TY - GEN
T1 - A Quantitative Data Risk Assessment Model Based on Improved AHP
AU - Zhu, Huajie
AU - Liu, Zhenyan
AU - Zhao, Xiaolin
AU - Xiao, Yuming
AU - Jiang, Ying
AU - Chen, Jiaxin
N1 - Publisher Copyright:
© 2025 IEEE.
PY - 2025
Y1 - 2025
N2 - With the widespread adoption of big data technologies, data has emerged as a core factor of production; however, the associated risks of privacy leakage are becoming increasingly severe. Accurate and real-time assessment of data security risks is the prerequisite to implement effective privacy protection. Traditional data risk assessment methods, such as the Analytic Hierarchy Process (AHP), primarily rely on expert experience to construct judgment matrices. Consequently, these methods suffer from high subjectivity, low evaluation efficiency, and an inability to adapt to massive, dynamic data streams. To address these challenges, this paper proposes a dynamic data security risk assessment model based on an improved AHP driven by objective indicators. The improvements focus on three aspects: (1) establishing a six-dimensional evaluation system covering data sensitivity and distribution features; (2) replacing the subjective scoring at the alternative layer with quantitative mappings based on Tsallis entropy and logarithmic transformations; and (3) implementing a threshold-based absolute classification mechanism to supersede traditional relative ranking, thereby achieving automated decision-making. Furthermore, a Privacy Classification Protection (PCP) Platform is designed and implemented based on this model. Application verification on a realworld fitness dataset demonstrates that the model can accurately identify high-risk data features (e.g., abnormal distributions and high re-identification risks) and automatically output reasonable risk levels, significantly enhancing the efficiency and objectivity of data governance.
AB - With the widespread adoption of big data technologies, data has emerged as a core factor of production; however, the associated risks of privacy leakage are becoming increasingly severe. Accurate and real-time assessment of data security risks is the prerequisite to implement effective privacy protection. Traditional data risk assessment methods, such as the Analytic Hierarchy Process (AHP), primarily rely on expert experience to construct judgment matrices. Consequently, these methods suffer from high subjectivity, low evaluation efficiency, and an inability to adapt to massive, dynamic data streams. To address these challenges, this paper proposes a dynamic data security risk assessment model based on an improved AHP driven by objective indicators. The improvements focus on three aspects: (1) establishing a six-dimensional evaluation system covering data sensitivity and distribution features; (2) replacing the subjective scoring at the alternative layer with quantitative mappings based on Tsallis entropy and logarithmic transformations; and (3) implementing a threshold-based absolute classification mechanism to supersede traditional relative ranking, thereby achieving automated decision-making. Furthermore, a Privacy Classification Protection (PCP) Platform is designed and implemented based on this model. Application verification on a realworld fitness dataset demonstrates that the model can accurately identify high-risk data features (e.g., abnormal distributions and high re-identification risks) and automatically output reasonable risk levels, significantly enhancing the efficiency and objectivity of data governance.
KW - Data Security
KW - Improved AHP
KW - Risk Assessment
KW - Threshold-based Absolute Classification
KW - Tsallis Entropy
UR - https://www.scopus.com/pages/publications/105035826079
U2 - 10.1109/SPCNC68200.2025.11406387
DO - 10.1109/SPCNC68200.2025.11406387
M3 - Conference contribution
AN - SCOPUS:105035826079
T3 - 2025 International Conference on Signal Processing, Computer Networks and Communications, SPCNC 2025
SP - 649
EP - 656
BT - 2025 International Conference on Signal Processing, Computer Networks and Communications, SPCNC 2025
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 4th International Conference on Signal Processing, Computer Networks and Communications, SPCNC 2025
Y2 - 5 December 2025 through 7 December 2025
ER -