《电子技术应用》
您所在的位置:首页 > 其他 > 设计应用 > 机器学习中的成员推断攻击与防御研究
机器学习中的成员推断攻击与防御研究
信息技术与网络安全
王鹏焱
(安徽理工大学 计算机科学与工程学院,安徽 淮南232001)
摘要: 随着机器学习渗透到日常生活中的各个方面,其数据隐私问题受到越来越多的关注。成员推断攻击是机器学习算法面临的安全威胁之一,用于推断特定数据是否存在于机器学习模型的训练集中,给用户带来极大的安全隐患,对机器学习模型的安全性提出挑战。为此,研究成员推断攻击不仅能发现隐私数据面临的威胁,而且还能为防御技术的提出提供思路。对近年来有关成员推断攻击的研究进行详细的分析,按照应用场景的不同将攻击分为判别模型攻击、生成模型攻击以及联邦学习攻击三类。同时根据成员推断攻击和防御的发展现状,阐述了影响攻击的因素以及经典的防御策略。最后指出成员推断攻击中仍需解决的问题以及未来的发展方向。
中图分类号: TP309
文献标识码: A
DOI: 10.19358/j.issn.2096-5133.2021.08.011
引用格式: 王鹏焱. 机器学习中的成员推断攻击与防御研究[J].信息技术与网络安全,2021,40(8):65-70,83.
Reasearch on membership inference attack and defense in machine learning
Wang Pengyan
(School of Computer Science and Engineering,Anhui University of Science and Technology,Huainan 232001,China)
Abstract: As machine learning penetrates into all aspects of daily life, its data privacy issues have received more and more attention. Membership inference attacks are one of the security threats faced by machine learning algorithms. They are used to infer whether specific data exists in the training set of machine learning models, which brings great security risks to users and poses challenges to the security of machine learning models. To this end, the researchers inferred that attacks can not only discover threats to private data, but also provide ideas for the proposal of defense technologies. This article conducts a detailed analysis of the research on membership inference attacks in recent years, and divides the attacks into three types: discriminative model attacks, generative model attacks, and federated learning attacks according to different application scenarios. At the same time, according to the development status of membership inference attacks and defense, this paper expounds the factors that affect the attack and the classic defense strategies. Finally, it points out the problems that need to be solved in the membership inference attacks and the future development direction.
Key words : machine learning;membership inference attack;privacy security;defense technology

0 引言

机器学习在智能医疗、图像识别、推荐系统、情感分析[1-4]等领域得到快速的发展,加速了传统行业的智能化发展。然而,用于训练机器学习模型的大量数据不可避免地包含敏感信息,机器学习的蓬勃发展在改变人们生活方式的同时,也给数据隐私安全带来严峻的威胁。例如,一个基于癌症病人信息训练的模型,如果知道了某病人是该模型的训练集成员,可以直接推断出该病人的患病信息并由此可能引发歧视问题[5]。这种推断数据是否存在于训练集的算法称为成员推断攻击,近年来成为研究者关注的热点。 




本文详细内容请下载:http://www.chinaaet.com/resource/share/2000003728




作者信息:

王鹏焱

(安徽理工大学 计算机科学与工程学院,安徽 淮南232001)


此内容为AET网站原创,未经授权禁止转载。