重要数据跨境流动背景下风险路径的识别与分级

doi:10.16381/j.cnki.issn1003-207x.2019.1841

中国管理科学 ›› 2021, Vol. 29 ›› Issue (3): 90-99.doi: 10.16381/j.cnki.issn1003-207x.2019.1841

重要数据跨境流动背景下风险路径的识别与分级

李金^1,2, 申苏浩¹, 孙晓蕾², 邢潇³

1. 西安电子科技大学经济与管理学院, 陕西西安 710071;
2. 中国科学院科技战略咨询研究院, 北京 100190;
3. 国家计算机网络应急技术处理协调中心, 北京 100029

收稿日期:2019-11-14 修回日期:2020-03-04 发布日期:2021-04-02
通讯作者: 邢潇(1989-),男(蒙古族),河北承德人,国家计算机网络应急技术处理协调中心,工程师,博士,研究方向:数据安全,E-mail:xingxiao@cert.org.cn. E-mail:xingxiao@cert.org.cn
作者简介:邢潇(1989-),男(蒙古族),河北承德人,国家计算机网络应急技术处理协调中心,工程师,博士,研究方向:数据安全,E-mail:xingxiao@cert.org.cn.
基金资助:
国家自然科学基金资助项目（71901169）；国家重点研发计划资助项目（2017YFC1201202）；中国博士后科学基金资助项目（2019M650035）

Identification and Classification for Risk Paths in the Context of Cross-Border Important Data Flow

LI Jin^1,2, SHEN Su-hao¹, SUN Xiao-lei², XING Xiao³

1. School of Economics and Management, Xidian University, Xi'an 710071, China;
2. Institute of Science and Development, Chinese Academy of Sciences, Beijing 100190, China;
3. National Computer Network Emergency Response Technical Team/Coordination Center of China, Beijing 100029, China

Received:2019-11-14 Revised:2020-03-04 Published:2021-04-02

摘要/Abstract

摘要： 重要数据的跨境流动引发了数据安全、国家安全等风险挑战。风险路径的识别和分级是对重要数据跨境流动进行预警管理的重要内容。本文基于复杂网络中的二分网络模型，对重要数据的跨境流动进行研究。首先，通过重要数据跨境流动的二分网络和关联网络识别风险路径；其次，构建基于网络结构和接收节点属性的目标风险路径方法以计算其风险值；最后，对我国某重要行业跨境流动的数据开展实证分析，验证算法的有效性和精准度。本文旨在为重要数据跨境流动的预警管理提供量化方法，有效预防重要数据跨境流动带来的风险，提升我国数据治理能力。

关键词: 重要数据, 跨境流动, 路径识别, 风险管理, 预警管理

Abstract: With the development of information technologies, such as artificial intelligence, big data, and cloud computing, massive data areexplosively produced and collected. The global economy and collaboration have also initiated a large scale of cross-border data flow.The data transmission potentially raises risks and challenges for data security and national security. The identification and classification of risk paths work as an important component in early warning management for the cross-border flow of important data. However, previous researches focus more on the regulation and policy suggestions. There are few researches on the risk management from a quantitative perspective, and relatively few on the early warning management for illegal transmission of important data.
Based on the complex network theory, the cross-border flow of important data are studied. First, the binary network model, including two types of nodes for data senders and receivers, is employed to simulate the cross-border data flow network. Second, the associated network is established by the common neighbor structure in the binary network. Meanwhile, the associated network can also reflect the data flow mechanism based on its transmission tendency. Third,the risk paths for important data flows across borders can be identified through the constructed binary network and its associated network. The destination risk path(DRP) algorithm, incorporating the network structure, node attribute, and data transmission frequency, is also designed to calculate the risk value for each risk path.
By collecting the cross-border data flow from an important industry in China, empirical analyses are conducted to detect the performance of proposed methods. Risk paths are empirically identified and risk values are obtained through the above methods. Using AUC as the criterion, the comparison results indicate that our proposed DRP algorithm performs better in link prediction than those algorithms in previous literatures, such as common neighbors, Jaccard, Sørensen, and potential link prediction, etc. Furthermore, the risk classification is also provided towards an efficient data flow monitoring and management. Considering the effects of network size and node attribute, a series of robustness checks are also conducted to support the main findings.
This paper focuses on the risk management issues emerging in the cross-border flow of important data. The methodology framework proposed in this paper can be widely used by different important industries,and benefits regulatory authorities to accurately identify and classify the potential risks existing in the cross-border data flow. A quantitative method is provided for the early warning management, effectively reducing the related risk, and furtherly improving the data governance capacity.

Key words: important data, cross-border flow, risk identification, risk management, early warning management

中图分类号:

X915.1

李金, 申苏浩, 孙晓蕾, 邢潇. 重要数据跨境流动背景下风险路径的识别与分级[J]. 中国管理科学, 2021, 29(3): 90-99.

LI Jin, SHEN Su-hao, SUN Xiao-lei, XING Xiao. Identification and Classification for Risk Paths in the Context of Cross-Border Important Data Flow[J]. Chinese Journal of Management Science, 2021, 29(3): 90-99.

参考文献

[1] 中国信息通信研究院.大数据白皮书(2018年)[R].中国信息通信研究院,2018.
[2] 黄道丽,何治乐.欧美数据跨境流动监管立法的"大数据现象"及中国策略[J].情报杂志,2017,36(4):47-53.
[3] 惠志斌.数据经济时代企业跨境数据流动风险管理[M].北京:社会科学文献出社,2018.
[4] 国家互联网信息办公室.国家互联网信息办公室关于《个人信息和重要数据出境安全评估办法(征求意见稿)》公开征求意见的通知[EB/OL].(2019-04-11)[2019-11-07].http://www.cac.gov.cn/2017-04/11/c_1120785691.htm.
[5] 全国信息安全标准化技术委员会.关于国家标准《信息安全技术数据出境安全评估指南》征求意见稿征求意见的通知[EB/OL].(2017-08-30)[2019-11-07].https://www.tc260.org.cn/front/bzzqyjDetail.html?id=20170830211755&norm_id=20170221113131&recode_id=23883.
[6] 国家互联网信息办公室.国家互联网信息办公室关于《数据安全管理办法(征求意见稿)》公开征求意见的通知[EB/OL].(2019-05-28)[2019-11-07].http://www.cac.gov.cn/2019-05/28/c_1124546022.htm.
[7] 工业互联网安全应急响应中心.《保障国家数据安全》-云晓春副主任在第16届网络安全年会上的专题报告[EB/OL].(2019-07-18)[2019-11-07].https://www.ics-cert.org.cn/portal/page/121/98cfc2f60d7c4a4cb65e651def39d805.html.
[8] 中华人民共和国科学技术部.行政处罚决定书[EB/OL].(2015-09-07)[2019-11-07].https://fuwu.most.gov.cn/html/jcxtml/20181218/2837.html?tab=xzcf.
[9] 国家计算机网络应急技术处理协调中心.2019年上半年我国互联网网络安全态势[R].国家计算机网络应急技术处理协调中心.2019.
[10] 姜江,李璇,邢立宁,等.基于模糊证据推理的系统风险分析与评价[J].系统工程理论与实践,2013,33(2):529-537.
[11] 史宇航.主权的网络边界[J].情报杂志,2018,37(9):160-166.
[12] Cezar A, Cavusoglu H, Raghunathan S. Out sourcing information security:Contracting issues and security implications[J]. Management Science, 2013, 60(3):638-657.
[13] 邓超,陈学军.基于复杂网络的金融传染风险模型研究[J].中国管理科学,2014,22(11):11-18.
[14] 欧阳红兵,刘晓东.中国金融机构的系统重要性及系统性风险传染机制分析[J].中国管理科学,2015,23(10):30-37.
[15] 张奇,李彦,王歌,等.基于复杂网络的电动汽车充电桩众筹市场信用风险建模与分析[J].中国管理科学,2019,27(8):66-74.
[16] Kley O, Klüppelberg C, Reinert G. Risk in a large claims insurance market with bipartite graph structure[J]. Operations Research, 2016,64(5):1159-1176.
[17] Bimpikis K, Ehsani S, lkılıç R. Cournot competition in networked markets[J]. Management Science,2019,65(6):2467-2481.
[18] 李永立,罗鹏,张书瑞.基于决策分析的社交网络链路预测方法[J].管理科学学报,2017,20(1):64-74.
[19] 王斌,王文平,费为银.基于链路动态变化的产业网络预测模型研究[J].系统工程学报,2018,33(6):721-731.
[20] 江若然,张玲玲.社交属性网下基于链路预测及节点度的推荐算法[J].管理评论,2019,31(2):119-129.
[21] Allali O, Magnien C, Latapy M. Link prediction in bipartite graphs using internal links and weighted projection[C]//Proceedings of 2011 IEEE International Conference on Computer Communications Workshops, Shanghai, China,April 10-15, 2011.
[22] Gao Man, Chen Ling, Li Bin, et al. Projection-based link prediction in a bipartite network[J]. Information Sciences. 2017,376(10):158-171.
[23] Lorrain F,White H C. Structural equivalence of individuals in social networks[J]. The Journal of Mathematical Sociology,1971,1(1):49-80.
[24] Jaccard P. Etude comparative de la distribution florale dans une portion des Alpes et des jura[J]. Bulletin de la Société Vaudoise des Science Naturelles,1901,(37):547-579.
[25] Sørensen T. A method of establishing groups of equal amplitude in plant sociology based on similarity of species content and its application to analyses of the vegetation on Danish commons[J]. Biologiske Skrifter,1948,5(4):1-34.
[26] 惠志斌,张衡.面向数据经济的跨境数据流动管理研究[J].社会科学,2016,(8):13-22.
[27] 吕琳媛,周涛.链路预测[M].北京:高等教育出版社,2013.
[28] Hanley J A, McNeil B J. The meaning and useof the area under a receiver operating characteristic (ROC) curve[J]. Radiology,1982,14,3(1):29-36.

重要数据跨境流动背景下风险路径的识别与分级

Identification and Classification for Risk Paths in the Context of Cross-Border Important Data Flow

PDF (PC)

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

Metrics

本文评价

推荐阅读 10

[1]	严冠, 刘志东. 基于贝叶斯方法的中国商业银行同业借贷网络中系统风险研究[J]. 中国管理科学, 2020, 28(4): 14-26.
[2]	柴尚蕾, 周鹏. 基于非参数Copula-CVaR模型的碳金融市场集成风险测度[J]. 中国管理科学, 2019, 27(8): 1-13.
[3]	刘家国, 崔进, 周欢, 万子谦, 曹静. 基于HHM-RFRM的船舶航行风险评估方法研究[J]. 中国管理科学, 2019, 27(5): 174-183.
[4]	任龙, 刘骏, 周学广. 考虑外汇风险的保理融资研究[J]. 中国管理科学, 2017, 25(9): 63-70.
[5]	任龙, 刘骏. 考虑下侧风险厌恶参与者的技术外包合同研究[J]. 中国管理科学, 2017, 25(4): 184-189.
[6]	白哲, 李孟刚. 基于条件破产概率的保险公司财务预警与资本分配[J]. 中国管理科学, 2016, 24(7): 36-42.
[7]	白哲, 李孟刚. 基于条件破产概率的保险公司财务预警与资本分配[J]. 中国管理科学, 2016, 24(7): 36-42.
[8]	杜娟, 倪得兵, 唐小我. 需求-汇率风险聚集下的汇率风险对冲与批发价激励[J]. 中国管理科学, 2015, 23(1): 1-9.
[9]	杜红军, 王宗军. 基于Asymmetric Laplace分布的金融风险度量[J]. 中国管理科学, 2013, 21(4): 1-7.
[10]	温源, 肖勇波. 面临汇率和供应风险的双渠道采购决策研究[J]. 中国管理科学, 2013, 21(4): 35-43.
[11]	李建斌, 杨瑞娜. 现货价格和需求关联时期权组合合约模式下采购风险管理策略[J]. 中国管理科学, 2011, 19(1): 12-20.
[12]	安智宇, 周晶. 考虑供应商违约风险的CVaR最优订货模型[J]. 中国管理科学, 2009, 17(2): 66-70.
[13]	姜继娇, 杨乃定. 基于行为金融的证券组合风险管理研究[J]. 中国管理科学, 2005, (3): 32-36.
[14]	杜本峰. 因子模型在风险预算分析中的应用[J]. 中国管理科学, 2004, (3): 44-47.
[15]	井润田, 左齐. 信贷风险管理系统的开发实践[J]. 中国管理科学, 2002, (5): 30-34.