信息安全研究 ›› 2019, Vol. 5 ›› Issue (9): 778-788.

• 学术论文 • 上一篇    下一篇

大规模用户隐私风险量化研究

孟小峰,朱敏杰,刘俊旭   

  1. 中国人民大学信息学院
  • 收稿日期:2019-09-06 出版日期:2019-09-15 发布日期:2019-09-06
  • 通讯作者: 孟小峰
  • 作者简介:孟小峰(1964-) 男,博士,教授,博士生导师,CCF会士,主要研究领域为数据库理论与系统,大数据管理系统,大数据隐私保护,大数据融合与智能,大数据实时分析,社会计算等。 xfmeng@ruc.edu.cn 朱敏杰(1993-) 女,硕士研究生,主要研究方向为大数据隐私保护。 minjaezhu@163.com 刘俊旭(1995-) 女,博士生,主要研究领域为隐私保护。 junxu_liu@ruc.edu.cn

Quantitative Research on Privacy Risk of LargeScale Mobile Users

  • Received:2019-09-06 Online:2019-09-15 Published:2019-09-06

摘要: 移动应用程序的日益繁多使得移动互联网服务提供商有机会收集到大规模的用户数据,然而其数据收集和使用的不规范使移动用户面临着极其严峻的隐私风险问题.如何分析用户隐私风险状况并进行隐私保护成为当前亟待解决的重要问题.基于移动应用程序的权限分析方法,提出一种用户隐私风险量化模型.该模型首先通过39个敏感权限识别移动应用程序内个人隐私数据收集状况,并以此为数据泄露源,考虑数据泄露的可能性及数据的隐私危害程度.然后,利用3000万移动设备上的移动应用程序数据,进一步构建隐私风险量化模型.最后,基于该模型分析单个用户的隐私风险值分布,并进一步研究各用户群体的隐私风险趋势,从而构建中国隐私风险指数体系,以区域隐私风险指数、人群隐私风险指数、行为隐私风险指数分别反映不同属性用户群体面临隐私风险的差异.

关键词: 大数据隐私, 移动应用程序, 风险量化, 权限分析, 中国隐私风险指数

Abstract: The increasing number of mobile applications have given mobile Internet service providers the opportunity to collect large amounts of user data. However, the unreasonable and abnormal collection and use of data have made mobile users face extremely serious privacy risk. How to analyze the status of user privacy risk and protect user privacy have become an urgent issue. Based on the permission analysis of mobile applications, this paper proposes a novel user privacy risk quantification model. This model first identifies the personal privacyrelated data collection of mobile applications through 39 privacy permissions which are considered as leakage data source, then consider the possibility of data leakage and the privacy hazard degree of data. This model is further constructed with the assist of application usage data of 30 million mobile devices. Finally, the distribution of privacy risks of individual users is analyzed. Then through analyzing the average user privacy risk value of each user group, the China privacy risk index is formulated to reflect the differences in privacy risks among various user groups, including the regional privacy risk index, the population privacy risk index, and the behavioral privacy risk index.

Key words: big data privacy, mobile application, risk quantification, permission analysis, the China privacy risk index