機(jī)器學(xué)習(xí)中的成員推斷攻擊與防御研究
信息技術(shù)與網(wǎng)絡(luò)安全
王鵬焱
(安徽理工大學(xué) 計(jì)算機(jī)科學(xué)與工程學(xué)院,安徽 淮南232001)
摘要: 隨著機(jī)器學(xué)習(xí)滲透到日常生活中的各個(gè)方面,其數(shù)據(jù)隱私問題受到越來越多的關(guān)注。成員推斷攻擊是機(jī)器學(xué)習(xí)算法面臨的安全威脅之一,用于推斷特定數(shù)據(jù)是否存在于機(jī)器學(xué)習(xí)模型的訓(xùn)練集中,給用戶帶來極大的安全隱患,對(duì)機(jī)器學(xué)習(xí)模型的安全性提出挑戰(zhàn)。為此,研究成員推斷攻擊不僅能發(fā)現(xiàn)隱私數(shù)據(jù)面臨的威脅,而且還能為防御技術(shù)的提出提供思路。對(duì)近年來有關(guān)成員推斷攻擊的研究進(jìn)行詳細(xì)的分析,按照應(yīng)用場(chǎng)景的不同將攻擊分為判別模型攻擊、生成模型攻擊以及聯(lián)邦學(xué)習(xí)攻擊三類。同時(shí)根據(jù)成員推斷攻擊和防御的發(fā)展現(xiàn)狀,闡述了影響攻擊的因素以及經(jīng)典的防御策略。最后指出成員推斷攻擊中仍需解決的問題以及未來的發(fā)展方向。
中圖分類號(hào): TP309
文獻(xiàn)標(biāo)識(shí)碼: A
DOI: 10.19358/j.issn.2096-5133.2021.08.011
引用格式: 王鵬焱. 機(jī)器學(xué)習(xí)中的成員推斷攻擊與防御研究[J].信息技術(shù)與網(wǎng)絡(luò)安全,2021,40(8):65-70,83.
文獻(xiàn)標(biāo)識(shí)碼: A
DOI: 10.19358/j.issn.2096-5133.2021.08.011
引用格式: 王鵬焱. 機(jī)器學(xué)習(xí)中的成員推斷攻擊與防御研究[J].信息技術(shù)與網(wǎng)絡(luò)安全,2021,40(8):65-70,83.
Reasearch on membership inference attack and defense in machine learning
Wang Pengyan
(School of Computer Science and Engineering,Anhui University of Science and Technology,Huainan 232001,China)
Abstract: As machine learning penetrates into all aspects of daily life, its data privacy issues have received more and more attention. Membership inference attacks are one of the security threats faced by machine learning algorithms. They are used to infer whether specific data exists in the training set of machine learning models, which brings great security risks to users and poses challenges to the security of machine learning models. To this end, the researchers inferred that attacks can not only discover threats to private data, but also provide ideas for the proposal of defense technologies. This article conducts a detailed analysis of the research on membership inference attacks in recent years, and divides the attacks into three types: discriminative model attacks, generative model attacks, and federated learning attacks according to different application scenarios. At the same time, according to the development status of membership inference attacks and defense, this paper expounds the factors that affect the attack and the classic defense strategies. Finally, it points out the problems that need to be solved in the membership inference attacks and the future development direction.
Key words : machine learning;membership inference attack;privacy security;defense technology
0 引言
機(jī)器學(xué)習(xí)在智能醫(yī)療、圖像識(shí)別、推薦系統(tǒng)、情感分析[1-4]等領(lǐng)域得到快速的發(fā)展,加速了傳統(tǒng)行業(yè)的智能化發(fā)展。然而,用于訓(xùn)練機(jī)器學(xué)習(xí)模型的大量數(shù)據(jù)不可避免地包含敏感信息,機(jī)器學(xué)習(xí)的蓬勃發(fā)展在改變?nèi)藗兩罘绞降耐瑫r(shí),也給數(shù)據(jù)隱私安全帶來嚴(yán)峻的威脅。例如,一個(gè)基于癌癥病人信息訓(xùn)練的模型,如果知道了某病人是該模型的訓(xùn)練集成員,可以直接推斷出該病人的患病信息并由此可能引發(fā)歧視問題[5]。這種推斷數(shù)據(jù)是否存在于訓(xùn)練集的算法稱為成員推斷攻擊,近年來成為研究者關(guān)注的熱點(diǎn)。
本文詳細(xì)內(nèi)容請(qǐng)下載:http://m.xxav2194.com/resource/share/2000003728
作者信息:
王鵬焱
(安徽理工大學(xué) 計(jì)算機(jī)科學(xué)與工程學(xué)院,安徽 淮南232001)
此內(nèi)容為AET網(wǎng)站原創(chuàng),未經(jīng)授權(quán)禁止轉(zhuǎn)載。