CN112231571A - Information data processing method, device, equipment and storage medium - Google Patents
Information data processing method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN112231571A CN112231571A CN202011158092.8A CN202011158092A CN112231571A CN 112231571 A CN112231571 A CN 112231571A CN 202011158092 A CN202011158092 A CN 202011158092A CN 112231571 A CN112231571 A CN 112231571A
- Authority
- CN
- China
- Prior art keywords
- information
- gradient
- information data
- data
- gradient information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000003860 storage Methods 0.000 title claims abstract description 19
- 238000003672 processing method Methods 0.000 title description 10
- 238000001514 detection method Methods 0.000 claims abstract description 384
- 238000000034 method Methods 0.000 claims abstract description 148
- 230000008569 process Effects 0.000 claims abstract description 101
- 238000012545 processing Methods 0.000 claims abstract description 51
- 239000013598 vector Substances 0.000 claims abstract description 28
- 238000013145 classification model Methods 0.000 claims description 83
- 238000012549 training Methods 0.000 claims description 38
- 230000004044 response Effects 0.000 claims description 11
- 230000015654 memory Effects 0.000 claims description 9
- 238000005516 engineering process Methods 0.000 description 26
- 239000006185 dispersion Substances 0.000 description 25
- 230000006870 function Effects 0.000 description 24
- 230000006399 behavior Effects 0.000 description 16
- 239000011159 matrix material Substances 0.000 description 16
- 238000013473 artificial intelligence Methods 0.000 description 12
- 230000000694 effects Effects 0.000 description 12
- 238000011160 research Methods 0.000 description 9
- 238000010801 machine learning Methods 0.000 description 7
- 238000004422 calculation algorithm Methods 0.000 description 6
- 238000004590 computer program Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 6
- 230000002776 aggregation Effects 0.000 description 4
- 238000004220 aggregation Methods 0.000 description 4
- 239000000945 filler Substances 0.000 description 4
- 238000012804 iterative process Methods 0.000 description 4
- 241000282414 Homo sapiens Species 0.000 description 3
- 230000006854 communication Effects 0.000 description 3
- 238000009826 distribution Methods 0.000 description 3
- 230000010365 information processing Effects 0.000 description 3
- 238000012360 testing method Methods 0.000 description 3
- 241000700605 Viruses Species 0.000 description 2
- 238000004458 analytical method Methods 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000013135 deep learning Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000002411 adverse Effects 0.000 description 1
- 230000002155 anti-virotic effect Effects 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000013528 artificial neural network Methods 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000001609 comparable effect Effects 0.000 description 1
- 238000005094 computer simulation Methods 0.000 description 1
- 238000010219 correlation analysis Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000011156 evaluation Methods 0.000 description 1
- ZXQYGBMAQZUVMI-GCMPRSNUSA-N gamma-cyhalothrin Chemical compound CC1(C)[C@@H](\C=C(/Cl)C(F)(F)F)[C@H]1C(=O)O[C@H](C#N)C1=CC=CC(OC=2C=CC=CC=2)=C1 ZXQYGBMAQZUVMI-GCMPRSNUSA-N 0.000 description 1
- 230000001939 inductive effect Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000002955 isolation Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000003058 natural language processing Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 230000002787 reinforcement Effects 0.000 description 1
- 238000012954 risk control Methods 0.000 description 1
- 238000013526 transfer learning Methods 0.000 description 1
- 238000012384 transportation and delivery Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/953—Querying, e.g. by the use of web search engines
- G06F16/9535—Search customisation based on user profiles and personalisation
Landscapes
- Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The application discloses a method, a device, equipment and a storage medium for processing information data. The method comprises the following steps: sending the initial characteristic information of the information data to a terminal; receiving first gradient information sent by a terminal, and acquiring a Touchao detection result corresponding to the first gradient information, wherein the first gradient information is used for indicating an update vector for updating initial characteristic information; updating the initial characteristic information based on first gradient information corresponding to the Touche detection result meeting the selection condition to obtain first characteristic information of the information data; and acquiring target characteristic information of the information data based on the first characteristic information, and recommending the information data based on the target characteristic information. In the process, the characteristic information of the information data is updated based on the gradient information corresponding to the trust attack detection result meeting the selection condition, the trust attack of a malicious user can be resisted, the reliability of updating the characteristic information is high, and the accuracy of recommending the information data according to the target characteristic information of the information data is improved.
Description
Technical Field
The embodiment of the application relates to the technical field of computers, in particular to a method, a device, equipment and a storage medium for processing information data.
Background
With the development of computer technology, recommendation systems for intelligently recommending information data (such as information data related to music, information data related to movies, and information data related to shopping items) for users are also continuously developed. In order to protect the private data of the user, the application of the recommendation system based on the federal learning framework (i.e. the federal recommendation system) is more and more widespread.
In the related technology, in the process of processing the information data based on the federal recommendation system, the user terminal sends gradient information which is determined based on local data and is used for updating the characteristics of the information data to the server, the server receives the gradient information sent by each user terminal, then the characteristics of the information data are updated according to all the received gradient information, and appropriate information data are recommended for the user according to the characteristics of the finally obtained information data.
In the course of implementing the present application, the inventors found that the related art has at least the following problems:
in the related art, the server updates the characteristics of the information data according to the received all gradient information, and gradient information with low reliability may exist in the received all gradient information, so that the reliability of the characteristics of the information data updated according to the received all gradient information is poor, and the accuracy of recommending the information data according to the characteristics of the finally obtained information data is low.
Disclosure of Invention
The embodiment of the application provides a method, a device, equipment and a storage medium for processing information data, which can be used for improving the accuracy of recommending the information data. The technical scheme is as follows:
in one aspect, an embodiment of the present application provides a method for processing information data, where the method includes:
sending initial characteristic information of information data to a terminal, wherein the terminal is used for acquiring first gradient information based on local data and the initial characteristic information and returning the first gradient information, and the first gradient information is used for indicating an update vector for updating the initial characteristic information;
receiving first gradient information sent by the terminal, and acquiring a Touch attack detection result corresponding to the first gradient information;
updating the initial characteristic information based on first gradient information corresponding to the Touche detection result meeting the selection condition to obtain first characteristic information of the information data;
and acquiring target characteristic information of the information data based on the first characteristic information, and recommending the information data based on the target characteristic information.
In another aspect, an apparatus for processing information data is provided, the apparatus comprising:
a sending unit, configured to send initial feature information of information data to a terminal, where the terminal is configured to obtain first gradient information based on local data and the initial feature information, and return the first gradient information, where the first gradient information is used to indicate an update vector for updating the initial feature information;
the receiving unit is used for receiving first gradient information sent by the terminal;
a first obtaining unit, configured to obtain a trusting attack detection result corresponding to the first gradient information;
the updating unit is used for updating the initial characteristic information based on first gradient information corresponding to the attack detection result meeting the selection condition to obtain first characteristic information of the information data;
a second obtaining unit, configured to obtain target feature information of the information data based on the first feature information;
and the recommending unit is used for recommending the information data based on the target characteristic information.
In a possible implementation manner, the attack-holding detection result corresponding to the first gradient information is a first result or a second result, where the first result is used to indicate that the first gradient information is normal gradient information, and the second result indicates that the first gradient information is attack-holding gradient information; the attack detection result meeting the selection condition is the first result;
the updating unit is used for calculating average gradient information of first gradient information corresponding to the first result; and updating the initial characteristic information based on the average gradient information, and taking the updated initial characteristic information as the first characteristic information of the information data.
In a possible implementation manner, the second obtaining unit is configured to send the first feature information to the terminal in response to that an update process of the initial feature information does not meet an update termination condition, where the terminal is configured to obtain second gradient information based on local data and the first feature information, and return the second gradient information, where the second gradient information is used to indicate an update vector for updating the first feature information; receiving the second gradient information sent by the terminal; acquiring a Touchi attack detection result corresponding to the second gradient information; updating the first characteristic information based on second gradient information corresponding to the Tooattack detection result meeting the selection condition to obtain second characteristic information of the information data; and acquiring target characteristic information of the information data based on the second characteristic information.
In a possible implementation manner, the second obtaining unit is configured to, in response to that an update process of the initial feature information satisfies an update termination condition, use the first feature information as target feature information of the information data.
In a possible implementation manner, the recommending unit is configured to determine, based on the target feature information, a similarity between preference information data and other information data in the information data except the preference information data, and recommend, to a terminal corresponding to the preference information data, the target information data in the other information data, of which the similarity with the preference information data satisfies a recommendation condition.
In a possible implementation manner, the first obtaining unit is configured to obtain a trusteeship attack detection feature corresponding to the first gradient information, where the trusteeship attack detection feature corresponding to the first gradient information is used to indicate a detection classification result corresponding to the first gradient information; acquiring a detection classification result corresponding to the first gradient information based on the attack detection characteristics corresponding to the first gradient information; and determining a Touchi attack detection result corresponding to the first gradient information based on the detection classification result corresponding to the first gradient information.
In a possible implementation manner, the first obtaining unit is further configured to invoke a target detection classification model to perform detection classification processing on the attack detection features corresponding to the first gradient information, so as to obtain a detection classification result corresponding to the first gradient information; and the target detection classification model is obtained by performing semi-supervised training on the initial detection classification model by using sample gradient information with standard detection classification labels and sample gradient information without the standard detection classification labels.
In another aspect, a computer device is provided, which includes a processor and a memory, where at least one program code is stored in the memory, and the at least one program code is loaded and executed by the processor to implement any one of the above-mentioned information data processing methods.
In another aspect, a computer-readable storage medium is provided, in which at least one program code is stored, and the at least one program code is loaded and executed by a processor to implement any of the above-mentioned information data processing methods.
In another aspect, a computer program product or a computer program is also provided, comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer readable storage medium, and executes the computer instructions, so that the computer device executes any one of the above information data processing methods.
The technical scheme provided by the embodiment of the application at least has the following beneficial effects:
in the embodiment of the application, after receiving the gradient information sent by the terminal, the server first obtains the attack-holding detection results corresponding to each gradient information, and then updates the characteristic information of the information data based on the gradient information corresponding to the attack-holding detection results meeting the selection condition. The reliability of the gradient information corresponding to the trust attack detection result meeting the selection condition is high, and the characteristic information of the updated information data based on the gradient information corresponding to the trust attack detection result meeting the selection condition can resist the trust attack of malicious users, so that the reliability of the characteristic information of the updated information data is high, and the accuracy of recommending the information data according to the finally obtained target characteristic information is improved.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a schematic diagram of an implementation environment of a method for processing information data according to an embodiment of the present disclosure;
FIG. 2 is a flowchart illustrating a method for processing information data according to an embodiment of the present disclosure;
FIG. 3 is a flowchart illustrating a method for obtaining target feature information of information data according to an embodiment of the present disclosure;
FIG. 4 is a schematic diagram illustrating a process for obtaining target feature information of information data according to an embodiment of the present disclosure;
FIG. 5 is a schematic diagram of an information data processing apparatus according to an embodiment of the present application;
fig. 6 is a schematic structural diagram of a server according to an embodiment of the present application.
Detailed Description
To make the objects, technical solutions and advantages of the present application more clear, embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
In order to facilitate understanding of the technical processes of the embodiments of the present application, the following explains the terms referred to in the embodiments of the present application:
federal recommendation system: a recommendation system based on a federated learning framework. Among them, federal learning is a distributed machine learning framework that is popular at present, and the birth of federal learning eliminates the concern that users leak private data when training models. The same or comparable effect as modeling the entire data set together can be achieved without exposing the user's local data. A plurality of terminals can jointly train a machine learning model only by exchanging a series of gradient information with the server. The information data processing method provided by the embodiment of the application is applied to a federal recommendation system.
Fig. 1 is a schematic diagram illustrating an implementation environment of a method for processing information data according to an embodiment of the present application. The implementation environment comprises a federal recommendation system 100, wherein the federal recommendation system 100 comprises a terminal 110 and a server 120.
The terminal 110 is used for locally storing relevant privacy data of the user and maintaining user characteristic information of the local user; the server 120 is configured to maintain feature information of the global information data, where the feature information includes feature sub-information corresponding to the total information data recommended for the user. When the feature information of the information data needs to be updated, the server 120 sends the feature information of the information data needing to be updated to the terminal 110; the terminal 110 acquires gradient information for updating the characteristic information based on the local data and the characteristic information of the received information data, and then transmits the gradient information to the server 120. After receiving the gradient information sent by each terminal 110, the server 120 obtains the trust attack detection result corresponding to the gradient information, updates the feature information of the information data based on the gradient information of which the corresponding trust attack detection result satisfies the selection condition, and then recommends the information data based on the finally obtained feature information.
In one possible implementation, the terminal 110 may be, but is not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, a smart speaker, a smart watch, and the like. The server 120 may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a web service, cloud communication, a middleware service, a domain name service, a security service, a CDN (Content Delivery Network), a big data and artificial intelligence platform. The terminal 110 and the server 120 may be directly or indirectly connected through wired or wireless communication, and the application is not limited thereto.
It should be understood by those skilled in the art that the terminal 110 and the server 120 in the federal recommendation system 100 described above are merely examples, and other existing or future terminals or servers may be included within the scope of the present application, as applicable thereto, and are incorporated herein by reference.
Based on the implementation environment shown in fig. 1, the embodiment of the present application provides a method for processing information data, which is applied to the server 120 in the federal recommendation system 100 as an example. As shown in fig. 2, the method provided by the embodiment of the present application includes the following steps 201 to 204.
In step 201, the initial feature information of the information data is sent to the terminal, and the terminal is configured to obtain first gradient information based on the local data and the initial feature information, and return the first gradient information, where the first gradient information is used to indicate an update vector for updating the initial feature information.
The initial characteristic information is characteristic information that needs to be updated corresponding to the information data, and the initial characteristic information is used for indicating the initial characteristic of the information data. In an exemplary embodiment, the initial characteristic information includes at least one piece of initial characteristic sub-information corresponding to each piece of information data, that is, the initial characteristic information is composed of the initial characteristic sub-information corresponding to each piece of information data. Each of the initial characteristic sub-information is capable of representing an initial characteristic of a piece of information data. The information data refers to the total amount of information data available for recommendation to the user. The embodiment of the present application does not limit the type of the information data, for example, the information data refers to information data related to music, information data related to movies, information data related to shopping products, and the like.
In an exemplary embodiment, the initial feature information is in the form of a matrix, and the initial feature information is also referred to as an initial feature matrix. In this case, each initial feature sub-information refers to a column vector formed by each column element in the initial feature matrix, that is, one column vector formed by each column element in the initial feature matrix can represent the initial feature of one piece of information data. The characteristics of the information data can provide reference for the recommendation service of the information data.
In a possible implementation manner, the initial feature information of the information data is feature information initialized by the server, or feature information obtained after last update of the server, which is not limited in this embodiment of the application.
In a federal recommendation system, a server is used for maintaining characteristic information containing characteristic sub-information of full information data, and the characteristic information is used for representing characteristics of the information data; each terminal is used for locally storing a respective part of user behavior data and maintaining a respective part of user characteristic information so as to ensure the safety of the privacy data of the user. The user characteristic information is used to characterize the characteristics of the user. In an exemplary embodiment, the user feature information is in the form of a matrix, and is also referred to as a user latent matrix, and one column vector formed by each column of elements in the user latent matrix corresponds to one user. Illustratively, for a case where a column vector formed by each column element in the user latent matrix corresponds to a user, the number of rows of the user latent matrix is the same as the number of rows of the feature matrix corresponding to the initial feature information of the information data.
The updating process of the initial characteristic information of the information data needs to be based on the local data of the terminal and the user characteristic information maintained by the terminal, so that the server sends the initial characteristic information of the information data to the terminal when the initial characteristic information of the information data needs to be updated. It should be noted that the terminal herein refers to at least one terminal in the federal recommendation system. In this embodiment of the present application, it is described by taking an example that each terminal corresponds to one user, that is, in this embodiment of the present application, the local data stored in each terminal and the maintained user feature information are obtained based on a network behavior of one user.
It should be noted that the information data is the same for each terminal, and the determination method of the information data in the embodiment of the present application is not limited, for example, the determination method of the information data is as follows: all historical information data which are viewed by users corresponding to all terminals in the federal recommendation system are used as the information data in the embodiment of the application.
After the server sends the initial feature information to the terminal, the terminal can receive the initial feature information. After receiving the initial characteristic information, the terminal acquires first gradient information for updating the initial characteristic information based on the local data and the initial characteristic information, and sends the first gradient information to the server. The first gradient information is used to indicate an update vector that updates the initial feature information.
The local data of the terminal refers to data related to a user corresponding to the terminal, and the local data of the terminal includes, but is not limited to, user behavior data and user characteristic information. User behavior data includes, but is not limited to, user feedback information, user purchase information, user browsing information, user shopping cart information, user click information, user search information, and the like. In a possible implementation manner, the process of the terminal acquiring, based on the local data and the initial feature information of the terminal, the first gradient information for updating the initial feature information is as follows: the terminal updates the user characteristic information maintained by the terminal based on the local user behavior data and the initial characteristic information of the terminal; and calculating first gradient information for updating the initial characteristic information based on the updated user characteristic information and the user behavior data.
In one possible implementation manner, the process of updating the user feature information maintained by the terminal based on the user behavior data and the initial feature information of the terminal by the terminal is as follows: the terminal calculates the prediction scores of the user on each piece of information data based on the user characteristic information and the initial characteristic information; determining the real scores of the users on the information data based on the user behavior data; calculating a loss function based on the prediction score and the true score; and updating the user characteristic information based on the loss function. It should be noted that the updated user feature information may be obtained by updating the user feature information before updating once or multiple times, which is not limited in the embodiment of the present application, and the number of times of updating can be set according to experience or flexibly adjusted according to an application scenario. It should be noted that, in the process of acquiring the first gradient information, different terminals have the same number of updates to the user feature information that is maintained by each terminal, so as to ensure comparability between the first gradient information acquired by the different terminals.
After the terminal obtains the updated user characteristic information, first gradient information used for updating the initial characteristic information is calculated based on the updated user characteristic information and the user behavior data. The first gradient information calculated here is a gradient at which the initial feature information should be updated in consideration of the relevant data of the user corresponding to the terminal. And after the first gradient information is obtained, the terminal sends the first gradient information to the server.
For the case that the federal recommendation system comprises at least one terminal, each terminal acquires first gradient information for updating the initial characteristic information based on respective local data. Since the local data of the terminal refers to data related to a user corresponding to the terminal, the first gradient information obtained by different terminals may be different. After acquiring a first gradient message for updating the initial characteristic message, each terminal sends the acquired first gradient message to the server.
In step 202, first gradient information sent by the terminal is received, and a trust attack detection result corresponding to the first gradient information is obtained.
After the terminal returns the acquired first gradient information used for updating the initial characteristic information to the server, the server receives the first gradient information sent by the terminal. It should be noted that, since each terminal acquires one piece of first gradient information, the number of pieces of first gradient information received by the server here is the same as the number of terminals.
Each terminal corresponds to one user, the federal recommendation system is an open machine learning framework, any terminal can participate in the updating process of the characteristic information of the information data, terminals which attack the users possibly exist in the terminals which participate in the updating process of the characteristic information of the information data, and the user behavior data in the terminals which attack the users are false behavior data, so that adverse effects can be generated on the recommendation effect of the federal recommendation system. The first gradient information sent by the terminal of the attack user deviates from the first gradient information sent by the terminal of the normal user, and the recommendation result of the federal recommendation system can be influenced to a greater extent. Based on this, the server needs to analyze the received first gradient information to determine whether the terminal generating the first gradient information is the terminal of the attack user, and then update the initial characteristic information of the information data based on the first gradient information sent by the terminal of the normal user only, so as to ensure the updating effect of the initial characteristic information of the information data.
In one possible implementation manner, the server analyzes the received first gradient information by: and acquiring a trust attack detection result corresponding to the first gradient information, and further judging whether the terminal generating the first gradient information is the terminal of the trust attack user according to the trust attack detection result. Illustratively, the first gradient information generated by a certain terminal is referred to as the first gradient information corresponding to the user corresponding to the terminal, that is, each piece of the first gradient information corresponds to one user. And if the terminal generating certain first gradient information is the terminal of the attack-supporting user, considering the user corresponding to the first gradient information as the attack-supporting user.
In one possible implementation, there are two possibilities for the attack detection result, the first result and the second result. The first result is used for indicating that the first gradient information is normal gradient information, and the second result is used for indicating that the first gradient information is attack gradient information. If the attack detection result corresponding to a certain first gradient information is a first result, the first gradient information is indicated to be normal gradient information, and at this time, the terminal generating the first gradient information is considered to be a terminal of a normal user, namely, the user corresponding to the first gradient information is considered to be a normal user; if the second result is the trusting attack detection result corresponding to a certain first gradient information, it indicates that the first gradient information is trusting attack gradient information, and at this time, the terminal generating the first gradient information is considered to be the terminal of the trusting attack user, that is, the user corresponding to the first gradient information is considered to be the trusting attack user.
The embodiment of the present application does not limit the manner of obtaining the attack detection result corresponding to the first gradient information. For example, for the case where the trust attack detection result corresponding to the gradient information acquired in advance is already stored, the manner of acquiring the trust attack detection result corresponding to the first gradient information is as follows: and inquiring a trusting attack detection result corresponding to the reference gradient information matched with the first gradient information from the storage, and taking the trusting attack detection result corresponding to the reference gradient information matched with the first gradient information as the trusting attack detection result corresponding to the first gradient information. In an exemplary embodiment, the criteria for determining whether two gradient information match are: and judging whether the two pieces of gradient information are used for updating the same characteristic information or not and the two pieces of gradient information are completely the same. If the two pieces of gradient information are used for updating the same characteristic information and the two pieces of gradient information are completely the same, matching the two pieces of gradient information; if two pieces of gradient information are not used for updating the same feature information or if the two pieces of gradient information are not completely the same, the two pieces of gradient information do not match.
In step 203, the initial feature information is updated based on the first gradient information corresponding to the attack detection result satisfying the selection condition, so as to obtain the first feature information of the information data.
The first gradient information corresponding to the trusteeship attack detection result meeting the selection condition is normal gradient information corresponding to a normal user, and the reliability of updating the initial characteristic information by using the first gradient information corresponding to the trusteeship attack detection result meeting the selection condition is high. The trusteeship attack gradient information corresponding to the trusteeship attack user does not participate in updating the characteristic information, and the accuracy of the characteristic information can be ensured.
Illustratively, for the case that the attack detection result corresponding to the first gradient information is a first result or a second result, the first result is used to indicate that the first gradient information is normal gradient information, the second result is used to indicate that the first gradient information is attack-oriented gradient information, and the attack-oriented detection result meeting the selection condition is the first result, that is, the initial feature information is updated based on the first gradient information corresponding to the first result.
In one possible implementation manner, the initial feature information is updated based on the first gradient information corresponding to the first result, and the first feature information of the information data is obtained by: and calculating average gradient information of the first gradient information corresponding to the first result, updating the initial characteristic information based on the average gradient information, and taking the updated initial characteristic information as the first characteristic information of the information data. Illustratively, the initial feature information is updated based on the first gradient information corresponding to the first result, and the process of using the updated initial feature information as the first feature information of the information data is implemented based on equation 1.
Wherein Q' represents first characteristic information; q represents initial characteristic information; α represents a learning rate; u' represents a set of users corresponding to the first gradient information corresponding to the first result; | U' | represents the number of users corresponding to the first gradient information corresponding to the first result;
any first gradient information corresponding to the first result is represented.
In step 204, target feature information of the information data is obtained based on the first feature information, and the information data is recommended based on the target feature information.
The target characteristic information is the finally updated characteristic information corresponding to the information data. The process of acquiring the target characteristic information is an iteration process, and each iteration is performed once to update the characteristic information acquired last time. The process of obtaining the first feature information of the information data based on the initial feature information may be regarded as a first iteration process, and after the first feature information is obtained, the target feature information of the information data is obtained based on the first feature information. The target characteristic information is used for indicating the characteristics of the information data after final updating, and the target characteristic information can provide data support for the recommendation service of the information data.
In one possible implementation manner, in the process of acquiring the target feature information of the information data based on the first feature information, it is first determined whether the updating process of the initial feature information satisfies the updating termination condition. And responding to the condition that the updating process of the initial characteristic information meets the updating termination condition, directly taking the first characteristic information as the target characteristic information of the information data, and finishing the updating process of the whole characteristic information. And responding to the condition that the updating process of the initial characteristic information does not meet the updating termination condition, continuing to execute the next iteration process until the updating process of the characteristic information meets the updating termination condition, and taking the characteristic information obtained when the updating process of the characteristic information meets the updating termination condition as the target characteristic information.
In one possible implementation manner, the step of updating the initial feature information to satisfy the update termination condition includes: the obtained first characteristic information is converged; or the number of the iterated rounds reaches the target threshold when the first characteristic information is obtained. The target threshold is set empirically or flexibly adjusted according to an application scenario, which is not limited in the embodiment of the present application.
In one possible implementation manner, when the update process of the initial feature information does not satisfy the update termination condition, the process of continuing to execute the next iteration process is as follows: sending the first characteristic information to a terminal, wherein the terminal is used for acquiring second gradient information for updating the first characteristic information based on local data and the first characteristic information, and returning the second gradient information, and the second gradient information is used for indicating an updating vector for updating the first characteristic information; receiving second gradient information sent by the terminal; acquiring a Touchi attack detection result corresponding to the second gradient information; and updating the first characteristic information based on the second gradient information corresponding to the trust attack detection result meeting the selection condition to obtain second characteristic information of the information data. The implementation manner of this process is referred to from step 201 to step 203, and is not described herein again.
After the second characteristic information of the information data is obtained, the server obtains the target characteristic information based on the second characteristic information. In the process of acquiring the target characteristic information based on the second characteristic information, whether the updating process of the characteristic information meets the updating termination condition is also judged, and if the updating process of the characteristic information meets the updating termination condition, the second characteristic information is used as the target characteristic information of the information data. And if the updating process of the characteristic information does not meet the updating termination condition, continuing to execute the next iteration process until the updating process of the characteristic information meets the updating termination condition, and taking the characteristic information obtained when the updating process of the characteristic information meets the updating termination condition as the target characteristic information of the information data.
For example, a flowchart of obtaining target feature information of information data is shown in fig. 3. When the updating process of the initial characteristic information meets the updating termination condition, the first characteristic information is directly used as the target characteristic information of the information data to obtain the target characteristic information of the information data. And when the updating process of the initial characteristic information does not meet the updating termination condition, continuously executing the iteration process based on the characteristic information obtained in the previous iteration process until the updating process of the characteristic information meets the updating termination condition to obtain the target characteristic information of the information data.
It should be noted that, for any iteration process in the iteration process, assuming that the feature information already obtained before the execution of the iteration process is the feature information a, and the feature information obtained after the execution of the iteration process is the feature information B, the condition that the update process of the feature information satisfies the update termination condition means that the update process of the feature information a satisfies the update termination condition. The condition that the updating process of the characteristic information A meets the updating termination condition comprises the following steps: converging the characteristic information B; or the number of iterations when the characteristic information B is obtained reaches the target threshold.
Illustratively, the process of obtaining the target characteristic information of the information data is shown in fig. 4. The process of obtaining the target characteristic information of the information data is an iterative process, taking a first round of iterative process as an example, the first round of iterative process comprises the following 6 steps: 1. the server initializes the characteristic information of the information data to obtain initial characteristic information Q of the information data; 2. the server synchronizes the initial characteristic information Q to each terminal; 3. each terminal updates local user characteristic information P based on respective local data and initial characteristic information QuAnd acquires first gradient information for updating the initial feature information Q
4. Each terminal respectively obtains the first gradient information
Sending the data to a server; 5. the server receives each first gradient information sent by each terminal
Obtaining respective first gradient information
Respectively corresponding trust attack detection results; 6. the server is based on the corresponding trust attack detection result meeting the selection condition
The initial characteristic information Q of the information data is updated. And after the steps 1-6 are executed, returning to the step 1, and continuing to execute the next iteration process until the target characteristic information of the information data is obtained.
In each iteration process, the server can only obtain one gradient information from one terminal, and the aim of the information data isThe target feature information is obtained by updating the feature information obtained after the T (T is an integer not less than 1) round based on the initial feature information, and the server acquires gradient aggregation information from any terminal
Calculated based on equation 2.
Wherein,
representing gradient aggregation information corresponding to the user u, which is obtained from the terminal of the user u in the T-round updating process;
and representing the gradient information corresponding to the user u acquired from the terminal of the user u in the updating process of the t-th round. The contribution of a user to the federal recommendation system is determined by the aggregate gradient information calculated by equation 2. For the trustee attack user, the aggregation gradient information corresponding to the trustee attack user is deviated from the aggregation gradient information corresponding to the normal user, so that the prediction result of the recommendation model is influenced to a greater extent.
And after the target characteristic information of the information data is obtained, recommending the information data based on target characteristic information processing. Recommending the information data based on the target characteristic information refers to recommending the information data which may be interested to the user according to the target characteristic information. The implementation manner of recommending information data based on target feature information processing is related to an application scenario, which is not limited in the embodiment of the present application. Next, an implementation of recommending information data based on target feature information processing will be described.
The implementation mode is as follows: the server determines similarity between the preference information data and other information data except the preference information data in the information data based on the target characteristic information, and recommends the target information data, the similarity between which and the preference information data in the other information data meets recommendation conditions, to the terminal corresponding to the preference information data.
The first implementation mode occurs in an application scenario where the server can know which information data are interested by a certain terminal or users corresponding to certain terminals. In the application scene, the server can determine the similarity between the preference information data and other information data except the preference information data in the information data based on the target characteristic information, and then recommend the target information data of which the similarity between the other information data and the preference information data meets the recommendation condition to the terminal corresponding to the preference information data. It should be noted that the preference information data refers to information data in which a user is interested, and the number of the preference information data is one or more, which is not limited in the embodiment of the present application. The terminal corresponding to the preference information data is a terminal used by a user interested in the preference information data.
When the number of the preference information data is multiple, for any preference information data in the multiple preference information data, determining the similarity between the any preference information data and other information data except the any preference information data in the information data, and recommending the target information data, of which the similarity between the other information data and the any preference information data meets the recommendation condition, to the terminal corresponding to the any preference information data.
Illustratively, the number of the information data is at least one, the target feature information corresponding to the information data is used for indicating the target feature corresponding to each information data, and the similarity between any two information data can be determined based on the target features corresponding to any two information data.
In an exemplary embodiment, the target information data having the similarity with the preference information data satisfying the recommendation condition among the other information data refers to the top m (m is an integer not less than 1) pieces of information data having the greatest similarity with the preference information data among the other information data. The value of m is set empirically or flexibly adjusted according to an application scenario, which is not limited in the embodiments of the present application. Illustratively, if m is 3, the first 3 pieces of information data having the greatest similarity with the preference information data are recommended to the terminal corresponding to the preference information data.
The implementation mode two is as follows: the server sends the target characteristic information to any terminal; and any terminal is used for determining the scores of all the information data based on the target characteristic information and the user characteristic information of the local dimension, and presenting the information data with the scores meeting the conditions to the user.
The target characteristic information is used for indicating the characteristics of each piece of information data, the user characteristic information of the local dimension of the terminal is used for indicating the characteristics of a user corresponding to the terminal, and the terminal can determine the score of each piece of information data based on the target characteristic information and the user characteristic information of the local dimension. Illustratively, the target feature information includes a feature vector of each piece of information data, the user feature information is in the form of a user feature vector, and then, based on the target feature information and the user feature information of the local dimension, the scoring of each piece of information data is determined by: and taking the product of the feature vector of a certain piece of information data included in the target feature information and the user feature vector as the score of the piece of information data.
In an exemplary embodiment, presenting the information data whose score satisfies the condition to the user means presenting the top n (n is an integer not less than 1) pieces of information data whose score is the highest to the user. In an exemplary embodiment, before the information data with the score meeting the condition is presented to the user, the top n pieces of information data with the highest score may be further filtered, and then the information data which is not presented within the latest reference time range in the top n pieces of information data with the highest score is presented to the user. The reference time range is set empirically or flexibly adjusted according to an application scenario, which is not limited in the embodiment of the present application, for example, the reference time range is 24 hours.
Illustratively, a recommendation effect index obtained by processing the information data by using a method provided by the related art (processing mode 1) in the presence of the trusted attack, a recommendation effect index obtained by processing the information data by using the method provided by the embodiment of the present application (processing mode 2) in the presence of the trusted attack, and a recommendation effect index obtained by processing the information data by using the method provided by the embodiment of the present application (processing mode 3) in the absence of the trusted attack are respectively tested based on a Netflix (online movie rental provider) data set, so as to measure the performance influence of the processing method of the information data provided by the embodiment of the present application on the recommendation effect. Illustratively, the recommended effectiveness indicator is a Root Mean Square Error (RMSE) indicator. RMSE is calculated based on equation 3.
Wherein D istestRepresenting a test data set; r isuiThe scoring data represents the truth of the user u to the information data i;
represents the rating data of the user u to the information data i predicted by the recommendation system. The smaller the RMSE, the smaller the gap between the score data representing the truth and the score data predicted, the better the recommendation system will perform.
The results of RMSE testing for the three treatment regimes at different fill ratios are shown in table 1.
TABLE 1
As can be seen from the data in table 1, the RMSE value obtained by processing the information data by using the method provided by the related art in the presence of the trust attack (processing mode 1) is significantly higher than the RMSE value obtained by processing the information data in the absence of the trust attack (processing mode 3), that is, the trust attack user can manipulate the recommendation result of the federal recommendation system by injecting a false rating into the attack item. Compared with the RMSE value (about 1.3) obtained by processing the information data by using the method provided by the related art under the condition of the existence of the trust attack, the RMSE value obtained by processing the information data by using the method provided by the embodiment of the application under the condition of the existence of the trust attack (the processing mode 2) is reduced to about 0.9. The difference between the RMSE value obtained by processing the information data (processing mode 2) with the method provided by the embodiment of the present application in the presence of the trust attack and the RMSE value obtained by processing the information data (processing mode 3) in the absence of the trust attack is only 0.05.
As can be seen from the experimental results shown in table 1 above: according to the method and the device, the trust attack user in the federal recommendation system can be effectively identified, so that the recommendation effect similar to that of an unopened recommendation system can be achieved, namely, the recommendation system is prevented from being attacked by malicious trust under the condition that the recommendation effect is hardly lost.
The federal recommendation system capable of resisting trusting attacks provided by the embodiment of the application can be used as a complete product to be applied to an actual production environment. In the aspect of product use, the federated recommendation system can be satisfied in a plurality of joint recommendation system modeling scenes needing to protect terminal privacy, such as: when a user purchases or browses videos online, the user private data stored in respective terminal equipment is calculated for federal learning, namely, a global recommendation algorithm is trained by multi-party data. Due to the fact that the federal learning distributes the learning process of the recommendation algorithm to each terminal, the operation pressure of the server can be greatly reduced while the privacy of the user is protected.
In the embodiment of the application, after receiving the gradient information sent by the terminal, the server first obtains the attack-holding detection results corresponding to each gradient information, and then updates the characteristic information of the information data based on the gradient information corresponding to the attack-holding detection results meeting the selection condition. The reliability of the gradient information corresponding to the trust attack detection result meeting the selection condition is high, and the characteristic information of the updated information data based on the gradient information corresponding to the trust attack detection result meeting the selection condition can resist the trust attack of malicious users, so that the reliability of the characteristic information of the updated information data is high, and the accuracy of recommending the information data according to the finally obtained target characteristic information is improved.
In an exemplary embodiment, the process of acquiring the detection result of the tray attack corresponding to the first gradient information, which is described in step 202 in the embodiment shown in fig. 2, is implemented based on the following steps 2021 to 2023.
Step 2021: and acquiring the support attack detection characteristics corresponding to the first gradient information, wherein the support attack detection characteristics corresponding to the first gradient information are used for indicating the detection classification result corresponding to the first gradient information.
And the attack-holding detection characteristic corresponding to the first gradient information is used for indicating a detection classification result corresponding to the first gradient information, and the detection classification result corresponding to the first gradient information is a direct basis for determining the attack-holding detection result corresponding to the first gradient information.
In one possible implementation, the trusting attack detection feature corresponding to the first gradient information includes at least one sub-detection feature. It should be noted that the type and the number of the sub detection features included in the attack detection feature corresponding to the first gradient information are flexibly adjusted according to experience setting or according to an application scenario, which is not limited in the embodiment of the present application. The types and the number of the sub detection features included in the attack detection features corresponding to different first gradient information are the same, so that the comparability between different first gradient information is ensured.
In one possible implementation manner, the number of the information data is at least one, and the first gradient information includes gradient sub-information corresponding to at least one information data respectively. That is, the first gradient information is composed of gradient sub-information corresponding to each piece of information data. In an exemplary embodiment, for the case that the initial feature information is in the form of a matrix, the initial feature information is referred to as an initial feature matrix, and the feature sub-information corresponding to each piece of information data is a column vector formed by a column of elements in the initial feature matrix. In this case, the first gradient information is in the form of a gradient matrix having the same dimension as the initial feature matrix. Based on this, each gradient sub-information is a column vector composed of a column of elements in the gradient matrix.
Exemplarily, it is assumed that any first gradient information is the first gradient information sent by the terminal of the user u, that is, any first gradient information is the first gradient information corresponding to the user u.Recording any one of the first gradient information as
By symbols
To represent
Gradient sub-information corresponding to the information data i included in the image data, M (M is an integer not less than 1) represents the total amount of the information data, then
Can be expressed using equation 4.
In one possible implementation manner, the number of the information data is at least one, and the number of the first gradient information sent by the terminal and received by the server is at least one. After receiving the at least one piece of first gradient information sent by the terminal, determining average gradient information and effective gradient quantity respectively corresponding to the at least one piece of information data based on the at least one piece of first gradient information. It should be noted that the average gradient information and the effective gradient amount corresponding to each information data are determined according to all the first gradient information.
In an exemplary embodiment, for any information data in the at least one information data, based on the at least one first gradient information, the average gradient information and the effective gradient number corresponding to the any information data are determined by: determining each effective gradient sub-information corresponding to any information data in at least one first gradient information; the average information of each effective gradient sub-information is used as the average gradient information corresponding to any information data, and the quantity of each effective gradient sub-information is used as the effective gradient quantity corresponding to any information data.
Any information data corresponds to a gradient sub-information in each first gradient information, and in each gradient sub-information corresponding to any information data, both valid gradient sub-information and invalid gradient sub-information may exist. The valid gradient sub-information is gradient sub-information that can contribute to the initial characteristic information of the update information data, and the invalid gradient sub-information is gradient sub-information that cannot contribute to the initial characteristic information of the update information data.
In one possible implementation manner, in each gradient sub-information corresponding to any information data, the gradient sub-information satisfying the valid condition is used as valid gradient sub-information. In an exemplary embodiment, satisfying the validity condition refers to l of the gradient sub information1The norm is greater than 0. Exemplarily, by symbols
First gradient information representing user u
Includes the gradient sub-information corresponding to the information data i if
The gradient sub-information is interpreted
Is the effective gradient sub-information corresponding to the information data i. When in use
Then, it is assumed that the user u has an evaluation on the information data i and has a contribution to updating the initial feature information greater than 0.
It should be noted that the effective gradient sub-information corresponding to different information data in each first gradient information is different. Based on the above manner, the effective gradient sub-information corresponding to each information data in each first gradient information can be respectively determined, and further the average gradient information corresponding to each information data and the effective gradient quantity corresponding to each information data are determined. In an exemplary embodiment, after determining the average gradient information corresponding to each piece of information data and the effective gradient quantity corresponding to each piece of information data, the server records the average gradient information and the effective gradient quantity corresponding to each piece of information data by using the correspondence relationship between the information data and the average gradient information and the effective gradient quantity.
For example, for the information data i, the effective gradient sub-information corresponding to each first gradient information of the information data i refers to the gradient sub-information corresponding to the information data i in the first gradient information corresponding to all users who have evaluated the information data i. The number of valid gradients corresponding to the information data i is used to indicate the number of all users who have evaluated the information data i.
In a possible implementation manner, the number of the first gradient information is at least one, and obtaining the trusting attack detection feature corresponding to the first gradient information refers to obtaining at least one trusting attack detection feature corresponding to each of the first gradient information. The embodiment of the present application takes a process of acquiring a trusting attack detection feature corresponding to any gradient information as an example. Illustratively, the attack detection feature corresponding to any one of the first gradient information includes at least one of an average gradient deviation feature corresponding to any one of the first gradient information, a weighted gradient deviation feature corresponding to any one of the first gradient information, a similarity feature corresponding to any one of the first gradient information, and an information data difference feature corresponding to any one of the first gradient information. Next, the average gradient deviation characteristics corresponding to any one of the first gradient information, the weighted gradient deviation characteristics corresponding to any one of the first gradient information, the similarity characteristics corresponding to any one of the first gradient information, and the information data difference characteristics corresponding to any one of the first gradient information are respectively described.
In one possible implementation manner, the obtaining manner of the average gradient deviation characteristic corresponding to any one of the first gradient information is: determining at least one effective information data corresponding to any one first gradient information in at least one information data; determining the average gradient deviation characteristics corresponding to any first gradient information based on the gradient sub information corresponding to at least one effective information data in any first gradient information, the average gradient information corresponding to at least one effective information data, the effective gradient quantity corresponding to at least one effective information data and the total quantity of at least one effective information data.
In an exemplary embodiment, the at least one valid information datum corresponding to any one of the first gradient information refers to each information datum corresponding to the any one of the first gradient information that is evaluated by the user. In one possible implementation manner, in at least one piece of information data, the process of determining at least one piece of valid information data corresponding to any one of the first gradient information is: and using the information data respectively corresponding to each gradient sub-information meeting the effective condition in any first gradient information as at least one piece of effective information data corresponding to any first gradient information. Since each gradient sub-information satisfying the valid condition corresponds to one information data, the number of valid information data corresponding to any one first gradient information is the same as the number of gradient sub-information satisfying the valid condition in any one first gradient information.
It should be noted that the valid information data corresponding to the first gradient information is determined by the first gradient information itself, and different first gradient information may correspond to the same valid information data or different valid information data. When two different first gradient information correspond to different valid information data, the two first gradient information may correspond to the same or different number of valid information data.
After at least one piece of effective information data corresponding to any one piece of first gradient information is determined, based on gradient sub information corresponding to the at least one piece of effective information data in any one piece of first gradient information, average gradient information corresponding to the at least one piece of effective information data, the number of effective gradients corresponding to the at least one piece of effective information data and the total number of the at least one piece of effective information data, an average gradient deviation characteristic corresponding to any one piece of first gradient information is determined.
The average gradient information corresponding to the at least one effective information data and the effective gradient quantity corresponding to the at least one effective information data are determined based on the at least one first gradient information. In an exemplary embodiment, the average gradient information corresponding to the at least one piece of effective information data and the effective gradient number corresponding to the at least one piece of effective information data can be obtained from the information data-average gradient information-effective gradient number correspondence determined based on the at least one piece of first gradient information. The total amount of the at least one piece of valid information data is used for indicating the amount of the information data evaluated by the user corresponding to any one of the first gradient information.
Illustratively, the process of determining the average gradient deviation characteristics corresponding to any first gradient information is implemented based on formula 5, based on the gradient sub-information corresponding to at least one valid information data in any first gradient information, the average gradient information corresponding to at least one valid information data, the number of valid gradients corresponding to at least one valid information data, and the total number of at least one valid information data.
Wherein, GDMAuRepresenting the average gradient deviation characteristic corresponding to the first gradient information corresponding to the user u; m isuIndicating the total amount of at least one piece of valid information data; n isiRepresenting the effective gradient quantity corresponding to the ith effective information data;
representing the average gradient information corresponding to the ith effective information data;
the gradient sub-information corresponding to the ith effective information data in the first gradient information corresponding to the user u is shown.
In one possible implementation manner, the obtaining manner of the weighted average gradient deviation feature corresponding to any first gradient information is as follows: determining weighted average gradient deviation characteristics corresponding to any first gradient information based on gradient sub information respectively corresponding to at least one piece of effective information data in any first gradient information, average gradient information respectively corresponding to at least one piece of effective information data, effective gradient quantity respectively corresponding to at least one piece of effective information data and total quantity of at least one piece of effective information data. This process may be implemented based on equation 6.
Among them, WGDMAuThe weighted average gradient deviation feature corresponding to the first gradient information corresponding to the user u is shown, and the meanings of other parameters are the same as those in equation 5. WeightingThe mean gradient bias characteristic is a variation of the mean bias characteristic. For any valid information data, if the number of valid gradients corresponding to the valid information data is less, the less the number of users evaluating the valid information data is, the higher the weight occupied by the valid information data is.
In one possible implementation manner, the obtaining manner of the weighted gradient deviation feature corresponding to any first gradient information is as follows: determining weighted gradient deviation characteristics corresponding to any first gradient information based on gradient sub information respectively corresponding to at least one piece of effective information data in any first gradient information, average gradient information respectively corresponding to at least one piece of effective information data and effective gradient quantity respectively corresponding to at least one piece of effective information data. Illustratively, the process of determining the weighted gradient deviation characteristics corresponding to any one of the first gradient information is implemented based on equation 7.
Wherein, WGDAuThe weighted gradient deviation feature corresponding to the first gradient information corresponding to the user u is shown, and the meanings of other parameters are the same as those in equation 5. WGDAuIs characterized in that GDMAuAnother variation of the feature, WGDAuIs characterized in that GDMAuThe molecular portion of the feature.
In one possible implementation manner, the acquisition manner of the similarity feature corresponding to any one of the first gradient information is as follows: taking each first gradient information meeting the similar condition with any first gradient information in the at least one first gradient information as at least one similar gradient information corresponding to any first gradient information; and determining a similarity characteristic corresponding to any first gradient information based on the similarity between at least one similar gradient information and the any first gradient information.
In one possible implementation manner, each first gradient information satisfying the similarity condition refers to the first z (z is an integer not less than 1) first gradient information most similar to any one of the first gradient information. The embodiment of the present application does not limit the way of calculating the similarity between two pieces of first gradient information. For example, two first gradient information are converted into a vector form, and then a cosine similarity between the two vectors is calculated.
Illustratively, first gradient information corresponding to user u
Will be provided with
L of the ith column vector1Norm is expressed as
Information of the first gradient
The corresponding vector is denoted as huThen h isuIs expressed as
Based on the similarity between at least one similar gradient information and any first gradient information, the process of determining the similarity characteristic corresponding to any first gradient information is implemented based on formula 8.
Wherein, DegSimuRepresenting the similarity characteristic corresponding to the first gradient information corresponding to the user u, z representing the total number of similar gradient information, and a Neigh (u, z) function for indicating the first z users most similar to the user u, cos (h)u,hv) Vector h corresponding to first gradient information representing user uuVector h corresponding to first gradient information corresponding to user vvCosine similarity between users, user v is a certain user in the first z users most similar to user u, the distance between any two similar users is similar in the gradient space, and the first gradient information corresponding to user v is a piece of first gradient information corresponding to user uAnd similar gradient information.
It should be noted that formula 8 is an exemplary description for determining a similarity characteristic corresponding to any first gradient information based on a similarity between at least one similar gradient information and any first gradient information, and the embodiment of the present application is not limited thereto. Exemplarily, based on the similarity between the at least one similar gradient information and any one of the first gradient information, the manner of determining the similarity characteristic corresponding to any one of the first gradient information may further be: and taking the sum of the similarity between at least one piece of similar gradient information and any piece of first gradient information as the similarity characteristic corresponding to any piece of first gradient information.
In one possible implementation, the information data difference characteristic corresponding to any one of the first gradient information is obtained by: determining at least one effective information data corresponding to any first gradient information in at least one information data; determining at least one first type information data and at least one second type information data among the at least one valid information data; and determining the information data difference characteristics corresponding to any first gradient information based on the gradient sub information respectively corresponding to at least one piece of first type information data in any first gradient information, the total quantity of at least one piece of first type information data, the gradient sub information respectively corresponding to at least one piece of second type information data in any first gradient information and the total quantity of at least one piece of second type information data.
The first type information data and the second type information data refer to two different types of information data, for example, the first type information data refers to information data which can be attacked by the attack behavior of the user, and the second type information data refers to information data which can be filled by the user. It should be noted that, since the at least one valid information datum corresponds to any one first gradient information, the at least one first type information datum and the at least one second type information datum determined in the at least one valid information datum both correspond to any one first gradient information.
In one possible implementation, the process of determining at least one first type information data and at least one second type information data among the at least one valid information data includes the following steps a to C.
Step A: at least one piece of common target information data is determined among the at least one piece of information data.
The common target information data refers to information data which is easy to attack by trusted users and exists in a federal recommendation system. In one possible implementation manner, among the at least one piece of information data, the manner of determining the at least one piece of common target information data includes, but is not limited to, the following manners a to c.
The method a: determining the gradient dispersion degree corresponding to at least one piece of information data respectively, and taking each piece of information data of which the corresponding gradient dispersion degree meets the reference condition in the at least one piece of information data as at least one piece of common target information data.
In this way, the at least one piece of common target information data refers to each piece of information data in the at least one piece of information data whose corresponding gradient dispersion degree satisfies the reference condition. The gradient dispersion degree corresponding to any information data is used for indicating the dispersion degree between the effective gradient sub-information corresponding to the information data. The embodiment of the present application does not limit the expression of the gradient dispersion degree corresponding to any information data, for example, the expression of the gradient dispersion degree is variance or standard deviation.
The gradient dispersion degree meeting the reference condition is set empirically or flexibly adjusted according to the application scenario, which is not limited in the embodiment of the present application. Illustratively, the gradient dispersion degree satisfying the reference condition means that the gradient dispersion degree is not less than the dispersion degree threshold value, or the gradient dispersion degree satisfying the reference condition means that the gradient dispersion degree is a gradient dispersion degree in which the gradient dispersion degree is large as the top k (k is an integer not less than 1) among the entire gradient dispersion degrees.
In one possible implementation, the process of determining the degree of gradient dispersion corresponding to any information data in the at least one information data includes: and determining the gradient discrete degree corresponding to any information data based on each effective gradient sub-information corresponding to the information data. For example, assuming that the expression form of the gradient dispersion degree is variance, the gradient dispersion degree corresponding to any information data is calculated based on equation 9.
Wherein, VariRepresenting the gradient dispersion degree corresponding to the information data i; n isiThe number of effective gradients corresponding to the information data i is represented, namely the total number of each effective gradient sub-information corresponding to the information data i;
gradient sub-information corresponding to the first gradient information corresponding to the user u representing the information data i;
the average gradient information corresponding to the information data i is represented, namely the average information of each effective gradient sub-information corresponding to the information data i; u shapeiThe set of users corresponding to the first gradient information in which each effective gradient sub-information corresponding to the information data i is located is represented, that is, a set of a series of users scoring the information data i.
It should be noted that, compared with the normal user, the attacking user scores the specific target information data more extremely (extremely high or extremely low), and therefore, when the gradient dispersion degree corresponding to the information data i satisfies the reference condition, it is considered that the information data i is more likely to become the information data which is easy to attack. In this way, all the information data whose corresponding gradient dispersion degree satisfies the reference condition are directly used as at least one piece of common target information data.
Mode b: and determining at least one alternative information data set corresponding to the first gradient information respectively, and using each information data meeting the hit conditions in the at least one information data as at least one common target information data, wherein the hit conditions are met and the hit times in the alternative information data set corresponding to the at least one first gradient information respectively are not less than a time threshold.
The candidate information data set corresponding to any first gradient information is used for indicating the information data set corresponding to the gradient sub-information satisfying the candidate condition in any first gradient information. Gradient sub-information satisfying the alternative condition means l1Norm taking the value of all1Gradient sub information of the first g (g is an integer not less than 1) large value in the norm value. The number of gradient sub information satisfying the candidate condition is g. That is, the candidate information data set corresponding to any one of the first gradient information includes g pieces of information data. The value of g is set empirically or flexibly adjusted according to application requirements, which is not limited in the embodiment of the present application, for example, the value of g is 5.
It should be noted that the number of information data included in the candidate information data sets corresponding to different first gradient information is the same, that is, g pieces of information data are included in the candidate information data sets corresponding to each first gradient information.
And taking each piece of information data meeting the hit condition in at least one piece of information data as at least one piece of common target information data, wherein the condition of meeting the hit condition means that the hit frequency in the candidate information data set respectively corresponding to at least one piece of first gradient information is not less than a frequency threshold value. The number threshold is set according to the total amount of the first gradient information or flexibly adjusted according to an application scenario, which is not limited in the embodiment of the present application.
Generally, the gradient contribution of the vulnerable information data is higher than that of other information data, and the higher the number of hits of an information data in the candidate information data set corresponding to at least one gradient, the higher the gradient contribution of the information data, the more likely the information data is to be the vulnerable information data, and the information data is taken as a piece of common target information data.
In an exemplary embodiment, the number of hits of any information data in the candidate information data set corresponding to each of the at least one first gradient information is calculated based on equation 10.
Wherein, deltaiRepresenting the hit times of the information data i in the candidate information data set respectively corresponding to the at least one first gradient information; n represents the total number of users corresponding to the at least one first gradient information, that is, the total number of the first gradient information; TopG (u, g) represents an alternative information data set corresponding to the first gradient information corresponding to the user u; i (-) denotes an indicator function that takes a value of 1 when the information data I is in TopG (u, g) and takes a value of 0 when the information data I is not in TopG (u, g).
In this way b, each piece of information data satisfying the hit condition is directly used as at least one common target information data.
Mode c: determining gradient dispersion degrees corresponding to at least one piece of information data respectively, and taking each piece of information data of which the corresponding gradient dispersion degrees meet the reference condition in the at least one piece of information data as at least one piece of first target information data; determining alternative information data sets respectively corresponding to at least one piece of first gradient information, and taking each piece of information data meeting the hit conditions in at least one piece of information data as at least one piece of second target information data, wherein the hit conditions are met and the hit times in the alternative information data sets respectively corresponding to at least one piece of first gradient information are not less than a time threshold; each piece of union information data between at least one piece of first object information data and at least one piece of second object information data is used as at least one piece of common object information data.
In this way, the information data of each union between at least one first target information data and at least one second target information data is used as at least one piece of common target information data, wherein the at least one first target information data refers to the information data whose corresponding gradient dispersion degree satisfies the reference condition, and the at least one second target information data refers to the information data satisfying the hit condition. The process of determining at least one piece of first target information data refers to the process of determining at least one piece of common target information data in the mode a, and the process of determining at least one piece of second target information data refers to the process of determining at least one piece of common target information data in the mode b, and details are not repeated here.
The manner of determining at least one piece of common target information data in at least one piece of information data may be any one of the three manners a to c, which is not limited in the embodiments of the present application. It should be noted that the at least one piece of common target information data is information data predicted to be vulnerable to attacks by the attack-prone users, and the at least one piece of common target information data is the same for each piece of first gradient information.
And B: each piece of intersection information data between at least one piece of valid information data and at least one piece of common target information data is used as at least one piece of first type information data.
The at least one piece of effective information data refers to information data which is evaluated by a user and corresponds to any first gradient information, the at least one piece of public target information data refers to information data which is easy to attack, intersection information data between the at least one piece of effective information data and the at least one piece of public target information data are information data which are possibly attacked by the user and correspond to any first gradient information, the information data are used as first type information data, and therefore at least one piece of first type information data corresponding to any first gradient information is obtained.
And C: using each other information data except the at least one first type information data in the at least one valid information data as at least one second type information data.
After determining at least one piece of first type information data, using each piece of information data remaining in at least one piece of valid information data as at least one piece of second type information data corresponding to any one piece of first gradient information. The second type information data is information data that can be filled by a user corresponding to any one of the first gradient information.
Illustratively, at least one piece of common object information data is marked as MT. Recording at least one effective information data corresponding to the first gradient information corresponding to the user u as MuThen the first gradient information corresponding to the user u corresponds toAt least one piece of first type information data is Mu,T=Mu∩MTThe at least one piece of second type information data corresponding to the first gradient information corresponding to the user u is Mu,F=Mu-Mu,T。
After at least one piece of first type information data and at least one piece of second type information data are determined, based on gradient sub information respectively corresponding to the at least one piece of first type information data in any first gradient information, the total quantity of the at least one piece of first type information data, gradient sub information respectively corresponding to the at least one piece of second type information data in any first gradient information and the quantity of the at least one piece of second type information data, information data difference characteristics corresponding to any first gradient information are determined. For example, the information data difference characteristic corresponding to any one of the first gradient information is calculated based on formula 11.
Wherein, FMTDuRepresenting the information data difference characteristics corresponding to the first gradient information corresponding to the user u; i represents at least one piece of information data M of a first typeu,TOne piece of information data; i' represents at least one piece of information data M of the second typeu,FOne piece of information data; i Mu,TI represents at least one piece of information data M of a first typeu,TThe total number of (c); i Mu,FI represents at least one piece of information data M of the second typeu,FThe total number of (c);
representing at least one piece of information data M of a first typeu,TGradient sub-information corresponding to the information data i in the first gradient information corresponding to the user u;
representing at least one piece of information data M of a second typeu,TGradient sub-information corresponding to the first gradient information corresponding to the user u in the information data i。
The information data difference characteristic is used to measure the difference in gradient between the potentially offensive information data and the potentially filler information data. For the attacking user, if the attacking information data is to obtain more gradient contributions, the score of the attacking information data needs to be set to be extremely high or extremely low, and the score of the filling information data needs to be set to be similar to the score of the normal user. Information data difference feature utilization2The norm measures the difference between the average gradient of the potential attack information data and the average gradient of the potential fill information data. When FMTDuWhen the value is larger, the user u has higher probability to be a trusting attack user, that is, the first gradient information corresponding to the user u has higher probability to be trusting attack gradient information.
In an exemplary embodiment, the type of the sub detection feature that the trusting attack detection feature should include is preset, and then the trusting attack detection feature corresponding to any one of the first gradient information is acquired according to the preset type. Illustratively, the sub-detection-feature types that the attacks detection-feature should include at least one of an average gradient deviation-feature, a weighted gradient deviation-feature, a similarity-feature and an information-data-difference-feature. It should be noted that the attacks detection features including the same type of sub-detection features are obtained for different first gradient information.
Step 2022: and acquiring a detection classification result corresponding to the first gradient information based on the attack detection characteristics corresponding to the first gradient information.
In one possible implementation manner, the detection classification result corresponding to the first gradient information includes probability values corresponding to the respective reference classes. The reference category is set empirically or flexibly adjusted according to an application scenario, which is not limited in the embodiments of the present application. Assuming that the number of reference classes is C, the set of individual reference classes is denoted as C ═ C1,C2,…,CcIn which C is1,C2And CcEach representing a different reference category.
In an exemplary embodiment, the reference categories include a normal category and at least one trusting attack category. The trusteeship attack category is determined according to the trusteeship attack type, the number of the trusteeship attack categories may be one or more, and the embodiment of the application does not limit the number. Illustratively, in the field of trust attacks, trust attack models that score the fill information data based on different a priori knowledge include, but are not limited to, UF (Uniform Filler Model, a Model based on blind attacks), RF (Random Filler Model, a Model based on Random attacks), and AF (Average Filler Model, a Model based on mean attacks). In this case, the trusted attack categories include, but are not limited to, blind attack categories, random attack categories, and average attack categories.
In an exemplary embodiment, the normal class and the at least one trusting attack class may each be represented by an identifier symbol, e.g., the normal class is represented by an identifier symbol N, the average attack class is represented by an identifier symbol AF, the random attack class is represented by an identifier symbol RF, and the blind attack class is represented by UF. In this case, the set of reference classes is denoted as C ═ N, AF, RF, UF.
In one possible implementation manner, based on the attack detection feature corresponding to the first gradient information, the implementation manner of obtaining the detection classification result corresponding to the first gradient information is as follows: and calling a target detection classification model to perform detection classification processing on the attack detection characteristics corresponding to the first gradient information to obtain a detection classification result corresponding to the first gradient information. The target detection classification model is obtained by performing semi-supervised training by using sample gradient information with standard detection classification labels and sample gradient information without the standard detection classification labels.
The target detection classification processing model is used for predicting a detection classification result corresponding to the first gradient information according to the attack detection characteristics corresponding to the first gradient information. After the attack-holding detection features corresponding to the first gradient information are obtained, a target detection classification model is called to carry out detection classification processing on the attack-holding detection features corresponding to the first gradient information so as to obtain a detection classification result corresponding to the first gradient information.
And the target detection classification model is obtained by performing semi-supervised training by utilizing a sample gradient information set with a standard detection classification label and a sample gradient information set without the standard detection classification label. That is, before obtaining the detection classification result corresponding to the first gradient information based on step 2022, the initial detection classification model needs to be semi-supervised trained by using the sample gradient information set with the standard detection classification label and the sample gradient information set without the standard detection classification label to obtain the target detection classification model.
In a possible implementation manner, the process of training to obtain the target detection classification model may be an offline process, and does not affect the process of obtaining the challenge detection result corresponding to the first gradient information online. In another possible implementation manner, the target detection classification model may also be obtained in a training manner when a false attack detection result corresponding to the first gradient information needs to be obtained.
For example, the process of training to obtain the target detection classification model may be executed in a server or any terminal, which is not limited in this application embodiment, and the process of training to obtain the target detection classification model is executed by the server as an example. It should be noted that the process of training to obtain the target detection classification model may be performed before the step 2021 is performed, or may be performed after the step 2021 is performed, which is not limited in this embodiment of the application.
Illustratively, the process of performing semi-supervised training on the initial detection classification model by using the sample gradient information set with the standard detection classification label and the sample gradient information set without the standard classification label to obtain the target detection classification model comprises the following steps a to d.
Step a: and acquiring the first sample gradient information, the standard detection classification label corresponding to the first sample gradient information and the second sample gradient information.
The first sample gradient information is a training sample with a standard detection classification label, and the second sample gradient information is a training sample without the standard detection classification label. The number of first sample gradient information is at least one, and the number of second sample gradient information is also at least one. The standard detection classification label is used for indicating a standard class corresponding to the first sample gradient information. In an exemplary embodiment, each of the first sample gradient information includes first sample gradient information whose corresponding standard detection classification label is a normal class and first sample gradient information whose corresponding standard detection classification label is a certain attacks class, so as to enhance generalization capability of the detection classification model.
In an exemplary embodiment, the first sample gradient information refers to gradient information modeled from a priori knowledge. Each first sample gradient information corresponds to a virtual user. The first sample gradient information comprises first sample gradient information with a corresponding standard detection classification label as a normal class and first sample gradient information with a corresponding standard detection classification label as a certain attack class, the user corresponding to the first sample gradient information with a corresponding standard detection classification label as a normal class is a normal user, and the user corresponding to the first sample gradient information with a corresponding standard detection classification label as a certain attack class is a attack-from-support user, so the virtual user corresponding to the first sample gradient information comprises a normal user and a attack-from-support user.
In an exemplary embodiment, the second sample gradient information without the standard detection classification label refers to true gradient information. Each second sample gradient information corresponds to a real user, and the real users corresponding to the second sample gradient information may also include normal users and trusted attack users. Since the standard detection classification labels of the second sample gradient information are unknown, the standard classes corresponding to the second sample gradient information cannot be determined.
Illustratively, the first sample gradient information and the second sample gradient information are both gradient information used for updating the same sample feature information to ensure the reliability of the training process of the detection classification model.
Step b: and acquiring the trusteeship attack detection characteristic corresponding to the first sample gradient information and the trusteeship attack detection characteristic corresponding to the second sample gradient information.
The process of implementing step b refers to the process of obtaining the attack detection feature corresponding to any one of the first gradient information introduced in step 2021, and details thereof are not repeated here. It should be noted that the type and the number of the sub detection features included in the trusting attack detection feature corresponding to the first sample gradient information are the same as the number and the type of the sub detection features included in the trusting attack detection feature corresponding to the second sample gradient information, so as to improve the training effect of the detection classification model.
For example, the number of sub detection features included in the attack detection feature corresponding to the first sample gradient information and the number of sub detection features included in the attack detection feature corresponding to the second sample gradient information are both 5, and the 5 sub detection features are an average gradient deviation feature, a weighted gradient deviation feature, a similarity feature and an information data difference feature. It should be further noted that the type and the number of the sub detection features included in the attack detection feature corresponding to any sample gradient information (any first sample gradient information or any second sample gradient information) are the same as the type and the number of the sub detection features included in the attack detection feature corresponding to each first gradient information acquired in the process of acquiring the attack detection result corresponding to the first gradient information, so as to ensure the detection classification effect of the detection classification model.
Step c: training the initial detection classification model based on the support attack detection characteristics corresponding to the first sample gradient information and the standard detection classification labels corresponding to the first sample gradient information to obtain a first detection classification model.
Training the initial detection classification model to obtain a first detection classification model, namely a supervision training process, calling the initial detection classification model to perform detection classification processing on the attack detection characteristics corresponding to the first sample gradient information to obtain a prediction detection classification result corresponding to the first sample gradient information, then calculating a supervision loss function based on the prediction detection classification result corresponding to the first sample gradient information and a standard detection classification label corresponding to the first sample gradient information, and reversely updating the parameters of the initial detection classification model by using the supervision loss function; and (5) iteratively executing the process until a supervision training termination condition is met, and obtaining a first detection classification model.
Illustratively, satisfying the supervised training termination condition includes, but is not limited to, any of the following cases 1 to 3.
In case 1, the iterative training number reaches the training number threshold.
The training time threshold may be set empirically, or may be flexibly adjusted according to an application scenario, which is not limited in the embodiment of the present application.
Case 2, the supervised loss function is less than the loss threshold.
The loss threshold may be set empirically, or may be flexibly adjusted according to an application scenario, which is not limited in the embodiment of the present application.
Case 3, supervision loss function convergence.
The convergence of the supervision loss function means that the fluctuation range of the supervision loss function is within a reference range in the training result of the reference times as the number of iterative training times increases. For example, assume a reference range of-10-3~10-3Assume that the reference number is 10. If the fluctuation range of the supervision loss function is-10 in 10 times of iterative training results-3~10-3And (4) considering the convergence of the supervision loss function.
When any one of the three conditions is met, the supervision training termination condition is considered to be met, and a first detection classification model is obtained. The first detection classification model is obtained by training the Tooattack detection characteristics corresponding to the first sample gradient information with the standard detection classification label, so that the first detection classification model has the capability of preliminarily detecting and classifying the Tooattack detection characteristics corresponding to the second sample gradient information without the standard detection classification label.
It should be noted that, in the embodiment of the present application, the structure of the detection classification model is not limited, and the detection classification model is, for example, a naive bayes classifier.
Step d: and acquiring a target detection classification model based on the first detection classification model, the support attack detection characteristic corresponding to the second sample gradient information, the support attack detection characteristic corresponding to the first sample gradient information and the standard detection classification label corresponding to the first sample gradient information.
In one possible implementation, the implementation of step d includes the following steps d-1 to d-3.
Step d-1: and calling a first detection classification model to perform detection classification processing on the attack detection characteristics corresponding to the second sample gradient information to obtain a first prediction detection classification result corresponding to the second sample gradient information.
The first detection classification model has the capability of preliminarily detecting and classifying the attack detection characteristics corresponding to the sample gradient information of the standard-free detection classification label, and the first detection classification model is called to detect and classify the attack detection characteristics corresponding to the second sample gradient information of the standard-free detection classification label, so that a first prediction detection classification result corresponding to the second sample gradient information can be obtained.
Step d-2: and updating the parameters of the first detection classification model based on the support attack detection characteristics corresponding to the second sample gradient information, the first prediction detection classification result corresponding to the second sample gradient information, the support attack detection characteristics corresponding to the first sample gradient information and the standard detection classification label corresponding to the first sample gradient information to obtain the first detection classification model after the parameters are updated.
In one possible implementation manner, based on the trusting attack detection feature corresponding to the second sample gradient information, the first prediction detection classification result corresponding to the second sample gradient information, the trusting attack detection feature corresponding to the first sample gradient information, and the standard detection classification label corresponding to the first sample gradient information, the process of updating the parameter of the first detection classification model is as follows: determining a first prediction detection classification label corresponding to the second sample gradient information based on a first prediction detection classification result corresponding to the second sample gradient information; and updating the parameters of the first detection classification model based on the trusting attack detection characteristic corresponding to the second sample gradient information, the first prediction detection classification label corresponding to the second sample gradient information, the trusting attack detection characteristic corresponding to the first sample gradient information and the standard detection classification label corresponding to the first sample gradient information.
In a possible implementation manner, the first prediction detection classification result corresponding to any one of the second sample gradient information includes probability values corresponding to the reference classes, and based on the first prediction detection classification result corresponding to any one of the second sample gradient information, the manner of determining the first prediction detection classification label corresponding to the any one of the second sample gradient information is as follows: and taking the reference category corresponding to the maximum probability value in the first prediction detection classification result corresponding to any one second sample gradient information as a first prediction detection classification label corresponding to any one second sample gradient information.
In an exemplary embodiment, in the process of updating the parameters of the first detection classification model, the objective function according to is the log-likelihood function of the training sample set D under the parameter θ shown in equation 12.
Wherein, ΛuIs expressed as shown in equation 13:
in the above equation 12, lλ(D | theta) represents the log-likelihood function of the training sample set D under the parameter theta; d represents the entire training sample set (including the set of first sample gradient information and the set of second sample gradient information); theta represents a parameter of the detection classification model; x is the number ofuRepresenting the Touchao detection characteristics corresponding to any sample gradient information; dURepresenting a set of training samples without standard detection classification labels in the training sample set D, namely a second sample gradient information set; x is the number ofu∈DURepresenting the Toho attack detection feature xuCorresponding sample gradient information is DUOne sample gradient information of; dCjIndicates a standard detection classification label as CjThe value of j is 1-c, and c refers to the category of the standard detection classification labelThe number of the cells. The training sample set D may be represented as a union of the sets. In an exemplary embodiment, C has a value of 4, C1Refers to the normal class N, C2Refers to the average attack category AF, C3Refers to the random attack class RF, C4Refers to the blind attack category UF, where D ═ DU∪DN∪DAF∪DRF∪DUF。
λ represents a weight for balancing the influence of the first sample gradient information with the normalized detection class label and the second sample gradient information without the normalized detection class label on the objective function. For example, λ is any value from 0 to 1 to reduce the influence of the gradient information of the second sample of the non-standard detection classification tag on the objective function, and the value of λ may be set empirically or may be flexibly adjusted according to actual conditions, which is not limited in the embodiment of the present application.
p(xu| θ) represents the attack detection feature x corresponding to any sample gradient informationuConditional probability, p (x), at parameter θu| θ) is calculated based on equation 14.
Wherein, P (C)j) Represents class CjThe P (C) can be calculated according to the detection classification labels corresponding to the sample gradient information (the standard detection classification label corresponding to the first sample gradient information and the prediction detection classification label corresponding to the second sample gradient information)j)。P(Cj) The condition indicated by equation 15 is satisfied.
P (x) in equation 14u|Cj;θj) Representing the corresponding Tooto attack detection characteristic x of any sample gradient informationuAt the parameter thetajLower sum class CjConditional probability of, p (x)u|Cj;θj) Calculated based on equation 16.
Y represents the number of sub-detection features included in the attack detection features corresponding to any sample gradient information; p (x)uy|Cj;θj) Representing the corresponding Tooto attack detection characteristic x of any sample gradient informationuThe y-th sub-detection feature x in (1)uyAt the parameter thetajAnd class CjA conditional probability of; thetajRefers to detecting class C in the parameters of the classification modeljCorresponding parameter, θjThe relationship to θ is:
θjis shown as
μjyIs shown in category CjExpected value, σ, of normal distribution corresponding to the lower y-th sub-detection featurejyIs shown in category CjThe lower y-th sub-detection feature corresponds to the standard deviation of the normal distribution. In equation 16 above, it is assumed that the conditional probability of each sub-detection feature in the trusting attack detection feature is independent and follows a normal distribution.
In one possible implementation manner, the process of updating the parameters of the first detection classification model is as follows: calculating a log-likelihood function l related to the parameter theta according to the above formulas 12 to 16 based on the trusteeship attack detection feature corresponding to the second sample gradient information, the first prediction detection classification result corresponding to the second classification sample, the trusteeship attack detection feature corresponding to the first sample gradient information, and the standard detection classification label corresponding to the first sample gradient informationλ(D | θ), get lλWhen the (D | theta) takes the maximum value, the parameter theta is usedλAnd (D | theta) replacing the original parameter of the first detection classification model by the parameter theta when the maximum value is taken, so that the process of updating the parameter of the first detection classification model is realized. Examples of the inventionCharacteristically, getλThe process of the parameter θ when (D | θ) takes the maximum value is implemented based on equation 17.
Updating the parameters of the first detection classification model based on the step d-2 to obtain the first detection classification model after the parameters are updated, judging whether the model acquisition termination condition is met, and executing the step d-3 in response to the condition that the model acquisition termination condition is not met; and d, taking the first detection classification model obtained in the step d-2 after the parameters are updated as a target detection classification model in response to the condition that the model acquisition termination condition is met.
In one possible implementation, satisfying the model acquisition termination condition refers to convergence of parameters of the first detection classification model. The parameter convergence of the first detection classification model means that the fluctuation range of the parameter of the first detection classification model is within a specified range in the update result of the specified number of times as the number of iterative updates increases. For example, assume that the specified range is-10-3~10-3Assume that the specified number of times is 5. If the parameters of the first detection classification model are in the fluctuation range of-10 in the 5 iteration updating results-3~10-3And considering the parameters of the first detection classification model to be converged. In another possible implementation manner, the satisfaction of the model acquisition termination condition means that the number of updates of the parameter of the first detection classification model reaches a specified threshold. The specified times, the specified range and the specified threshold are all set according to experience or flexibly adjusted according to an application scenario, which is not limited in the embodiment of the present application.
Step d-3: and in response to the condition that the model acquisition termination condition is not met, updating the parameters of the first detection classification model after the parameters are updated again based on the support attack detection feature corresponding to the second sample information, the support attack detection feature corresponding to the first sample information and the standard detection classification label corresponding to the first sample information until the model acquisition termination condition is met, and taking the first detection classification model obtained when the model acquisition termination condition is met as the target detection classification model.
And when the model acquisition termination condition is not met, indicating that the parameters of the first detection classification model need to be continuously updated. The update process continues as follows: and updating the parameters of the first detection classification model after the parameters are updated again based on the trusting attack detection characteristics corresponding to the second sample information, the trusting attack detection characteristics corresponding to the first sample information and the standard detection classification labels corresponding to the first sample information. The implementation manner of the process is referred to the implementation manners described in step d-1 and step d-2, and is not described in detail here.
And when the model acquisition termination condition is not met, iteratively updating parameters of the first detection classification model until the model acquisition termination condition is met, and taking the first detection classification model obtained when the model acquisition termination condition is met as a target detection classification model. Thus, a target detection classification model is obtained.
In an exemplary embodiment, the process of iteratively updating the parameters of the first detection classification model based on the steps d-1 to d-3 refers to a process of solving equation 17 using an EM (Expectation-Maximization) algorithm. The process of solving the formula 17 by using the EM algorithm is an iterative process, and every time the parameter θ is updated, a new predictive detection classification label corresponding to the second sample gradient information is obtained by using the detection classification model corresponding to the updated parameter, and then the parameter θ is updated again based on the toboggan detection feature corresponding to the second sample gradient information, the new predictive detection classification label corresponding to the second sample gradient information, the toboggan detection feature corresponding to the first sample gradient information, and the standard detection classification label corresponding to the first sample gradient information, and so on until the parameter θ converges, the converged parameter θ is taken as the finally iterated parameter θ
Will have parameters
As a target detection classification model.
In the process of obtaining the target detection classification model, the first sample gradient information with the standard detection classification label and the second sample gradient information without the standard detection classification label are utilized, so that the whole process of obtaining the target detection classification model is a semi-supervised training process. That is, the target detection classification model is obtained by performing semi-supervised training on the initial classification model by using sample gradient information with standard detection classification labels and sample gradient information without standard classification labels.
And calling a target detection classification model to perform detection classification processing on the attack detection characteristics corresponding to any first gradient information, so as to obtain a detection classification result corresponding to any first gradient information. Assuming that the parameters of the object detection classification model are
Suppose that the Tooattack detection characteristic corresponding to any first gradient information is XuThen calling the object detection classification model to obtain XuBelong to class CjProbability value of (2)
Assuming that the reference categories include a normal category N, an average attack category AF, a random attack category RF, and a blind attack category UF, the trusting attack detection characteristic corresponding to any first gradient information is XuIn the case of (1), the detection classification result corresponding to any one of the first gradient information includes 4 probability values, which are respectively
And
step 2023: and determining a Touchi attack detection result corresponding to the first gradient information based on the detection classification result corresponding to the first gradient information.
And the detection classification result corresponding to the first gradient information is used for providing data reference for determining the attack detection result corresponding to the first gradient information. The embodiment of the application does not limit the expression form of the detection classification result corresponding to the first gradient information, and under the detection classification results of different expression forms, the mode for determining the attack detection result corresponding to the first gradient information is different based on the detection classification result corresponding to the first gradient information.
In an exemplary embodiment, the detection classification result corresponding to the first gradient information is represented by a classification result, that is, the detection result corresponding to the first gradient information includes a probability value that the first gradient information is normal gradient information and a probability value that the first gradient information is attack gradient information. In this case, based on the detection classification result corresponding to the first gradient information, the method for determining the tarry attack detection result corresponding to the first gradient information is as follows: responding to a detection classification result corresponding to the first gradient information, wherein the probability value that the first gradient information is normal gradient information is not smaller than the probability value that the first gradient information is attack-supporting gradient information, and taking a first result as an attack-supporting detection result corresponding to the first gradient information; and in response to that the detection classification result corresponding to the first gradient information indicates that the probability value that the first gradient information is normal gradient information is smaller than the probability value that the first gradient information is attack-supporting gradient information, taking the second result as the attack-supporting detection result corresponding to the first gradient information. The first result is used for indicating that the first gradient information is normal gradient information, and the second result is used for indicating that the first gradient information is attack gradient information.
In another exemplary embodiment, for a case that the detection classification result corresponding to the first gradient information is represented by a probability value corresponding to each reference category, and the reference categories include a normal category and at least one attacks category, the detection classification result corresponding to the first gradient information includes a probability value corresponding to the normal category and a probability value corresponding to the at least one attacks category. In this case, based on the detection classification result corresponding to the first gradient information, the method for determining the tarry attack detection result corresponding to the first gradient information is as follows: in response to that the sum of the probability values corresponding to at least one trusting attack category is not greater than the probability value corresponding to the normal category, taking a first result as a trusting attack detection result corresponding to the first gradient information, wherein the first result is used for indicating that the first gradient information is normal gradient information; and in response to the fact that the sum of the probability values corresponding to at least one trusting attack category is larger than the probability value corresponding to the normal category, taking the second result as a trusting attack detection result corresponding to the first gradient information, wherein the second result is used for indicating that the first gradient information is trusting attack gradient information.
If the sum of the probability values corresponding to the respective trust attack categories is not greater than the probability value corresponding to the normal category, taking a first result indicating that the first gradient information is the normal gradient information as a trust attack detection result corresponding to the first gradient information, and at this time, indicating that the user corresponding to the first gradient information is a normal user. And if the sum of the probability values corresponding to the different kinds of trust attacks is greater than the probability value corresponding to the normal kind, taking a second result for indicating that the first gradient information is the trust attack gradient information as a trust attack detection result corresponding to the first gradient information, and at this moment, indicating that the user corresponding to the first gradient information is a trust attack user.
Exemplarily, assuming that the normal class is N, the number of the attack classes is 3, the classes are respectively an average attack class AF, a random attack class RF and a blind attack class UF, and the parameters of the target detection classification model are
The first gradient information corresponds to the Touch attack detection characteristic XuThen sum of probability values corresponding to each of the attack categories
Calculated based on equation 18.
By using
Indicating the probability value corresponding to the normal category if
Considering that the first gradient information is the trust attack gradient information, and the user corresponding to the first gradient information is the trust attack user; if it is
And the first gradient information is considered as normal gradient information, and the user corresponding to the first gradient information is a normal user.
Illustratively, when the trust attack detection result corresponding to the first gradient information is a first result, it is indicated that the user corresponding to the first gradient information is a normal user, and the security of the federal recommendation system is not substantially damaged by updating the initial feature information by using the first gradient information. When the trust attack detection result corresponding to the first gradient information is the second result, it is indicated that the user corresponding to the first gradient information is the trust attack user, and the updating of the initial characteristic information by using any one first gradient information is most likely to damage the security of the federal recommendation system.
Illustratively, the number of the first gradient information is at least one, and the above steps 2021 to 2023 only describe the process of obtaining the toboggan attack detection result corresponding to one first gradient information from the perspective of the first gradient information. According to the above-mentioned manner from step 2021 to step 2023, the respective toss attack detection results corresponding to at least one first gradient information can be obtained. In a possible implementation manner, after the attack-holding detection result corresponding to each first gradient information is obtained, the attack-holding detection result corresponding to each first gradient information is stored, so that the attack-holding detection result corresponding to the first gradient information is directly queried subsequently. In an exemplary embodiment, when the trust attack detection result corresponding to each gradient information is stored, the first gradient information, the initial characteristic information and the trust attack detection result are stored correspondingly.
Aiming at gradient information transmitted by a federal recommendation system in a communication process, the method and the device creatively design the trusting attack detection characteristic comprising one or more sub detection characteristics for realizing the trusting attack detection on the gradient information. A naive Bayes classifier is trained in a semi-supervised training mode by utilizing the trusteeship attack detection characteristics corresponding to the sample gradient information, and the trusteeship attack behavior in the federal recommendation system can be effectively identified. In the updating iteration process of the recommendation algorithm, gradient information corresponding to the attack-supporting user can be filtered out based on the embedded naive Bayesian classifier, so that a recommendation effect similar to that of an original non-attacked recommendation system can be achieved.
In an exemplary embodiment, the information data processing method provided by the embodiment of the application relates to the field of artificial intelligence. Artificial intelligence is a theory, method, technique and application system that uses a digital computer or a machine controlled by a digital computer to simulate, extend and expand human intelligence, perceive the environment, acquire knowledge and use the knowledge to obtain the best results. In other words, artificial intelligence is a comprehensive technique of computer science that attempts to understand the essence of intelligence and produce a new intelligent machine that can react in a manner similar to human intelligence. Artificial intelligence is the research of the design principle and the realization method of various intelligent machines, so that the machines have the functions of perception, reasoning and decision making.
The artificial intelligence technology is a comprehensive subject and relates to the field of extensive technology, namely the technology of a hardware level and the technology of a software level. The artificial intelligence infrastructure generally includes technologies such as sensors, dedicated artificial intelligence chips, cloud computing, distributed storage, big data processing technologies, operation/interaction systems, mechatronics, and the like. The artificial intelligence software technology mainly comprises a computer vision technology, a voice processing technology, a natural language processing technology, machine learning/deep learning and the like.
The machine learning is a multi-field cross subject and relates to a plurality of subjects such as probability theory, statistics, approximation theory, convex analysis and algorithm complexity theory. The special research on how a computer simulates or realizes the learning behavior of human beings so as to acquire new knowledge or skills and reorganize the existing knowledge structure to continuously improve the performance of the computer. Machine learning is the core of artificial intelligence, is the fundamental approach for computers to have intelligence, and is applied to all fields of artificial intelligence. Machine learning and deep learning generally include techniques such as artificial neural networks, belief networks, reinforcement learning, transfer learning, inductive learning, and teaching learning.
With the research and progress of artificial intelligence technology, the artificial intelligence technology is developed and applied in a plurality of fields, such as common smart homes, smart wearable devices, virtual assistants, smart speakers, smart marketing, unmanned driving, automatic driving, unmanned aerial vehicles, robots, smart medical care, smart customer service, and the like.
In an exemplary embodiment, the federated recommendation system may be deployed in the cloud, that is, the federated recommendation system may be implemented based on cloud technology. Cloud technology refers to a hosting technology for unifying serial resources such as hardware, software, network and the like in a wide area network or a local area network to realize calculation, storage, processing and sharing of data.
The cloud technology is based on the general names of network technology, information technology, integration technology, management platform technology, application technology and the like applied in the cloud computing business model, can form a resource pool, is used as required, and is flexible and convenient. Cloud computing technology will become an important support. Background services of the technical network system require a large amount of computing and storage resources, such as video websites, picture-like websites and more web portals. With the high development and application of the internet industry, each article may have its own identification mark and needs to be transmitted to a background system for logic processing, data in different levels are processed separately, and various industrial data need strong system background support and can only be realized through cloud computing.
Illustratively, the security of the federal recommendation system can be improved by acquiring the trust attack detection result corresponding to the gradient information and then updating the characteristic information based on the gradient information corresponding to the trust attack detection result meeting the selection condition. For the condition that the federal recommendation system is deployed at the cloud end, the improvement of the safety of the federal recommendation system relates to the field of cloud safety in cloud technology. Cloud Security (Cloud Security) refers to a generic term for Security software, hardware, users, organizations, secure Cloud platforms for Cloud-based business model applications. The cloud security integrates emerging technologies and concepts such as parallel processing, grid computing and unknown virus behavior judgment, abnormal monitoring of software behaviors in the network is achieved through a large number of meshed clients, the latest information of trojans and malicious programs in the internet is obtained and sent to the server for automatic analysis and processing, and then the virus and trojan solution is distributed to each client.
The main research directions of cloud security include: 1. the cloud computing security mainly researches how to guarantee the security of the cloud and various applications on the cloud, including the security of a cloud computer system, the secure storage and isolation of user data, user access authentication, information transmission security, network attack protection, compliance audit and the like; 2. the cloud of the security infrastructure mainly researches how to adopt cloud computing to newly build and integrate security infrastructure resources and optimize a security protection mechanism, and comprises the steps of constructing a super-large-scale security event and an information acquisition and processing platform through a cloud computing technology, realizing the acquisition and correlation analysis of mass information, and improving the handling control capability and the risk control capability of the security event of the whole network; 3. the cloud security service mainly researches various security services, such as anti-virus services and the like, provided for users based on a cloud computing platform. For the situation that the federal recommendation system is deployed in the cloud, the federal recommendation system can be regarded as a cloud computer system, and the research direction for improving the safety of the federal recommendation system is the research direction for the cloud computing safety.
Referring to fig. 5, an embodiment of the present application provides an information data processing apparatus, including:
a sending unit 501, configured to send initial feature information of the information data to a terminal, where the terminal is configured to obtain first gradient information based on the local data and the initial feature information, and return the first gradient information, where the first gradient information is used to indicate an update vector for updating the initial feature information;
a receiving unit 502, configured to receive first gradient information sent by a terminal;
a first obtaining unit 503, configured to obtain a trusteeship attack detection result corresponding to the first gradient information;
an updating unit 504, configured to update the initial feature information based on first gradient information corresponding to the attack detection result that meets the selection condition, to obtain first feature information of the information data;
a second obtaining unit 505, configured to obtain target feature information of the information data based on the first feature information;
a recommending unit 506, configured to recommend the information data based on the target feature information.
In a possible implementation manner, the attack-holding detection result corresponding to the first gradient information is a first result or a second result, the first result is used to indicate that the first gradient information is normal gradient information, and the second result indicates that the first gradient information is attack-holding gradient information; the attack detection result meeting the selection condition is a first result;
an updating unit 504, configured to calculate average gradient information of first gradient information corresponding to the first result; and updating the initial characteristic information based on the average gradient information, and taking the updated initial characteristic information as the first characteristic information of the information data.
In a possible implementation manner, the second obtaining unit 505 is configured to send the first feature information to the terminal in response to that the update process of the initial feature information does not meet the update termination condition, where the terminal is configured to obtain second gradient information based on the local data and the first feature information, and return the second gradient information, where the second gradient information is used to indicate an update vector for updating the first feature information; receiving second gradient information sent by the terminal; acquiring a Touchi attack detection result corresponding to the second gradient information; updating the first characteristic information based on second gradient information corresponding to the Touche detection result meeting the selection condition to obtain second characteristic information of the information data; and acquiring target characteristic information of the information data based on the second characteristic information.
In one possible implementation manner, the second obtaining unit 505 is configured to, in response to that the updating process of the initial feature information satisfies the updating termination condition, use the first feature information as the target feature information of the information data.
In one possible implementation manner, the recommending unit 506 is configured to determine similarity between the preference information data and other information data except the preference information data in the information data based on the target feature information, and recommend the target information data, of which the similarity with the preference information data satisfies the recommendation condition, to the terminal corresponding to the preference information data.
In a possible implementation manner, the first obtaining unit 503 is configured to obtain a trusteeship attack detection feature corresponding to the first gradient information, where the trusteeship attack detection feature corresponding to the first gradient information is used to indicate a detection classification result corresponding to the first gradient information; acquiring a detection classification result corresponding to the first gradient information based on the attack detection characteristics corresponding to the first gradient information; and determining a Touchi attack detection result corresponding to the first gradient information based on the detection classification result corresponding to the first gradient information.
In a possible implementation manner, the first obtaining unit 503 is further configured to invoke a target detection classification model to perform detection classification processing on the attack detection features corresponding to the first gradient information, so as to obtain a detection classification result corresponding to the first gradient information; the target detection classification model is obtained by performing semi-supervised training on the initial detection classification model by using sample gradient information with standard detection classification labels and sample gradient information without the standard detection classification labels.
In the embodiment of the application, after receiving the gradient information sent by the terminal, the server first obtains the attack-holding detection results corresponding to each gradient information, and then updates the characteristic information of the information data based on the gradient information corresponding to the attack-holding detection results meeting the selection condition. The reliability of the gradient information corresponding to the trust attack detection result meeting the selection condition is high, and the characteristic information of the updated information data based on the gradient information corresponding to the trust attack detection result meeting the selection condition can resist the trust attack of malicious users, so that the reliability of the characteristic information of the updated information data is high, and the accuracy of recommending the information data according to the finally obtained target characteristic information is improved.
It should be noted that, when the apparatus provided in the foregoing embodiment implements the functions thereof, only the division of the functional modules is illustrated, and in practical applications, the functions may be distributed by different functional modules according to needs, that is, the internal structure of the apparatus may be divided into different functional modules to implement all or part of the functions described above. In addition, the apparatus and method embodiments provided by the above embodiments belong to the same concept, and specific implementation processes thereof are described in the method embodiments for details, which are not described herein again.
Fig. 6 is a schematic structural diagram of a server according to an embodiment of the present application, where the server may generate a relatively large difference due to different configurations or performances, and may include one or more processors (CPUs) 601 and one or more memories 602, where at least one program code is stored in the one or more memories 602, and is loaded and executed by the one or more processors 601 to implement the method for Processing information data provided by the above method embodiments. Of course, the server may also have components such as a wired or wireless network interface, a keyboard, and an input/output interface, so as to perform input/output, and the server may also include other components for implementing the functions of the device, which are not described herein again.
In an exemplary embodiment, a computer device is also provided that includes a processor and a memory having at least one program code stored therein. The at least one program code is loaded and executed by one or more processors to implement any of the above-mentioned methods for processing information data.
In an exemplary embodiment, there is also provided a computer readable storage medium having at least one program code stored therein, the at least one program code being loaded and executed by a processor of a computer device to implement any one of the above-mentioned information data processing methods.
In one possible implementation, the computer-readable storage medium may be a Read-Only Memory (ROM), a Random Access Memory (RAM), a Compact Disc Read-Only Memory (CD-ROM), a magnetic tape, a floppy disk, an optical data storage device, and the like.
In an exemplary embodiment, a computer program product or computer program is also provided, the computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer readable storage medium, and the processor executes the computer instructions, so that the computer device executes any one of the above information data processing methods.
It is noted that the terms first, second and the like in the description and in the claims of the present application are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used is interchangeable under appropriate circumstances such that the embodiments of the application described herein are capable of operation in sequences other than those illustrated or described herein. The implementations described in the above exemplary embodiments do not represent all implementations consistent with the present application. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the present application, as detailed in the appended claims.
It should be understood that reference to "a plurality" herein means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.
The above description is only exemplary of the present application and should not be taken as limiting the present application, and any modifications, equivalents, improvements and the like that are made within the spirit and principle of the present application should be included in the protection scope of the present application.
Claims (10)
1. A method for processing information data, the method comprising:
sending initial characteristic information of information data to a terminal, wherein the terminal is used for acquiring first gradient information based on local data and the initial characteristic information and returning the first gradient information, and the first gradient information is used for indicating an update vector for updating the initial characteristic information;
receiving first gradient information sent by the terminal, and acquiring a Touch attack detection result corresponding to the first gradient information;
updating the initial characteristic information based on first gradient information corresponding to the Touche detection result meeting the selection condition to obtain first characteristic information of the information data;
and acquiring target characteristic information of the information data based on the first characteristic information, and recommending the information data based on the target characteristic information.
2. The method according to claim 1, wherein the first gradient information corresponds to a first result or a second result, the first result is used to indicate that the first gradient information is normal gradient information, and the second result indicates that the first gradient information is tarry attack gradient information; the attack detection result meeting the selection condition is the first result;
updating the initial characteristic information based on the first gradient information corresponding to the attack detection result meeting the selection condition to obtain the first characteristic information of the information data, wherein the updating comprises the following steps:
calculating average gradient information of first gradient information corresponding to the first result;
and updating the initial characteristic information based on the average gradient information, and taking the updated initial characteristic information as the first characteristic information of the information data.
3. The method of claim 1, wherein the obtaining target feature information of the information data based on the first feature information comprises:
responding to that the updating process of the initial feature information does not meet the updating termination condition, and sending the first feature information to the terminal, wherein the terminal is used for acquiring second gradient information based on local data and the first feature information and returning the second gradient information, and the second gradient information is used for indicating an updating vector for updating the first feature information;
receiving the second gradient information sent by the terminal; acquiring a Touchi attack detection result corresponding to the second gradient information;
updating the first characteristic information based on second gradient information corresponding to the Tooattack detection result meeting the selection condition to obtain second characteristic information of the information data; and acquiring target characteristic information of the information data based on the second characteristic information.
4. The method of claim 1, wherein the obtaining target feature information of the information data based on the first feature information comprises:
and in response to the updating process of the initial characteristic information meeting the updating termination condition, taking the first characteristic information as the target characteristic information of the information data.
5. The method according to any one of claims 1-4, wherein the recommending the information data based on the target feature information comprises:
and determining similarity between preference information data and other information data except the preference information data in the information data based on the target characteristic information, and recommending the target information data of which the similarity between the other information data and the preference information data meets recommendation conditions to a terminal corresponding to the preference information data.
6. The method according to any one of claims 1 to 4, wherein obtaining the detection result of the attacks corresponding to the first gradient information comprises:
acquiring a trusteeship attack detection characteristic corresponding to the first gradient information, wherein the trusteeship attack detection characteristic corresponding to the first gradient information is used for indicating a detection classification result corresponding to the first gradient information;
acquiring a detection classification result corresponding to the first gradient information based on the attack detection characteristics corresponding to the first gradient information;
and determining a Touchi attack detection result corresponding to the first gradient information based on the detection classification result corresponding to the first gradient information.
7. The method according to claim 6, wherein the obtaining a detection classification result corresponding to the first gradient information based on the trusting attack detection feature corresponding to the first gradient information includes:
calling a target detection classification model to perform detection classification processing on the attack detection characteristics corresponding to the first gradient information to obtain a detection classification result corresponding to the first gradient information;
and the target detection classification model is obtained by performing semi-supervised training on the initial detection classification model by using sample gradient information with standard detection classification labels and sample gradient information without the standard detection classification labels.
8. An apparatus for processing information data, the apparatus comprising:
a sending unit, configured to send initial feature information of information data to a terminal, where the terminal is configured to obtain first gradient information based on local data and the initial feature information, and return the first gradient information, where the first gradient information is used to indicate an update vector for updating the initial feature information;
the receiving unit is used for receiving first gradient information sent by the terminal;
a first obtaining unit, configured to obtain a trusting attack detection result corresponding to the first gradient information;
the updating unit is used for updating the initial characteristic information based on first gradient information corresponding to the attack detection result meeting the selection condition to obtain first characteristic information of the information data;
a second obtaining unit, configured to obtain target feature information of the information data based on the first feature information;
and the recommending unit is used for recommending the information data based on the target characteristic information.
9. A computer device comprising a processor and a memory, wherein at least one program code is stored in the memory, and the at least one program code is loaded and executed by the processor to implement the method for processing information data according to any one of claims 1 to 7.
10. A computer-readable storage medium having at least one program code stored therein, the at least one program code being loaded and executed by a processor to implement the method of processing information data according to any one of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011158092.8A CN112231571A (en) | 2020-10-26 | 2020-10-26 | Information data processing method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011158092.8A CN112231571A (en) | 2020-10-26 | 2020-10-26 | Information data processing method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112231571A true CN112231571A (en) | 2021-01-15 |
Family
ID=74109455
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011158092.8A Pending CN112231571A (en) | 2020-10-26 | 2020-10-26 | Information data processing method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112231571A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113626687A (en) * | 2021-07-19 | 2021-11-09 | 浙江师范大学 | Online course recommendation method and system taking federal learning as core |
-
2020
- 2020-10-26 CN CN202011158092.8A patent/CN112231571A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113626687A (en) * | 2021-07-19 | 2021-11-09 | 浙江师范大学 | Online course recommendation method and system taking federal learning as core |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Huang et al. | Data poisoning attacks to deep learning based recommender systems | |
| WO2022041979A1 (en) | Information recommendation model training method and related device | |
| Xiao et al. | Attentional factorization machines: Learning the weight of feature interactions via attention networks | |
| CN112231570B (en) | Recommendation system support attack detection method, device, equipment and storage medium | |
| Boshmaf et al. | Íntegro: Leveraging victim prediction for robust fake account detection in large scale OSNs | |
| Ma et al. | A highly accurate prediction algorithm for unknown web service QoS values | |
| Fire et al. | Computationally efficient link prediction in a variety of social networks | |
| Papadakis et al. | SCoR: a synthetic coordinate based recommender system | |
| Zhao et al. | A semi-self-taught network intrusion detection system | |
| Aalibagi et al. | A matrix factorization model for hellinger-based trust management in social internet of things | |
| Thuraisingham et al. | A data driven approach for the science of cyber security: Challenges and directions | |
| Qiao et al. | Siamese neural networks for user identity linkage through web browsing | |
| CN111382283A (en) | Resource category label labeling method and device, computer equipment and storage medium | |
| Anelli et al. | Adversarial recommender systems: Attack, defense, and advances | |
| Ge et al. | Estimating local information trustworthiness via multi-source joint matrix factorization | |
| CN114021188A (en) | Method and device for interactive security verification of federated learning protocol and electronic equipment | |
| CN115114329A (en) | Method and device for detecting data stream abnormity, electronic equipment and storage medium | |
| CN112231571A (en) | Information data processing method, device, equipment and storage medium | |
| Best et al. | Utilising k-means clustering and naive bayes for IoT anomaly detection: A hybrid approach | |
| Hajdu et al. | Use of artificial neural networks to identify fake profiles | |
| Xu et al. | Reliability prediction for service oriented system via matrix factorization in a collaborative way | |
| CN117540791B (en) | Method and device for countermeasure training | |
| Alharbi et al. | Privacy-aware identity cloning detection based on deep forest | |
| Cen et al. | Sign inference for dynamic signed networks via dictionary learning | |
| CN114820085B (en) | User screening method, related device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| REG | Reference to a national code |
Ref country code: HK Ref legal event code: DE Ref document number: 40037835 Country of ref document: HK |
|
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |