CN111027870A

CN111027870A - User risk assessment method and device, electronic equipment and storage medium

Info

Publication number: CN111027870A
Application number: CN201911287610.3A
Authority: CN
Inventors: 陈岑
Original assignee: Alipay Hangzhou Information Technology Co Ltd
Current assignee: Alipay Hangzhou Information Technology Co Ltd
Priority date: 2019-12-14
Filing date: 2019-12-14
Publication date: 2020-04-17
Also published as: WO2021114911A1

Abstract

The user risk assessment method of the present specification includes: inputting behavior information of a user of the target partner into a student wind control model corresponding to the target partner; the student wind control models are obtained by carrying out knowledge distillation on target sample data based on a soft tag value of the target sample data of a target partner and a risk tag value which is originally marked as a hard tag value of the target sample data, the soft tag value is obtained by integrating prediction results of a plurality of teacher wind control models for the target sample data in a trusted execution environment, each teacher wind control model is decrypted in the trusted execution environment, each teacher wind control model is obtained by training sample data of other corresponding partners, and any sample data contains behavior information marked with the risk tag value; and determining a risk score according to an output result of the student wind control model. The method can ensure privacy of all the partners, and enable all the partners to cooperatively train the student wind control model for risk assessment.

Description

User risk assessment method and device, electronic equipment and storage medium

Technical Field

One or more embodiments of the present disclosure relate to the technical field of artificial intelligence, and in particular, to a user risk assessment method and apparatus, an electronic device, and a storage medium.

Background

Risk control refers to the risk manager taking various measures and methods to eliminate or reduce the various possibilities of occurrence of a risk event, or the risk controller reducing the losses incurred when a risk event occurs. The enterprise can improve the safety protection capability of the enterprise and the partner by accurately identifying the potential risk of the user, and is beneficial to business growth.

Disclosure of Invention

In view of this, one or more embodiments of the present disclosure provide a user risk assessment method and apparatus, an electronic device, and a storage medium.

To achieve the above object, one or more embodiments of the present disclosure provide the following technical solutions:

according to a first aspect of one or more embodiments of the present specification, there is provided a user risk assessment method, including:

inputting behavior information of a user of a target partner into a student wind control model corresponding to the target partner; the student wind control model is obtained by carrying out knowledge distillation on target sample data based on a soft tag value of the target sample data of the target partner and a risk tag value which is originally marked as a hard tag value, the soft tag value is obtained by integrating prediction results of a plurality of teacher wind control models aiming at the target sample data in a trusted execution environment, each teacher wind control model is decrypted in the trusted execution environment, and each teacher wind control model is obtained by training sample data of other corresponding partners; wherein any sample data contains behavior information labeled with a risk label value;

and determining the risk score of the user according to the output result of the student wind control model.

According to a second aspect of one or more embodiments of the present specification, there is provided a knowledge migration method based on a machine learning model, including:

acquiring teacher networks in a plurality of source fields and target sample data in a target field, reading the acquired teacher networks into a trusted execution environment for decryption, and training the sample data in the source fields of the teacher networks to obtain the decrypted sample data;

respectively inputting the target sample data into each teacher network in the trusted execution environment to obtain a prediction result of each teacher network for the target sample data, and integrating the obtained prediction results to obtain a soft label value corresponding to the target sample data;

and performing knowledge distillation on the target sample data to obtain a student network in the target field based on the soft tag value and the originally labeled hard tag value of the target sample data.

According to a third aspect of one or more embodiments of the present specification, there is provided a knowledge migration method based on a machine learning model, including:

respectively inputting the target sample data into each teacher network in the trusted execution environment to obtain a prediction result of each teacher network for the target sample data, integrating the obtained prediction results to obtain a soft label value corresponding to the target sample data, and encrypting the soft label value;

and returning the encrypted soft tag value to a provider of the target sample data so that the provider decrypts the received soft tag value, and performing knowledge distillation on the target sample data based on the decrypted soft tag value and the originally labeled hard tag value of the target sample data to obtain the student network in the target field.

According to a fourth aspect of one or more embodiments of the present specification, there is provided a knowledge migration method based on a machine learning model, including:

sending target sample data to a maintainer of a trusted execution environment, so that the maintainer respectively inputs the target sample data into teacher networks of a plurality of source fields in the trusted execution environment to obtain prediction results of the teacher networks for the target sample data, and integrating the obtained prediction results to obtain soft tag values corresponding to the target sample data; each teacher network is obtained by training sample data of each source field and is decrypted in the trusted execution environment;

and receiving the encrypted soft label value returned by the maintainer, decrypting the received soft label value, and performing knowledge distillation on the target sample data based on the decrypted soft label value and the originally labeled hard label value of the target sample data to obtain the student network in the target field. According to a fifth aspect of one or more embodiments of the present specification, there is provided a user risk assessment apparatus including:

an information input unit inputting behavior information of a user of a target partner into a student wind control model corresponding to the target partner; the student wind control model is obtained by carrying out knowledge distillation on target sample data based on a soft tag value of the target sample data of the target partner and a risk tag value which is originally marked as a hard tag value, the soft tag value is obtained by integrating prediction results of a plurality of teacher wind control models aiming at the target sample data in a trusted execution environment, each teacher wind control model is decrypted in the trusted execution environment, and each teacher wind control model is obtained by training sample data of other corresponding partners; wherein any sample data contains behavior information labeled with a risk label value.

And the risk evaluation unit is used for determining the risk score of the user according to the output result of the student wind control model.

According to a sixth aspect of one or more embodiments of the present specification, there is provided a knowledge migration apparatus based on a machine learning model, including:

the system comprises an acquisition unit, a verification unit and a verification unit, wherein the acquisition unit is used for acquiring teacher networks in a plurality of source fields and target sample data in a target field, reading the acquired teacher networks into a trusted execution environment for decryption, and training the sample data in the source fields of the teacher networks to obtain the target sample data;

the integration unit is used for respectively inputting the target sample data into each teacher network in the trusted execution environment to obtain a prediction result of each teacher network for the target sample data, and integrating the obtained prediction result to obtain a soft tag value corresponding to the target sample data;

and the training unit is used for carrying out knowledge distillation on the target sample data based on the soft label value and the originally labeled hard label value of the target sample data so as to obtain the student network in the target field.

According to a seventh aspect of one or more embodiments of the present specification, there is provided a knowledge migration apparatus based on a machine learning model, including:

the integration unit is used for respectively inputting the target sample data into each teacher network in the trusted execution environment so as to obtain a prediction result of each teacher network for the target sample data, integrating the obtained prediction result to obtain a soft label value corresponding to the target sample data, and encrypting the soft label value;

and the returning unit is used for returning the encrypted soft tag value to a provider of the target sample data so that the provider decrypts the received soft tag value, and based on the decrypted soft tag value and the originally labeled hard tag value of the target sample data, knowledge distillation is carried out on the target sample data so as to obtain the student network in the target field.

According to an eighth aspect of one or more embodiments of the present specification, there is provided a knowledge migration apparatus based on a machine learning model, including:

the system comprises a sending unit, a receiving unit and a processing unit, wherein the sending unit is used for sending target sample data to a maintainer of a trusted execution environment so that the maintainer respectively inputs the target sample data into teacher networks in a plurality of source fields in the trusted execution environment to obtain prediction results of the teacher networks for the target sample data, and the obtained prediction results are integrated to obtain soft tag values corresponding to the target sample data; each teacher network is obtained by training sample data of each source field and is decrypted in the trusted execution environment;

and the training unit is used for receiving the encrypted soft label value returned by the maintainer, decrypting the received soft label value, and performing knowledge distillation on the target sample data based on the decrypted soft label value and the originally labeled hard label value of the target sample data to obtain the student network in the target field.

According to a ninth aspect of one or more embodiments herein, there is provided an electronic device, comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor implements the user risk assessment method as described in the first aspect above by executing the executable instructions.

According to a tenth aspect of one or more embodiments of the present specification, there is provided an electronic apparatus comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor implements the machine learning model-based knowledge migration method as described in the second aspect above by executing the executable instructions.

According to an eleventh aspect of one or more embodiments herein, there is provided an electronic device, comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor implements the machine learning model-based knowledge migration method as described in the third aspect above by executing the executable instructions.

According to a twelfth aspect of one or more embodiments of the present specification, there is provided an electronic device, comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor implements the machine learning model-based knowledge transfer method as described in the fourth aspect above by executing the executable instructions.

According to a thirteenth aspect of embodiments of the present disclosure, there is provided a computer-readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the steps of the user risk assessment method as described in the above first aspect.

According to a fourteenth aspect of embodiments of the present disclosure, there is provided a computer-readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the steps of the machine learning model-based knowledge migration method as described in the second aspect above.

According to a fifteenth aspect of embodiments of the present disclosure, there is provided a computer-readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the steps of the machine learning model-based knowledge migration method as described in the third aspect above.

According to a sixteenth aspect of embodiments of the present disclosure, there is provided a computer-readable storage medium having stored thereon computer instructions which, when executed by a processor, implement the steps of the machine learning model-based knowledge migration method as described in the fourth aspect above.

Drawings

FIG. 1 is an architectural diagram of a knowledge migration system based on a machine learning model according to an exemplary embodiment.

FIG. 2 is a flow chart of a method for knowledge migration based on a machine learning model according to an exemplary embodiment.

FIG. 3 is a flow chart of another method for knowledge migration based on a machine learning model according to an exemplary embodiment.

FIG. 4 is a flowchart of another method for knowledge migration based on machine learning models, according to an example embodiment.

FIG. 5 is a flowchart of a user risk assessment method provided by an exemplary embodiment.

Fig. 6 is a flow chart of issuing a public and private key of a digital envelope provided by an exemplary embodiment.

FIG. 7 is an interaction diagram of a knowledge migration method based on a machine learning model according to an exemplary embodiment.

Fig. 8 is a schematic structural diagram of an apparatus according to an exemplary embodiment.

Fig. 9 is a block diagram of a user risk assessment device according to an exemplary embodiment.

Fig. 10 is a schematic structural diagram of another apparatus provided in an exemplary embodiment.

FIG. 11 is a block diagram of a knowledge migration apparatus based on a machine learning model according to an example embodiment.

Fig. 12 is a schematic structural diagram of another apparatus provided in an exemplary embodiment.

FIG. 13 is a block diagram of another knowledge migration apparatus based on machine learning models provided by an exemplary embodiment.

Fig. 14 is a schematic structural diagram of another apparatus provided in an exemplary embodiment.

FIG. 15 is a block diagram of another knowledge migration apparatus based on machine learning models provided by an exemplary embodiment.

Detailed Description

Reference will now be made in detail to the exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, like numbers in different drawings represent the same or similar elements unless otherwise indicated. The implementations described in the following exemplary embodiments do not represent all implementations consistent with one or more embodiments of the present specification. Rather, they are merely examples of apparatus and methods consistent with certain aspects of one or more embodiments of the specification, as detailed in the claims which follow.

It should be noted that: in other embodiments, the steps of the corresponding methods are not necessarily performed in the order shown and described herein. In some other embodiments, the method may include more or fewer steps than those described herein. Moreover, a single step described in this specification may be broken down into multiple steps for description in other embodiments; multiple steps described in this specification may be combined into a single step in other embodiments.

FIG. 1 is an architectural diagram of a knowledge migration system based on a machine learning model according to an exemplary embodiment. As shown in fig. 1, the system may include a server 11, a network 12, a number of electronic devices such as a cell phone 13, a cell phone 14, and PCs 15-16.

The server 11 may be a physical server comprising a separate host, or the server 11 may be a virtual server carried by a cluster of hosts. In operation, the server 11 serves as a server to interface with each partner, that is, provides a platform for each partner to cooperate with, and is used for migrating the performance of the teacher network trained by each partner interfacing with the server to the student network.

Cell phones 13-14, PCs 15-16 are just one type of electronic device that a user may use. Indeed, it is clear that a partner interfacing with the server 11 may also use electronic devices of a type such as: tablet devices, notebook computers, Personal Digital Assistants (PDAs), wearable devices (e.g., smart glasses, smart watches, etc.), etc., which are not limited by one or more embodiments of the present disclosure. In the technical scheme of one or more embodiments of the present specification, each partner trains to obtain a teacher network by using sample data of the partner, so that training of a related student network can be guided, and model parameters learned by the teacher network (also understood as knowledge learned by the teacher network) are shared with the student network, thereby improving the performance of the student network.

And the network 12 for interaction between the handsets 13-14, PCs 15-16 and the server 11 may include various types of wired or wireless networks. In one embodiment, the Network 12 may include the Public Switched Telephone Network (PSTN) and the Internet.

FIG. 2 is a flow chart of a method for knowledge migration based on a machine learning model according to an exemplary embodiment. As shown in fig. 2, the method applied to the server may include the following steps:

step 202, obtaining teacher networks in multiple source fields and target sample data in a target field, reading the obtained teacher networks into a trusted execution environment for decryption, and training the sample data in the source fields of the teacher networks to obtain the target sample data.

In this embodiment, when training the supervised machine learning model, it may be difficult to collect sample data labeled with a label value, for example, the sample data is less accumulated due to a time problem, and the data amount of collecting sample data is large, time-consuming, and high in cost. Further, even if the sample data is sufficient, it is more costly and less efficient to construct the model from scratch. Thus. When there is a need to train a supervised machine Learning model in a certain field, the Transfer Learning (Transfer Learning) technology can be used to Transfer the learned knowledge of the trained model related to the field (for example, belonging to the same type, with high similarity, etc.) to the machine Learning model in the field, thereby improving the efficiency of training the model. In other words, the existing knowledge is utilized to learn the new knowledge, and there is a similarity between the existing knowledge and the new knowledge. In the transfer learning, a domain to which the existing knowledge belongs is called a source domain (source domain), and a domain to which the new knowledge to be learned belongs is called a target domain (target domain); the source field usually has a large amount of label data, the target field usually has only a small amount of label samples, the source field and the target field are different but have certain correlation, and knowledge migration can be performed by reducing the distribution difference between the source field and the target field.

Further, during the migration process, Knowledge Distillation (Knowledge Distillation) technology is introduced to improve the generalization ability and performance of the model to be trained. Specifically, a teacher-student network (teacher-student network) is used to guide training of the student network by distilling knowledge of the teacher network. The teacher network is often a more complex network, has very good performance and generalization capability, and can be used as a soft target to guide another simpler student network to learn, so that a simpler student model with less parameter calculation amount can also have performance similar to that of the teacher network.

In the technical solution of one or more embodiments of the present specification, the teacher network corresponds to a source domain, that is, a supervised learning model trained in the source domain is used as the teacher network to guide the learning of the student network, and the knowledge learned by the teacher network is migrated to the student network, and the student network corresponds to a target domain, that is, a model to be trained in the target domain is used as the student network.

In this embodiment, when a to-be-trained model exists in a certain partner docked with the server, the server may perform transfer learning on the supervised machine learning model that has been trained by other partners related to the field to which the partner belongs, so as to guide the learning of the to-be-trained model. Therefore, in the process of training the student network of the target field, a large amount of sample data of the target field does not need to be collected again for training, and the efficiency of training the student network can be improved. Meanwhile, the student network can inherit the better generalization capability and performance of the teacher network.

In this embodiment, one or more teacher networks may be selected to guide the training of the student networks. Wherein, the source field corresponds to the teacher network one to one. In order to improve the generalization ability and performance of the student network (i.e. the generalization ability and performance of the teacher network can be well migrated to the student network), a field with higher similarity to the target field can be selected as the source field. As an exemplary embodiment, it may be set that each source domain is of the same type as the target domain. For example, in the field of image recognition, they are all used for recognizing vehicles, all used for recognizing felines, all used for face recognition, and the like.

In this embodiment, when a plurality of teacher networks are selected, the knowledge migration scheme based on the machine learning model in this specification may be understood as that data providers in various source fields cooperate together to complete training of the student networks, that is, the plurality of data providers possess their own sample data and can use the data of each other together to train the machine learning model in a unified manner. It should be noted that the sample data of each data provider belongs to private data of itself, so the above-mentioned process of joint modeling should be performed under the condition that the data of each party is ensured to be safe. Therefore, the data provider is used as an executive body for training the teacher network, and trains the teacher network by using sample data labeled by the data provider in respective source fields. In other words, each teacher network is trained by the data provider in the source domain using its own private data as sample data. Therefore, on one hand, each data provider cooperates to train each teacher network, and the efficiency of subsequently training student networks can be improved; on the other hand, the training process of the teacher network in each source field does not need to be out of range, and the privacy of sample data in each source field can be guaranteed.

In this embodiment, each teacher network belongs to private data in the respective source field, target sample data belongs to private data in the target field, and a prediction result of each teacher network for the target sample data belongs to decision privacy (i.e., privacy of a result output by each teacher network). Therefore, for privacy security, a TEE (Trusted execution environment) may be introduced, target sample data may be predicted by using a teacher network within the TEE, and an obtained prediction result may be integrally learned. The TEE can play a role of a black box in hardware, a code and data operating system layer executed in the TEE cannot be peeped, and the TEE can be operated only through an interface defined in advance in the code.

Correspondingly, a provider of the teacher network can encrypt the teacher network before sending the teacher network trained by the provider to the server, and then the server decrypts the teacher network in the TEE first, and then predicts target sample data by using the decrypted teacher network. Similarly, the provider of the target sample data can encrypt the target sample data before sending the target sample data to the server, and then the server decrypts the target sample data in the TEE first and inputs the decrypted target sample data into the teacher network. On one hand, through decrypting teacher network and target sample data in the TEE, the privacy security of the user can be effectively ensured; on the other hand, prediction is carried out according to the teacher network and the target sample data in the plaintext form in the TEE, but not according to the teacher network and the target sample data in the ciphertext form, and the efficiency of the prediction process is not lost. Therefore, by combining TEE with a training student network, security and privacy can be improved with less performance loss. The encryption process for the teacher network and the target sample data will be described in detail below. Meanwhile, the operations executed in the TEE are only encryption, decryption and prediction, and a large amount of memory space of the TEE is not required to be occupied.

Step 204, respectively inputting the target sample data into each teacher network in the trusted execution environment to obtain a prediction result of each teacher network for the target sample data, and integrating the obtained prediction results to obtain a soft tag value corresponding to the target sample data.

In this embodiment, in order to improve that the trained student network is a strong supervision model with diversity (comprehensiveness), so that the student network is stable and performs better in all aspects, rather than having a preference (weak supervision model, performs better in some aspects), the obtained prediction results of multiple teacher networks may be integrally learned in the TEE. By integrally learning a plurality of acquired prediction results, when a wrong prediction exists for target sample data in a certain teacher network, the wrong prediction can be corrected through other teacher networks, so that the effects of variance (bagging), deviation (boosting) and prediction improvement (starting) are reduced. The specific implementation manner of ensemble learning can be flexibly selected according to actual situations, and one or more embodiments of the present specification do not limit this. For example, voting, weighted averaging, etc. may be employed. As another example, Bagging (Bagging; e.g., random forest), Boosting, and Stacking algorithms can be used.

And step 206, performing knowledge distillation on the target sample data to obtain a student network in the target field based on the soft tag value and the originally labeled hard tag value of the target sample data.

In this embodiment, the hard tag value is the tag value originally labeled in the target sample data. For example, the hard tag value is obtained by labeling target sample data by a provider (belonging to the target field) of the target sample data. After a soft tag value (soft target) corresponding to target sample data is obtained through ensemble learning, knowledge distillation is performed on the target sample data based on the soft tag value and a hard tag value (hard target) originally labeled by the target sample data to obtain a student network in a target field. The hard target originally marked by target sample data (with small data size) is sourced, and the contained information amount (information entropy) is low; while soft target is the prediction output from the large model (teacher network), has higher entropy and can provide more information than hardtarget. Therefore, the hard target is assisted to train together by the soft target, namely, less data and larger learning rate are used, so that the simpler student model with less parameter calculation amount can have the performance similar to that of the teacher network (therefore, the student model can also be understood as a model compression mode). In other words, the training of the student network contains two objective functions: one corresponds to hard target, namely the original objective function, and outputs the cross entropy of label (label) true value for the class probability of the student network; the other corresponds to soft target, and the cross entropy of the class probability output of the student network and the class probability output of the teacher network is output. In soft target, the temperature parameter T is added to the softmax function:

wherein q is_iIs the magnitude of the probability value of the i-th class, input z_iIs a prediction vector (log logits) of class i; logits are the raw (non-normalized) components generated by the classification model, and the prediction vectors are typically passed to a normalization function. When the model is to solve a multi-class classification problem, then logits are typically used as inputs to the softmax function to generate a (normalized) probability vector from the softmax function, corresponding to each possible class. The softmax function is obtained by inputting z_iComparing the logit z of each category with other logits_iIs calculated as a summaryRate q_i。

Further, the Loss value is that L is α L^(soft)+(1-α)L^(hard). Wherein soft loss refers to the loss1 of the output of softmax (T ═ 20) in student model and the output of softmax (T ═ 20) in teacher model; hard loss refers to the loss2 of the output of softmax (T ═ 1) with the original label.

For example, the objective function corresponding to hard target and the objective function corresponding to soft target can be weighted and averaged to be the final objective function of the student network. For example, the soft target may be set to have a greater weight. As another example, the T value may take an intermediate value, and soft target may be assigned a weight of T2 and hard target may be assigned a weight of 1. Of course, any other weight setting may be used, and one or more embodiments of the present description are not limited thereto.

Meanwhile, the training process of the student network aiming at the target field has no limitation, so that the student network with strong interpretability can be obtained. Taking the classifier as an example, since there is no limitation on the classifier, the classifier with strong interpretability can be used for training.

In the knowledge migration scheme based on machine learning model of the present specification, in addition to training the student network by knowledge distillation by the server side as described above, this operation may be performed by the provider of target sample data. Referring to fig. 3, fig. 3 is a flowchart of another knowledge migration method based on a machine learning model according to an exemplary embodiment. As shown in fig. 3, the method applied to the server may include the following steps:

step 302, obtaining teacher networks in multiple source fields and target sample data in a target field, reading the obtained teacher networks into a trusted execution environment for decryption, and training the sample data in the source fields of the teacher networks to obtain the target sample data.

Step 304, respectively inputting the target sample data into each teacher network in the trusted execution environment to obtain a prediction result of each teacher network for the target sample data, integrating the obtained prediction results to obtain a soft tag value corresponding to the target sample data, and encrypting the soft tag value.

In this embodiment, for the teacher network and/or the target sample data, the encryption may be performed by using a digital envelope, where the encryption of the digital envelope is combined with a symmetric encryption algorithm and an asymmetric encryption algorithm. Taking the teacher network as an example (the target sample data is similar to the target sample data), the provider of the teacher network may encrypt the teacher network by using a symmetric encryption algorithm (that is, encrypt the teacher network by using a symmetric key used by the provider itself), and then encrypt the symmetric key by using a public key of an asymmetric encryption algorithm (that is, a digital envelope public key). For example, the provider may encrypt the symmetric key used to encrypt the teacher network with the server public key (i.e., the digital envelope public key). The process of the provider obtaining the server public key will be described in detail below.

As can be seen from the above manner of encrypting the teacher network and/or the target sample data, the data to be decrypted is encrypted by the corresponding provider through its own symmetric key. Therefore, the server side can acquire the symmetric key corresponding to the provider first, and then decrypt the data to be decrypted through the acquired symmetric key in the TEE. For the method of obtaining the symmetric key corresponding to the provider, since the symmetric key used for encrypting the data to be decrypted is encrypted by using the server public key, the symmetric key used for encrypting the data to be decrypted can be decrypted in the TEE by using the server private key (i.e. the digital envelope private key) to obtain the decrypted symmetric key.

The TEE is a trusted execution environment that is based on a secure extension of the CPU hardware and is completely isolated from the outside. TEE was originally proposed by Global Platform to address the secure isolation of resources on mobile devices, providing a trusted and secure execution environment for applications parallel to the operating system. The Trust Zone technology of ARM realizes the real commercial TEE technology at the earliest. Along with the rapid development of the internet, the security requirement is higher and higher, and more requirements are provided for the TEE by mobile equipment, cloud equipment and a data center. The concept of TEE has also been developed and expanded at a high rate. The concept now referred to as TEE has been a more generalized TEE than the concept originally proposed. For example, server chip manufacturers Intel, AMD, etc. have introduced hardware-assisted TEE in turn and enriched the concept and characteristics of TEE, which have gained wide acceptance in the industry. The mention of TEE now is more generally directed to such hardware assisted TEE techniques. Unlike the mobile terminal, the cloud access requires remote access, and the end user is not visible to the hardware platform, so the first step of using the TEE is to confirm the authenticity and credibility of the TEE. A remote attestation mechanism may therefore be introduced for TEE technology, endorsed by a hardware vendor (mainly the CPU vendor) and ensured by digital signature techniques that the user is verifiable for the TEE state. Meanwhile, the security requirement which cannot be met by only safe resource isolation is also met, and further data privacy protection is also provided. Commercial TEE including Intel SGX, AMD SEV also provide memory encryption techniques, limiting trusted hardware within the CPU, with the data of the bus and memory being ciphertext to prevent snooping by malicious users. For example, TEE technology such as intel's software protection extensions (SGX) isolates code execution, remote attestation, secure configuration, secure storage of data, and trusted paths for executing code. Applications running in the TEE are secured and are almost impossible to access by third parties.

Taking the Intel SGX technology as an example, SGX provides a bounding box, i.e., an encrypted trusted execution area in the memory, and the CPU protects data from being stolen. Taking an SGX-supporting CPU as an example, a server may allocate a part of an EPC (enclosure Page Cache, Enclave Page Cache, or Enclave Page Cache) in a memory by using a newly added processor instruction, and encrypt data therein by using an Encryption engine mee (memory Encryption engine) in the CPU. The encrypted content in the EPC is decrypted into plaintext only after entering the CPU. Therefore, in the SGX, a user may not trust an operating System, a VMM (Virtual Machine Monitor), or even a BIOS (Basic Input Output System), and only need to trust the CPU to ensure that private data is not leaked.

Therefore, the TEE of the server side can be established through the SGX architecture. After the TEE passes through the remote certification initiated by the key management server, the digital envelope public key is sent to a provider of data to be decrypted by the key management server, and the digital envelope private key is sent to the enclosure of the TEE by the key management server.

Step 306, returning the encrypted soft tag value to the provider of the target sample data, so that the provider decrypts the received soft tag value, and performing knowledge distillation on the target sample data based on the decrypted soft tag value and the originally labeled hard tag value of the target sample data to obtain the student network in the target field.

Accordingly, FIG. 4 is a flow chart of another method for knowledge migration based on machine learning models, according to an exemplary embodiment. As shown in fig. 4, the method applied to the provider of the target sample data may include the following steps:

step 402, sending the encrypted target sample data to a maintainer of a trusted execution environment, so that the maintainer inputs the target sample data into teacher networks of multiple source fields in the trusted execution environment respectively to obtain prediction results of the teacher networks for the target sample data, and integrating the obtained prediction results to obtain a soft tag value corresponding to the target sample data; each teacher network is obtained by training sample data of each source field and is decrypted in the trusted execution environment;

step 404, receiving the encrypted soft tag value returned by the maintainer, decrypting the received soft tag value, and performing knowledge distillation on the target sample data based on the decrypted soft tag value and the originally labeled hard tag value of the target sample data to obtain the student network in the target field.

It should be noted that, for the specific process of training the student network in fig. 3 to 4, reference may be made to the corresponding content of the embodiment shown in fig. 2, and details are not repeated here.

In the technical solution of one or more embodiments of the present specification, the specific content of the sample data can be flexibly set according to the actual application scenario. For example, the data type of the sample data may contain images, text, voice, and the like. Similarly, the label of the sample data can be flexibly set according to the actual application scenario, and the following example is described.

In the scenario of the entity object being ventilated, the potential risks of the user or the merchant can be predicted, such as predicting the risk of loan and real-time transaction. Taking real-time transaction as an example, the cooperation platform is in butt joint cooperation with the merchants, and a large amount of sample data is accumulated in each merchant in the business process. The sample data (in text form or other data types) includes basic information, behavior information, transaction information, and the like of the user. And, the merchant can label the sample data in the transaction risk dimension. When the cooperation platform is newly accessed to a newly opened commercial tenant a, the accurate and comprehensive wind control model cannot be obtained through training due to the fact that sample data mastered by the cooperation platform is limited. Then, the newly accessed merchant a can be jointly modeled in combination with other merchants of the same type on the cooperation platform. Under the condition, a newly accessed merchant a belongs to the target field, a small amount of sample data mastered by the merchant a is target sample data, and a wind control model to be trained is a student network; other merchants 1-n in the same industry (such as the same fund, insurance company and the like) as the newly accessed merchant on the cooperation platform belong to the source field, and the merchants 1-n can obtain a teacher network by utilizing a large amount of sample data accumulated by the merchants to train so as to guide the training of a student network. After the joint modeling of the student network is completed, the merchant a can input the acquired data of the basic information, behavior information, transaction information and the like of the user into the student network, so as to predict the risk score of the current transaction with the user.

In the intelligent recommendation scene, the potential needs of the user can be predicted, such as predicting commodities the user wants to buy, interesting news, favorite books and the like. Taking the example that a seller recommends commodities to a user, a cooperation platform is in butt joint cooperation with a plurality of sellers, and each seller accumulates a large amount of user purchase records in the business process. The sample data (in text form or other data types) is user information such as occupation, income, age, gender and the like, and the merchant can label the sample data according to the commodities purchased by the user in the user purchase record. When a seller a is newly accessed by the cooperation platform, the commodity cannot be recommended to the user due to the limited history of the user. Then, the newly accessed seller a can be jointly modeled in conjunction with other sellers of the same type on the collaboration platform. Under the condition, a newly accessed merchant a belongs to the target field, a small amount of user purchase records mastered by the merchant a serve as target sample data, and a commodity recommendation model to be trained is a student network; other sellers 1-n in the same industry (such as catering, clothing and the like) as the newly-accessed seller on the cooperation platform belong to the source field, and the sellers 1-n can use the accumulated purchase records of a large number of users to train to obtain a teacher network so as to guide the training of the student network. After the joint modeling of the student network is completed, the seller a can input the acquired user information of the user into the student network, so that commodities which are possibly required to be purchased by the user are predicted, and then corresponding commodities are recommended to the user according to a prediction result.

In the scene of intelligent customer service, the voice conversation can be carried out with the user in real time, and the user question can be answered or chatted. For example, the collaboration platform collaborates with multiple enterprises, each of which has accumulated a large amount of session data in the process of providing customer service to users. The sample data can be texts, images, voice of the user and the like input by the user, and the label of the sample data is the content replied to the user by the customer service in the conversation data. When another enterprise a is newly accessed to the cooperation platform and wants to provide services of intelligent customer service for users, if the conversation data between the users and the customer service mastered by the enterprise a is limited, the enterprise a can be combined with other enterprises in the cooperation platform to perform combined modeling. For example, enterprises 1-n providing customer service such as voice assistants, chat tools, answers, etc. may jointly model through respective accumulated conversation data. Wherein, the customer service of the enterprises 1-n has certain similarity with the conversation scene of the user. In this case, the newly accessed enterprise a belongs to the target field, a small amount of self-mastered dialogue data is target sample data, and the customer service model to be trained is a student network; enterprises 1-n belong to the source field, and the enterprises 1-n can train by utilizing a large amount of conversation data accumulated respectively to obtain a teacher network so as to guide the training of a student network. After the joint modeling of the student network is completed, the enterprise a (or the enterprises 1 to n) can provide intelligent customer service services for the users by using the student network, namely, the conversation content (text, image, voice and the like) initiated by the users is used as the input of the student network, and the output result is used as the reply of the conversation.

The following describes an application process of the student network obtained by training in the above embodiment, taking a wind-controlled application scenario as an example. Referring to fig. 5, fig. 5 is a flowchart of a user risk assessment method according to an exemplary embodiment. As shown in fig. 5, the evaluation method may include the steps of:

step 502, inputting behavior information of a user of a target partner into a student wind control model corresponding to the target partner; the student wind control model is obtained by carrying out knowledge distillation on target sample data based on a soft tag value of the target sample data of the target partner and a risk tag value which is originally marked as a hard tag value of the target sample data, the soft tag value is obtained by integrating prediction results of a plurality of teacher wind control models for the target sample data in a trusted execution environment, each teacher wind control model and the target sample data are decrypted in the trusted execution environment, and each teacher wind control model is obtained by training sample data of other corresponding partners; wherein any sample data contains behavior information labeled with a risk label value;

and step 504, determining the risk score of the user according to the output result of the student wind control model.

In the present embodiment, in the application scenario of wind control, the student wind control model corresponds to the student network in the above-described embodiment of fig. 2 to 4, and the teacher wind control model corresponds to the teacher network in the above-described embodiment of fig. 2 to 4. Training the specific content of the sample data of each model as the behavior information of the user, and marking the content as the risk score of the user; in other words, the input to each model is the user's behavioral information, and the output is the user's risk score (including probability distribution). Multiple parties cooperate on the same platform, a target partner belongs to the target field and is a provider of target sample data, and a model to be trained is a student wind control model, so that the teacher wind control model of other partners can guide the training of the student wind control model. The specific training process may refer to the embodiments shown in fig. 2 to 4, which are not described herein again.

After the student wind control model corresponding to the target partner is obtained through training, in one case, the student wind control model can be configured on the client side of the target partner, and then the target partner can input behavior information to the student wind control model through the client after acquiring the behavior information of the user, so that the risk score of the user is determined according to the output result, and the subsequent processing mode aiming at the user is further determined. For example, when the risk score is low (indicating that the user is safe), the user may be issued a consumption interest; when the risk score is high (indicating that the user is potentially at risk), the user's registration request may be intercepted. In another case, the student wind control model may be configured on a server side that is docked with the target partner, and then after the target partner obtains the behavior information of the user, the target partner may send the behavior information to the server side through the client side, so that the server side determines the risk score of the user by using the student wind control model and returns the risk score to the client side for presentation.

In this embodiment, in order to improve the generalization ability and performance of the student wind control model (i.e., the generalization ability and performance of the teacher wind control model can be better migrated to the student wind control model), the teacher wind control model of another partner with higher similarity to the target partner may be selected to guide the training of the student wind control model. As an exemplary embodiment, the target partner and the other partner may be set to belong to the same type of partner. For example, all belong to the catering category, all belong to the finance category and the like.

In this embodiment, in order to protect the privacy and security of each other partner, each teacher wind control model is obtained by training sample data of the teacher wind control model itself through the corresponding other partner. In other words, the other partners are used as execution subjects for training the teacher wind control model, and the teacher wind control model is obtained through training by using sample data labeled by the other partners. Therefore, on one hand, each partner collaboratively trains the respective teacher wind control model, and the efficiency of subsequently training the student wind control model can be improved; on the other hand, the training process of each teacher wind control model does not need to be out of range, and the privacy of sample data in each source field can be guaranteed.

For the convenience of understanding, the technical solutions of the present specification are described in detail below with reference to application scenarios and accompanying drawings.

Referring to fig. 6, fig. 6 is a flowchart for issuing the public and private keys of a digital envelope according to an exemplary embodiment. As shown in fig. 6, the process may include the steps of:

in step 602, the key management server 61 sends an authentication request for the SGX to the server 62.

In this embodiment, a public key (i.e., a server public key) and a private key (i.e., a server private key) of the digital envelope may be generated by the key management server, and after the SGX of the server passes the remote certification, the key management server sends the private key to a surrounding of the SGX in the server and sends the public key to the client connected to the server.

In the process of remote attestation, the key management server 61 issuing the EVM code of the SGX acts as a challenge to the service end 62, and the service end 62 is required to present a verification report to prove that the EVM code running in the SGX of the service end 62 is issued by the key management server 61 or is consistent with the EVM code stored in the key management server 61.

In step 604, the server 62 generates a verification report and signs with the private key of the CPU of the SGX.

In step 606, the server 62 returns an authentication report to the key management server 61.

In step 608, the key management server 61 forwards the authentication report to the IAS 63.

Taking the Intel SGX technology as an example, after receiving the authentication request, the service end 62 derives the EVM code of the SGX to generate an authentication report based on the EVM code. For example, the EVM code may be hash-calculated to obtain a corresponding hash value, the hash value is stored in a quote (reference structure), and the quote (serving as a verification report) is signed by using a private key of the CPU of the SGX.

Intel is configured with a private key to a CPU when the CPU is shipped, but is configured in an IAS (Intel authentication Server) of Intel without disclosing a public key corresponding to the private key. Then, after the verification report is signed by using the private key of the CPU, since there is no corresponding public key, the key management server 61 needs to forward the result to the IAS after obtaining the quote returned by the server 62, so as to verify the signature by the IAS.

In step 610, the IAS63 verifies the signature using the public key of the CPU of the SGX.

In the present embodiment, if the authentication is passed, the authentication result is returned to the key management server 61. For example, an AVR report may be generated in which a "YES" is used to indicate that the verification signature passed and a "NO" is used to indicate that the verification signature failed. In order to prevent the AVR report from being intercepted or modified during transmission, the IAS may sign the AVR report with its own certificate, in addition to using SSL (secure sockets Layer) encryption for the transmitted link.

In step 612, the IAS63 returns the authentication result to the key management server 61.

At step 614, the key management server 61 authenticates the SGX.

In this embodiment, the key management server 61, after receiving the verification result, verifies the signature of the IAS, and acquires the verification result recorded in the AVR report after the verification is passed. If YES, comparing the hash value in the qote with the local hash value (obtained by performing hash calculation on the EVM code of the locally maintained SGX). And when the comparison result is consistent, judging that the remote certification is passed.

At step 616A, the key management server 61 sends the public key of the digital envelope to the client 64 interfacing with the server.

In the present embodiment, the key management server 61 can sign the public key of the digital envelope so that the client 64 can verify the authenticity of the public key. The client section 64 is a client used by a provider of the teacher network, or a client used by a provider of target sample data. In other words, both the target sample data and the provider of the teacher network can obtain the public key of the digital envelope in the manner described above.

In step 616B, the key management server 61 encrypts the private key of the transmission digital envelope to the server 62.

In this embodiment, the key management server 61 and the server 62 may negotiate a key for encrypting the private key of the digital envelope during the interaction of step 602 and step 606. Then, the key management server 61 may encrypt the private key of the digital envelope by the negotiated key to encrypt the private key of the transmission digital envelope to the server 62.

In this embodiment, the private key of the digital envelope can be passed into the server's enclosure. The server side can comprise a plurality of enclosures, and the private key can be transmitted into a safety enclosure in the enclosures; for example, the security enclosure may be a qe (vectoring enclosure) enclosure, rather than an ae (application enclosure) enclosure.

With reference to fig. 7, fig. 7 is an interaction diagram of a knowledge migration scheme based on a machine learning model according to an exemplary embodiment of the present invention. As shown in fig. 7, the interactive process may include the following steps:

in step 702A, the partner 1 trains through the private data labeled by the partner 1 to obtain the teacher network 1.

In step 702B, the partner 2 trains through the private data labeled by the partner 2 to obtain the teacher network 2.

And step 702C, the cooperation party n obtains the teacher network n through the private data training marked by the cooperation party n.

It should be noted that steps 702A-702C are parallel to each other, and there is no requirement on the chronological order.

In this embodiment, taking a wind control scenario as an example, the "merchant health score" is an index for risk assessment by a service end serving as a merchant cooperation platform to merchants under ISV (Independent Software developers) in terms of the merchants under the channels, and by evaluating the "merchant health score" of the merchants under the channels, the service end can help partners (ISV merchants) to improve the wind control capability. In the process of modeling the model for evaluating the merchant health score by the ISV channel, since the grasped merchant behavior data is limited (i.e. sample data is limited), the merchant behavior data accumulated from other partners (other ISV channels) can be jointly modeled by means of the merchant cooperation platform. Wherein, other partners of the joint modeling should have certain association with the ISV channel trader, for example, belong to the same industry. The following description takes the ISV channel trader and partner 1-n joint modeling as an example.

The cooperation parties 1-n label the behavior information of the merchants in the historical business process on risk dimension, and then obtain sample data (belonging to private data of the cooperation parties) for training a teacher network, namely, the input of the teacher network obtained through training is the behavior information of the merchants, and the output is corresponding risk scores. The supervised machine learning algorithm used for training may be flexibly selected according to actual conditions, and one or more embodiments of the present disclosure are not limited thereto. The following description will be given by taking the classifier as an example.

In step 704A, the partner 1 encrypts the teacher network 1.

In step 704B, the partner 2 encrypts the teacher network 2.

In step 704C, the partner n encrypts the teacher network n.

In this embodiment, the partners 1-n may generate symmetric keys for their own use. After the teacher network is obtained through training, the teacher network can be encrypted by using the symmetric key used by the teacher network, and then the symmetric key is encrypted by using the public key of the digital envelope.

In this embodiment, target sample data (i.e. merchant behavior information grasped by the ISV distributor) may be sent to the cooperation platform by the ISV distributor, so that the cooperation platform performs joint modeling with the partners 1-n based on the target sample data.

In step 706A, the partner 1 sends the encrypted teacher network 1 to the collaboration platform.

In step 706B, the partner 2 sends the encrypted teacher network 2 to the collaboration platform.

In step 706C, the partner n sends the encrypted teacher network n to the collaboration platform.

Similarly, this description does not require a chronological order between the parallel steps in steps 704A-704C and steps 706A-706C. Meanwhile, there are many possible ways in which the collaborators 1-n send the teacher network to the collaboration platform, which can be flexibly set according to the actual situation, and the above steps 706A-706C are only used as an exemplary example, and one or more embodiments of the present disclosure are not limited thereto. For example, the cooperation party 1 can receive the teacher network sent by the cooperation parties 2-n, and then the cooperation party 1 sends the encrypted teacher network 1-n to the cooperation platform.

Step 708, the collaboration platform reads the teacher network 1-n into the TEE for decryption.

Step 710, when receiving the target sample data, the cooperation platform reads the target sample data into the TEE for decryption.

In this embodiment, taking the teacher network 1 as an example, the private key of the digital envelope is used to decrypt the symmetric key of the partner 1, and then the decrypted symmetric key is used to decrypt the teacher network 1. And the decryption modes of other teacher networks and target sample data are similar to the decryption modes, and are not described again.

And 712, the cooperation platform inputs the target sample data into the teacher network 1-n respectively to obtain the prediction results 1-n.

Taking the classifier as an example for explanation, assuming that the teacher network and the student network solve a multi-classification problem with M classes (classes), given a target sample data xi, each classifier fk (teacher network) can predict a probability distribution fk (xi), and then each fk (xi) can be integrated by an ensemble learning technique to obtain a final score.

And 714, integrating the prediction results 1-n by the cooperation platform to obtain a soft label value corresponding to the target sample data.

In this embodiment, in order to improve that the trained student network is a strong supervision model with diversity (comprehensiveness), so that the student network is stable and performs better in all aspects, rather than having a preference (weak supervision model, performs better in some aspects), the obtained prediction results 1-n may be subjected to ensemble learning to obtain a soft label value corresponding to the target sample data. For example, the result of ensemble learning is taken as a soft tag value corresponding to target sample data. By integrally learning a plurality of acquired prediction results, when a wrong prediction exists for target sample data in a certain teacher network, the wrong prediction can be corrected through other teacher networks, so that the effects of variance (bagging), deviation (boosting) and prediction improvement (starting) are reduced. The specific implementation manner of ensemble learning can be flexibly selected according to actual situations, and one or more embodiments of the present specification do not limit this. For example, voting, averaging, etc. may be employed. As another example, Bagging (Bagging; e.g., random forest), Boosting, and Stacking algorithms can be used.

And 716, carrying out knowledge distillation on the target sample data to obtain the student network by the cooperation platform based on the soft label value and the originally labeled hard label value of the target sample data.

Taking the integrated learning by adopting an averaging mode as an example, averaging the probability distribution output after performing the differential privacy processing on all the classifiers, and taking the final probability output obtained by averaging as a soft target to guide the student to learn in a network. The label value of the Target sample data originally labeled (for example, the ISV channel quotient of the Target domain labels the merchant behavior information accumulated by itself) is defined as hard label value, then the final label value, Target, is a hard label value + b soft label value (a + b is 1), and Target is the final label value for training the student network. The parameters a and b are used to control the label fusion weight, for example, a is 0.1 and b is 0.9.

Through the training process, the behavior information of the commercial tenant can be obtained and input into the student network with the corresponding risk score. In one case, the student network may be configured at a client side of the ISV distributor, and then the ISV distributor may input behavior information to the student network through the client after acquiring behavior information of the merchant, so as to determine a risk score of the merchant according to an output result, and further determine a subsequent processing mode for the merchant. For example, when the risk score is low (indicating that the merchant is safe), the merchant may be issued a consumption interest; when the risk score is high (indicating that the merchant is at potential risk), the merchant's registration request may be intercepted. In another case, the student network may be configured on the cooperation platform, and after obtaining the behavior information of the merchant, the ISV distributor may send the behavior information to the cooperation platform through the client, so that the cooperation platform determines the risk score of the merchant by using the student network and returns the risk score to the client for display.

Corresponding to the method embodiments, the present specification also provides device embodiments.

The embodiment of the user risk assessment device in the specification can be applied to electronic equipment. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. Taking a software implementation as an example, as a logical device, the device is formed by reading, by a processor of the electronic device where the device is located, a corresponding computer program instruction in the nonvolatile memory into the memory for operation.

On a hardware level, fig. 8 is a schematic block diagram of an apparatus provided in an exemplary embodiment. Referring to fig. 8, at the hardware level, the apparatus includes a processor 802, an internal bus 804, a network interface 806, a memory 808, and a non-volatile memory 810, but may also include hardware required for other services. The processor 802 reads the corresponding computer program from the non-volatile memory 810 into the memory 808 and then runs the computer program, thereby forming a user risk assessment device on a logical level. Of course, besides software implementation, the one or more embodiments in this specification do not exclude other implementations, such as logic devices or combinations of software and hardware, and so on, that is, the execution subject of the following processing flow is not limited to each logic unit, and may also be hardware or logic devices.

Referring to fig. 9, in a software implementation, the user risk assessment apparatus may include:

an information input unit 91 that inputs behavior information of a user of a target partner into a student wind control model corresponding to the target partner; the student wind control model is obtained by carrying out knowledge distillation on target sample data based on a soft tag value of the target sample data of the target partner and a risk tag value which is originally marked as a hard tag value, the soft tag value is obtained by integrating prediction results of a plurality of teacher wind control models aiming at the target sample data in a trusted execution environment, each teacher wind control model is decrypted in the trusted execution environment, and each teacher wind control model is obtained by training sample data of other corresponding partners; wherein any sample data contains behavior information labeled with a risk label value.

And the risk evaluation unit 92 is used for determining the risk score of the user according to the output result of the student wind control model.

Optionally, the target partner and the other partners belong to the same type of partner.

Optionally, each teacher wind control model is obtained by training sample data of each teacher by corresponding other partners.

Embodiments of the machine learning model-based knowledge migration apparatus of the present specification can be applied to electronic devices. The device embodiments may be implemented by software, or by hardware, or by a combination of hardware and software. Taking a software implementation as an example, as a logical device, the device is formed by reading, by a processor of the electronic device where the device is located, a corresponding computer program instruction in the nonvolatile memory into the memory for operation.

On a hardware level, fig. 10 is a schematic block diagram of an apparatus provided in an exemplary embodiment. Referring to fig. 10, at the hardware level, the apparatus includes a processor 1002, an internal bus 1004, a network interface 1006, a memory 1008, and a non-volatile memory 1010, although it may also include hardware required for other services. The processor 1002 reads a corresponding computer program from the non-volatile memory 1010 into the memory 10010 and then runs the computer program, thereby forming a knowledge migration apparatus based on the machine learning model on a logical level. Of course, besides software implementation, the one or more embodiments in this specification do not exclude other implementations, such as logic devices or combinations of software and hardware, and so on, that is, the execution subject of the following processing flow is not limited to each logic unit, and may also be hardware or logic devices.

Referring to fig. 11, in a software implementation, the knowledge migration apparatus based on machine learning model may include:

the acquisition unit 1101 is used for acquiring teacher networks in a plurality of source fields and target sample data in a target field, reading the acquired teacher networks into a trusted execution environment for decryption, and training the sample data in each source field to obtain each teacher network;

an integrating unit 1102, configured to input the target sample data into each teacher network in the trusted execution environment, respectively, to obtain a prediction result of each teacher network for the target sample data, and integrate the obtained prediction result to obtain a soft tag value corresponding to the target sample data;

a training unit 1103, configured to perform knowledge distillation on the target sample data to obtain a student network in the target field based on the soft tag value and a hard tag value originally labeled to the target sample data.

Optionally, each source domain is of the same type as the target domain.

Optionally, each teacher network is obtained by training, by using the data provider in the source field of each teacher, the private data of each teacher network as sample data.

Optionally, the data types of the target sample data and the sample data in each source domain include at least one of: image, text, speech.

On a hardware level, fig. 12 is a schematic block diagram of an apparatus provided in an exemplary embodiment. Referring to fig. 12, at the hardware level, the apparatus includes a processor 1202, an internal bus 1204, a network interface 1206, a memory 1208, and a non-volatile memory 1210, although other hardware required for services may be included. The processor 1202 reads the corresponding computer program from the non-volatile memory 1210 into the memory 12012 and then runs the computer program, thereby forming a user risk assessment device on a logical level. Of course, besides software implementation, the one or more embodiments in this specification do not exclude other implementations, such as logic devices or combinations of software and hardware, and so on, that is, the execution subject of the following processing flow is not limited to each logic unit, and may also be hardware or logic devices.

Referring to fig. 13, in a software implementation, the user risk assessment apparatus may include:

the obtaining unit 1301 obtains teacher networks in a plurality of source fields and target sample data in a target field, reads the obtained teacher networks into a trusted execution environment, and decrypts the obtained teacher networks, wherein each teacher network is obtained by training the sample data in each source field;

an integrating unit 1302, configured to input the target sample data into each teacher network in the trusted execution environment respectively to obtain a prediction result of each teacher network for the target sample data, integrate the obtained prediction results to obtain a soft tag value corresponding to the target sample data, and encrypt the soft tag value;

the returning unit 1303 returns the encrypted soft tag value to the provider of the target sample data, so that the provider decrypts the received soft tag value, and performs knowledge distillation on the target sample data based on the decrypted soft tag value and the originally labeled hard tag value of the target sample data to obtain the student network in the target field.

Optionally, the data to be decrypted in the trusted execution environment is encrypted by a corresponding provider through a symmetric key of the provider, where the data to be decrypted includes any teacher network and/or the target sample data; the obtaining unit 1301 is specifically configured to:

acquiring a symmetric key of a provider of the data to be decrypted;

and decrypting the data to be decrypted in the trusted execution environment through the acquired symmetric key.

Optionally, the symmetric key for encrypting the data to be decrypted is encrypted by using a digital envelope public key; the obtaining unit 1301 is further configured to:

and decrypting the symmetric key used for encrypting the data to be decrypted in the trusted execution environment through a digital envelope private key to obtain a decrypted symmetric key.

Optionally, the trusted execution environment is established through an SGX framework, after the trusted execution environment is certified remotely by a key management server, the digital envelope public key is sent to the provider of the data to be decrypted by the key management server, and the digital envelope private key is sent to the enclosure of the trusted execution environment by the key management server.

On a hardware level, fig. 14 is a schematic block diagram of an apparatus provided in an exemplary embodiment. Referring to FIG. 14, at the hardware level, the device includes a processor 1402, an internal bus 1404, a network interface 1406, a memory 1408, and a non-volatile storage 1410, although other hardware required for service may be included. Processor 1402 reads corresponding computer programs from non-volatile storage 1410 into memory 14014 and executes them, forming a user risk assessment device on a logical level. Of course, besides software implementation, the one or more embodiments in this specification do not exclude other implementations, such as logic devices or combinations of software and hardware, and so on, that is, the execution subject of the following processing flow is not limited to each logic unit, and may also be hardware or logic devices.

Referring to fig. 15, in a software implementation, the user risk assessment apparatus may include:

the sending unit 1501 sends target sample data to a maintainer of a trusted execution environment, so that the maintainer inputs the target sample data into teacher networks of multiple source fields in the trusted execution environment respectively to obtain prediction results of the teacher networks for the target sample data, and integrates the obtained prediction results to obtain soft tag values corresponding to the target sample data; each teacher network is obtained by training sample data of each source field and is decrypted in the trusted execution environment;

the training unit 1502 receives the encrypted soft tag value returned by the maintainer, decrypts the received soft tag value, and performs knowledge distillation on the target sample data based on the decrypted soft tag value and the originally labeled hard tag value of the target sample data to obtain the student network in the target field.

The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. A typical implementation device is a computer, which may take the form of a personal computer, laptop computer, cellular telephone, camera phone, smart phone, personal digital assistant, media player, navigation device, email messaging device, game console, tablet computer, wearable device, or a combination of any of these devices.

In a typical configuration, a computer includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.

The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.

Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic disk storage, quantum memory, graphene-based storage media or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.

It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.

The foregoing description has been directed to specific embodiments of this disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.

The terminology used in the description of the one or more embodiments is for the purpose of describing the particular embodiments only and is not intended to be limiting of the description of the one or more embodiments. As used in one or more embodiments of the present specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any and all possible combinations of one or more of the associated listed items.

It should be understood that although the terms first, second, third, etc. may be used in one or more embodiments of the present description to describe various information, such information should not be limited to these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of one or more embodiments herein. The word "if" as used herein may be interpreted as "at … …" or "when … …" or "in response to a determination", depending on the context.

The above description is only for the purpose of illustrating the preferred embodiments of the one or more embodiments of the present disclosure, and is not intended to limit the scope of the one or more embodiments of the present disclosure, and any modifications, equivalent substitutions, improvements, etc. made within the spirit and principle of the one or more embodiments of the present disclosure should be included in the scope of the one or more embodiments of the present disclosure.

Claims

1. A user risk assessment method, comprising:

2. The method of claim 1, wherein each teacher-specific model is trained on sample data of itself by the respective other partner.

3. A knowledge migration method based on a machine learning model, comprising:

4. The method of claim 3, wherein each teacher network is trained by data providers in the respective source domain using their own private data as sample data.

5. The method of claim 3, the data type of the target sample data and sample data of the respective source domain including at least one of: image, text, speech.

6. A knowledge migration method based on a machine learning model, comprising:

7. The method according to claim 6, wherein data to be decrypted in the trusted execution environment is encrypted by a corresponding provider through a symmetric key of the corresponding provider, and the data to be decrypted comprises any teacher network and/or the target sample data; decrypting the data to be decrypted within the trusted execution environment comprises:

acquiring a symmetric key of a provider of the data to be decrypted;

8. The method of claim 7, the symmetric key used to encrypt the data to be decrypted is encrypted with a digital envelope public key; the obtaining of the symmetric key of the provider of the data to be decrypted includes:

9. The method of claim 8, wherein the trusted execution environment is established via an SGX architecture, and wherein after the trusted execution environment is certified remotely via a key management server, the digital envelope public key is sent by the key management server to a provider of the data to be decrypted, and the digital envelope private key is sent by the key management server to a bounding volume of the trusted execution environment.

10. The method of claim 6, the data type of the target sample data and sample data of the respective source domain including at least one of: image, text, speech.

11. A knowledge migration method based on a machine learning model, comprising:

and receiving the encrypted soft label value returned by the maintainer, decrypting the received soft label value, and performing knowledge distillation on the target sample data based on the decrypted soft label value and the originally labeled hard label value of the target sample data to obtain the student network in the target field.

12. The method of claim 11, the data type of the target sample data and sample data of the respective source domain including at least one of: image, text, speech.

13. A user risk assessment device comprising:

an information input unit inputting behavior information of a user of a target partner into a student wind control model corresponding to the target partner; the student wind control model is obtained by carrying out knowledge distillation on target sample data based on a soft tag value of the target sample data of the target partner and a risk tag value which is originally marked as a hard tag value, the soft tag value is obtained by integrating prediction results of a plurality of teacher wind control models aiming at the target sample data in a trusted execution environment, each teacher wind control model is decrypted in the trusted execution environment, and each teacher wind control model is obtained by training sample data of other corresponding partners; wherein any sample data contains behavior information labeled with a risk label value;

14. The apparatus of claim 13, each teacher-wind model trained on its own sample data by the respective other partner.

15. A knowledge migration apparatus based on a machine learning model, comprising:

16. The apparatus of claim 15, wherein each teacher network is trained by data providers in the respective source domain using their own private data as sample data.

17. The device of claim 15, the data types of the target sample data and sample data of the respective source realms including at least one of: image, text, speech.

18. A knowledge migration apparatus based on a machine learning model, comprising:

19. The device of claim 18, wherein data to be decrypted in the trusted execution environment is encrypted by a corresponding provider through a symmetric key of the corresponding provider, and the data to be decrypted comprises any teacher network and/or the target sample data; the obtaining unit is specifically configured to:

acquiring a symmetric key of a provider of the data to be decrypted;

20. The apparatus of claim 19, a symmetric key used to encrypt the data to be decrypted is encrypted with a digital envelope public key; the acquisition unit is further configured to:

21. The apparatus of claim 20, the trusted execution environment established by an SGX architecture, the digital envelope public key sent by a key management server to a provider of the data to be decrypted after remote attestation of the trusted execution environment initiated by the key management server, the digital envelope private key sent by the key management server to a bounding volume of the trusted execution environment.

22. The device of claim 18, the data types of the target sample data and sample data of the respective source realms including at least one of: image, text, speech.

23. A knowledge migration apparatus based on a machine learning model, comprising:

24. The device of claim 23, the data types of the target sample data and sample data of the respective source realms including at least one of: image, text, speech.

25. An electronic device, comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor implements the method of claim 1 or 2 by executing the executable instructions.

26. An electronic device, comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor implements the method of any one of claims 3-5 by executing the executable instructions.

27. An electronic device, comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor implements the method of any one of claims 6-10 by executing the executable instructions.

28. An electronic device, comprising:

a processor;

a memory for storing processor-executable instructions;

wherein the processor implements the method of claim 11 or 12 by executing the executable instructions.

29. A computer readable storage medium having stored thereon computer instructions which, when executed by a processor, carry out the steps of the method of claim 1 or 2.

30. A computer readable storage medium having stored thereon computer instructions which, when executed by a processor, carry out the steps of the method according to any one of claims 3 to 5.

31. A computer readable storage medium having stored thereon computer instructions which, when executed by a processor, carry out the steps of the method according to any one of claims 6 to 10.

32. A computer readable storage medium having stored thereon computer instructions which, when executed by a processor, carry out the steps of the method according to claim 11 or 12.