitivity identification on the data sample through the sensitivity identification layer based on the characteristics of the sample data, and obtains a sample sensitivity identification result.

Step 304: The server obtains the difference between the sample sensitivity identification result and the sensitivity label carried by the data sample, and updates the model parameters of the sensitivity identification model based on the obtained difference.

In the above manner, a sensitivity recognition model is obtained by training.

Step 305: The terminal transmits the data to be identified of the user to the server.

Step 306: If the storage form of the data to be identified is a data table, the server acquires the data table name, table description or attribute field in the data table as metadata.

Step 307: The server performs feature extraction on the metadata of the data to be identified through the feature extraction layer to obtain data features of the metadata.

Step 308: The server performs sensitivity identification on the data to be identified through the sensitivity identification layer based on the data characteristics of the metadata, and obtains a sensitivity identification result.

Step 309: The server stores the sensitivity identification result in the target area associated with the data to be identified.

The target area is an area corresponding to the data sensitivity in the storage area corresponding to the metadata of the data to be identified.

Through the above method, the data sensitivity of the data to be identified is identified through the trained sensitivity identification model, and the corresponding sensitivity identification result is stored in the target area associated with the data to be identified, so that the data sensitivity of the data to be identified becomes Part of the metadata, which greatly improves the identification efficiency of data sensitivity, and avoids the missed check of the data sensitivity of the data to be identified.

Below, an exemplary application of the embodiments of the present application in a practical application scenario will be described. The data sensitivity identification method based on the sensitivity identification model provided by the embodiment of the present application mainly uses machine learning to identify the data sensitivity of the data to be identified. Referring to FIG. 9 , FIG. 9 is the sensitivity-based identification method provided by the embodiment of the present application. A schematic flowchart of the data sensitivity identification method of the model, as shown in FIG. 9 , the identification of the data sensitivity provided by the embodiment of the present application includes: training of the sensitivity identification model (that is, the training stage) and based on the trained sensitivity identification model The identification of the data sensitivity of the data to be identified (ie, the identification stage) will be described one by one next.

In the training phase, the metadata of the data sample is obtained, wherein the data sample carries a sensitivity label, and the sensitivity label is used to indicate the data sensitivity corresponding to the data sample. That is, the metadata of the data sample input to the sensitivity identification model includes: the name of the data table, the table description of the corresponding data sample in the data table, and the data sensitivity (that is, the sensitivity label) to which the data table (that is, the data sample) belongs. , where data sensitivity can be characterized by sensitivity levels, which are divided into five levels: top secret, confidential, high sensitivity, medium sensitivity, and low sensitivity.

Generally speaking, the sensitivity level of data related to user account security is top secret, the sensitivity level of user personal information and financial-related data is confidential, the sensitivity level of user behavior data is high sensitivity, and the sensitivity level of confidential data is large. The sensitivity level of data rolled up by granularity is medium sensitivity, and the sensitivity level of common statistical data is low sensitivity.

During training, the data table name and table description of the data sample are used as sample points, and the sensitivity level is used as the sensitivity label. By optimizing the training sensitivity recognition model, the relationship between the data table name and table description and the sensitivity level is learned. After the training is completed , and save the model parameters of the sensitivity recognition model.

In the identification stage, during the identification process, first load the model parameters of the sensitivity identification model saved in the training stage, and then input the metadata of the data to be identified, that is, the data table name and table description of the data to be identified, into the trained In the sensitivity identification model, data sensitivity is identified for the data to be identified, and a sensitivity level used to indicate the data sensitivity corresponding to the data to be identified is obtained.

Next, the structure of the sensitivity identification model will be described. Referring to FIG. 10, FIG. 10 is a schematic structural diagram of the sensitivity identification model provided by the embodiment of the application. As shown in FIG. 10, the sensitivity identification model includes an input layer and a feature extraction layer. , Sensitivity recognition layer, wherein, the feature extraction layer includes: embedding layer, bidirectional coding layer, pooling layer, next, taking the application of data sensitivity recognition for the data to be recognized as an example, the sensitivity recognition model is explained.

1. Input layer

In the input layer, the metadata of the data to be recognized, such as the data table name or table description, is first processed by word segmentation to obtain multiple words or words corresponding to the metadata, and then a unique index value is set for each word or word. , if the i-th word input is _wi , a unique integer number I _i =I(wi _i ) is obtained after indexing; finally, each word or word obtained by word segmentation and the corresponding index value are transmitted to Feature extraction layer.

2. Feature extraction layer

1) Embedding layer

Here, in the embedding layer, first obtain the corresponding word or word based on the index value of each word or word, and then perform word vector transformation (ie feature encoding) on each word or word to obtain the corresponding word vector (ie word feature) .

Suppose the matrix of the embedding layer is E∈R ^V*D , where V is the total number of all words and D is the dimension of each word vector. In order to obtain the word vector of the i-th word, first convert its index value into a One-Hot encoding vector, the vector length is V, only the position of I _i has an element 1, and the elements in the rest of the positions are 0, using The word vector e _i corresponding to the segmented word can be obtained by multiplying the One-Hot encoding vector with the matrix E. The specific expression is:

O _i ∈ 0 ^V

2) Bidirectional coding layer

After obtaining the word vector of each word, input the word vector of each word to the bidirectional coding layer, such as the Bi-directional Long Short-Term Memory (Bi-LSTM, Bi-directional Long Short-Term Memory) layer, where Bi-LSTM The layer includes two LSTMs: one is the forward input sequence and the other is the reverse input sequence, which can consider contextual features at the same time, and play a role in fully integrating and understanding contextual semantics.

In actual implementation, two-way encoding processing can be performed on the word vectors of each word respectively to obtain the above coding feature and the following coding feature corresponding to each word; Corresponding splice encoding features. The specific expression is:

表示前一个词语的隐层状态，

表示当前输入词语，

表示前一个词语的细胞状态；

表征通过前向过程(如从左向右)提取得到的上文编码特征，

表征通过后向过程(如从右向左)提取的下文编码特征向量，C_t,h_t表征将上文编码特征

和下文编码特征

进行拼接得到的对应词语的拼接编码特征。Among them, l means left to right, r means right to left,

represents the hidden state of the previous word,

represents the current input word,

represents the cell state of the previous word;

represent the above encoded features extracted by the forward process (such as from left to right),

Represents the following encoding feature vector extracted by the backward process (such as from right to left), C _t , h _t represents the encoding feature vector above

and the following encoding features

The splicing coding features of the corresponding words obtained by splicing.

3) Pooling layer

The splicing coding feature corresponding to each word is obtained through the above-mentioned bidirectional coding layer, and the splicing coding feature corresponding to each word is feature spliced through the pooling layer to obtain the corresponding sentence vector (that is, the data feature of the metadata). The specific expression is:

Among them, z represents the sentence vector corresponding to the metadata of the data to be recognized, C _t , h _t are the splicing coding features corresponding to the current input word, and L represents the total number of input words.

3. Sensitivity recognition layer

Here, the sensitivity recognition layer is also called the multi-layer perceptron (MLP, MultiLayer Perceptron) layer. The multi-layer perceptron is composed of multi-layer fully connected neural networks. The data features corresponding to the metadata of the data to be recognized pass through the sensitivity recognition layer. The probability of outputting the data to be recognized corresponds to each sensitivity level. Taking a 3-layer fully connected neural network as an example, the probability that the input book belongs to each sensitivity level can refer to the following expression:

a _i =f(W ₃ f(W ₂ f(W ₁ z+b ₁ )+b ₂ )+b ₃ )

Among them, f is the nonlinear excitation function, z is the sentence vector corresponding to the metadata of the data to be identified obtained by the pooling layer, W ₁ is the weight of the first layer of fully connected neural network, and W ₂ is the second layer of fully connected neural network The weight of the network, W ₃ is the weight of the third-layer fully connected neural network, the weight can be trained, b ₁ , b ₂ and b ₃ are the corresponding trainable bias parameters, a _i represents the ith sensitivity level, A represents the sensitivity The number of grades, pi _represents the probability that the sensitivity grade of the data to be identified belongs to _ai .

Then, the sensitivity level with the highest probability is selected as the sensitivity level corresponding to the data to be identified, the finally determined sensitivity level is output, and the output sensitivity level is added to the metadata of the data to be identified.

It should be noted that the structure of the above sensitivity recognition model can be set according to the actual situation. For example, the metadata of the data to be recognized can be input into the input layer, and the metadata of the data to be recognized can be transmitted to the feature extraction layer through the input layer. To perform word segmentation or indexing operations on metadata at the feature extraction layer, etc., the present application does not specifically limit the structure of sensitivity identification.

After the structure of the sensitivity recognition model is arranged, the sensitivity recognition model can be trained by using the stochastic gradient descent method, so that the model parameters are optimal or locally optimal. For example, the metadata of the obtained data sample is transmitted to the feature extraction layer through the input layer, and the feature extraction layer is used to extract the metadata of the data sample to obtain the sample data feature of the metadata of the data sample; through the sensitivity identification layer , based on the characteristics of the sample data, perform sensitivity identification on the data sample to obtain the sample sensitivity identification result; obtain the difference between the sample sensitivity identification result and the sensitivity label carried by the data sample, and update the sensitivity identification based on the obtained difference Model parameters for the model.

In addition, the sensitivity recognition model provided by the embodiments of the present application can also be trained based on traditional machine learning methods, such as fast text classifier (FastText); or deep learning methods, such as deformation-based bidirectional encoder representation (BERT, Bidirectional Encoder Representations from Transformers) general model, TextCNN model, Chinese pre-trained RoBERTa model, Chinese training EL ECTRA model, etc. The fully connected neural network provided by the embodiments of the present application may also adopt an attention network, a recurrent neural network, a convolutional neural network, and the like.

Through the above method, the metadata to be identified is input into the sensitivity identification model, the corresponding sensitivity level is automatically identified by means of machine learning, and the identified sensitivity level is added to the metadata of the data to be identified. In terms of manual identification, it can greatly improve the identification efficiency of data sensitivity and reduce the probability of missing sensitive data.

The following will continue to describe the exemplary structure of the data sensitivity identification device 555 based on the sensitivity identification model provided by the embodiment of the present application implemented as a software module. In some embodiments, as shown in FIG. 11 , FIG. 11 is an embodiment of the present application Provided is a schematic structural diagram of a data sensitivity identification device based on a sensitivity identification model, wherein the sensitivity identification model includes a feature extraction layer and a sensitivity identification layer, and the device includes:

The first acquisition module 5551 is used to acquire metadata of the data to be identified, where the metadata is used to describe the data to be identified;

The first extraction module 5552 is configured to perform feature extraction on the metadata of the data to be identified through the feature extraction layer to obtain the data features of the metadata;

The first identification module 5553 is configured to perform sensitivity identification on the data to be identified through the sensitivity identification layer based on the data characteristics of the metadata to obtain a sensitivity identification result;

The sensitivity identification result is used to indicate the data sensitivity corresponding to the data to be identified.

In some embodiments, the first obtaining module is further configured to obtain at least one of the following table elements from the data table when the storage form of the data to be identified is a data table: data table name, data table The table description corresponding to the data to be identified in the data table, the attribute field corresponding to the data to be identified in the data table;

The acquired table element is determined as the metadata of the data to be identified.

In some embodiments, the first obtaining module is further configured to obtain at least one of the following document contents from the document when the storage form of the data to be identified is a document: document title, document abstract, document key word;

The acquired document content is determined as the metadata of the data to be identified.

In some embodiments, the first extraction module is further configured to perform word segmentation processing on the metadata of the data to be identified to obtain a plurality of words corresponding to the metadata;

Carry out feature encoding on each of the described words respectively to obtain the word features corresponding to each of the described words;

Feature splicing is performed on the word features corresponding to each of the words to obtain data features corresponding to the metadata.

In some embodiments, the first extraction module is further configured to perform bidirectional encoding processing on the word features of each word, respectively, to obtain the above encoding feature and the following encoding feature corresponding to each of the words;

Feature splicing is performed on the above coding features and the following coding features of each of the described words, respectively, to obtain the corresponding splicing coding features;

Feature splicing is performed on the splicing coding features corresponding to each of the words to obtain data features corresponding to the metadata.

In some embodiments, the first identification module is further configured to, through the sensitivity identification layer, perform classification predictions corresponding to at least two sensitivity levels on the data features of the metadata, so as to obtain the metadata corresponding to each the probability of said sensitivity level;

The sensitivity level with the highest probability is selected as the sensitivity identification result of the data to be identified.

In some embodiments, the first extraction module is further configured to perform feature extraction on each of the keywords through the feature extraction layer when the metadata includes at least two keywords, to obtain each of the keywords. The feature corresponding to the keyword is used as the data feature of the metadata;

Correspondingly, the first extraction module is further configured to match the feature corresponding to each keyword with the feature corresponding to at least two sensitive words through the sensitivity identification layer to obtain the corresponding matching degree;

The data sensitivity corresponding to the sensitive word with the highest matching degree is selected as the sensitivity identification result of the data to be identified.

In some embodiments, the apparatus further includes:

a processing module, configured to establish an association relationship between the sensitivity identification result and the data to be identified, and store the association relationship;

Wherein, the association relationship is used for searching the data sensitivity corresponding to the data to be identified based on the data to be identified.

In some embodiments, the processing module is further configured to store the sensitivity identification result in a target area associated with the data to be identified, where the target area is the sensitive data corresponding to the storage area corresponding to the metadata degree area.

In some embodiments, the apparatus further includes:

A return module, configured to obtain the data sensitivity corresponding to the data to be identified in response to a data display request for the data to be identified;

When the data sensitivity corresponding to the to-be-identified data reaches the sensitivity threshold, return masking indication information corresponding to the to-be-identified data;

The shielding indication information is used to indicate that the to-be-identified data is shielded and displayed.

In some embodiments, the apparatus further includes:

an output module, configured to output encryption prompt information corresponding to the data to be identified when the sensitivity identification result indicates that the data sensitivity of the data to be identified reaches the target data sensitivity;

Wherein, the encryption prompt information is used for prompting to perform encryption processing on the to-be-identified data.

Next, continue to describe the training device of the sensitivity recognition model provided by the embodiment of the present application. Referring to FIG. 12 , FIG. 12 is a schematic structural diagram of the training device of the sensitivity recognition model provided by the embodiment of the present application. The sensitivity recognition model includes feature extraction. layer and sensitivity identification layer, the training device 120 of the sensitivity identification model includes:

The second obtaining module 121 is configured to obtain metadata of a data sample, the data sample carries a sensitivity label, and the sensitivity label is used to indicate the data sensitivity corresponding to the data sample;

The second extraction module 122 is configured to perform feature extraction on the metadata of the data sample through the feature extraction layer to obtain sample data features of the metadata of the data sample;

The second identification module 123 is configured to perform sensitivity identification on the data sample through the sensitivity identification layer based on the sample data characteristics, and obtain a sample sensitivity identification result;

The updating module 124 is configured to acquire the difference between the sample sensitivity identification result and the sensitivity label carried by the data sample, and update the model parameters of the sensitivity identification model based on the difference.

Embodiments of the present application provide a computer program product or computer program, where the computer program product or computer program includes computer instructions, and the computer instructions are stored in a computer-readable storage medium. The processor of the computer device reads the computer instruction from the computer-readable storage medium, and the processor executes the computer instruction, so that the computer device executes the foregoing method in the embodiments of the present application.

Embodiments of the present application provide a computer-readable storage medium storing executable instructions, where executable instructions are stored, and when the executable instructions are executed by a processor, the processor will cause the processor to execute the method provided by the embodiments of the present application.

In some embodiments, the computer-readable storage medium may be memory such as FRAM, ROM, PROM, EP ROM, EEPROM, flash memory, magnetic surface memory, optical disk, or CD-ROM; it may also include one or any combination of the foregoing memories of various equipment.

In some embodiments, executable instructions may take the form of programs, software, software modules, scripts, or code, written in any form of programming language, including compiled or interpreted languages, or declarative or procedural languages, and which Deployment may be in any form, including as a stand-alone program or as a module, component, subroutine, or other unit suitable for use in a computing environment.

As an example, executable instructions may, but do not necessarily correspond to files in a file system, may be stored as part of a file that holds other programs or data, eg, a Hyper Text Markup Language (H TML) document One or more scripts in , stored in a single file dedicated to the program in question, or in multiple cooperating files (eg, files that store one or more modules, subroutines, or code sections).

As an example, executable instructions may be deployed to be executed on one computing device, or on multiple computing devices located at one site, or alternatively, distributed across multiple sites and interconnected by a communication network execute on.

The above descriptions are merely examples of the present application, and are not intended to limit the protection scope of the present application. Any modifications, equivalent replacements and improvements made within the spirit and scope of this application are included within the protection scope of this application.

Claims (15)

1. A data sensitivity identification method based on a sensitivity identification model, wherein the sensitivity identification model comprises a feature extraction layer and a sensitivity identification layer, and the method comprises: obtaining metadata of the data to be identified, where the metadata is used to describe the data to be identified; Through the feature extraction layer, feature extraction is performed on the metadata of the data to be identified to obtain the data features of the metadata; Through the sensitivity identification layer, based on the data characteristics of the metadata, the sensitivity identification is performed on the to-be-identified data to obtain a sensitivity identification result; The sensitivity identification result is used to indicate the data sensitivity corresponding to the data to be identified. 2. The method of claim 1, wherein the acquiring metadata of the data to be identified comprises: When the storage form of the data to be identified is a data table, obtain at least one of the following table elements from the data table: a data table name, a table description corresponding to the to-be-identified data in the data table, a table corresponding to the data to be identified in the data table Describe the attribute field of the data to be identified; The acquired table element is determined as the metadata of the data to be identified. 3. The method of claim 1, wherein the acquiring metadata of the data to be identified comprises: When the storage form of the data to be identified is a document, obtain at least one of the following document contents from the document: document title, document abstract, and document keywords; The acquired document content is determined as the metadata of the data to be identified. 4. The method of claim 1, wherein the feature extraction is performed on the metadata of the data to be identified to obtain the data features of the metadata, comprising: Perform word segmentation processing on the metadata of the data to be identified to obtain a plurality of words corresponding to the metadata; Carry out feature encoding on each of the described words respectively to obtain the word features corresponding to each of the described words; Feature splicing is performed on the word features corresponding to each of the words to obtain data features corresponding to the metadata. 5. The method according to claim 4, wherein the feature splicing is performed on the word features corresponding to each of the words to obtain the data features corresponding to the metadata, comprising: The word features of each word are respectively subjected to bidirectional encoding processing to obtain the above coding feature and the following coding feature corresponding to each said word; Feature splicing is performed on the above coding features and the following coding features of each of the described words, respectively, to obtain the corresponding splicing coding features; Feature splicing is performed on the splicing coding features corresponding to each of the words to obtain data features corresponding to the metadata. 6 . The method of claim 1 , wherein the sensitivity identification is performed on the data to be identified through the sensitivity identification layer based on data characteristics of the metadata to obtain a sensitivity identification result. 7 . ,include: Perform classification prediction corresponding to at least two sensitivity levels on the data features of the metadata through the sensitivity identification layer, and obtain the probability that the metadata corresponds to each of the sensitivity levels; The sensitivity level with the highest probability is selected as the sensitivity identification result of the data to be identified. 7. The method according to claim 1, wherein the feature extraction is performed on the metadata of the data to be identified through the feature extraction layer to obtain the data features of the metadata, comprising: When the metadata includes at least two keywords, through the feature extraction layer, feature extraction is performed on each of the keywords respectively, and the feature corresponding to each of the keywords is obtained as the data feature of the metadata; The sensitivity identification is performed on the data to be identified through the sensitivity identification layer based on the data characteristics of the metadata, and a sensitivity identification result is obtained, including: Through the sensitivity identification layer, the features corresponding to each of the keywords are respectively matched with the features corresponding to at least two sensitive words to obtain the corresponding matching degree; The data sensitivity corresponding to the sensitive word with the highest matching degree is selected as the sensitivity identification result of the data to be identified. 8. The method of claim 1, further comprising: establishing an association relationship between the sensitivity identification result and the data to be identified, and storing the association relationship; Wherein, the association relationship is used for searching the data sensitivity corresponding to the data to be identified based on the data to be identified. 9. The method according to claim 8, wherein the establishing an association relationship between the sensitivity identification result and the data to be identified comprises: The sensitivity identification result is stored in a target area associated with the data to be identified, where the target area is an area corresponding to the data sensitivity in the storage area corresponding to the metadata. 10. The method of claim 1, further comprising: In response to a data display request for the data to be identified, acquiring the data sensitivity corresponding to the data to be identified; When the data sensitivity corresponding to the to-be-identified data reaches the sensitivity threshold, return masking indication information corresponding to the to-be-identified data; The shielding indication information is used to indicate that the to-be-identified data is shielded and displayed. 11. The method of claim 1, further comprising: When the sensitivity identification result indicates that the data sensitivity of the to-be-identified data reaches the target data sensitivity, output encryption prompt information corresponding to the to-be-identified data; Wherein, the encryption prompt information is used for prompting to perform encryption processing on the data to be identified. 12. A training method for a sensitivity identification model, wherein the sensitivity identification model comprises a feature extraction layer and a sensitivity identification layer, the method comprising: obtaining metadata of a data sample, where the data sample carries a sensitivity label, and the sensitivity label is used to indicate the data sensitivity corresponding to the data sample; Through the feature extraction layer, feature extraction is performed on the metadata of the data sample to obtain sample data features of the metadata of the data sample; Through the sensitivity identification layer, based on the characteristics of the sample data, the data sample is subjected to sensitivity identification to obtain a sample sensitivity identification result; obtaining the difference between the sample sensitivity identification result and the sensitivity label, and based on the difference, updating the model parameters of the sensitivity identification model; The sensitivity identification model is used for outputting a sensitivity identification result indicating the data sensitivity corresponding to the data to be identified after the metadata of the data to be identified is input into the sensitivity identification model. 13. A data sensitivity identification device based on a sensitivity identification model, wherein the sensitivity identification model comprises a feature extraction layer and a sensitivity identification layer, and the device comprises: a first obtaining module, configured to obtain metadata of the data to be identified, where the metadata is used to describe the data to be identified; a first extraction module, configured to perform feature extraction on the metadata of the data to be identified through the feature extraction layer to obtain data features of the metadata; a first identification module, configured to perform sensitivity identification on the data to be identified through the sensitivity identification layer based on the data characteristics of the metadata to obtain a sensitivity identification result; The sensitivity identification result is used to indicate the data sensitivity corresponding to the data to be identified. 14. A training device for a sensitivity recognition model, wherein the sensitivity recognition model comprises a feature extraction layer and a sensitivity recognition layer, and the device comprises: a second acquisition module, configured to acquire metadata of a data sample, where the data sample carries a sensitivity label, and the sensitivity label is used to indicate the data sensitivity corresponding to the data sample; a second extraction module, configured to perform feature extraction on the metadata of the data sample through the feature extraction layer to obtain sample data features of the metadata of the data sample; a second identification module, configured to perform sensitivity identification on the data sample based on the sample data characteristics through the sensitivity identification layer, and obtain a sample sensitivity identification result; an update module, configured to obtain the difference between the sample sensitivity identification result and the sensitivity label carried by the data sample, and based on the difference, update the model parameters of the sensitivity identification model; The sensitivity identification model is used for outputting a sensitivity identification result indicating the data sensitivity corresponding to the data to be identified after the metadata of the data to be identified is input into the sensitivity identification model. 15. A computer-readable storage medium, characterized by storing executable instructions for implementing the method of any one of claims 1 to 12 when executed by a processor.

Images