通信学报2023,Vol.44Issue(11):94-109,16.DOI:10.11959/j.issn.1000-436x.2023209
联邦学习中的模型逆向攻防研究综述
Survey on model inversion attack and defense in federated learning
摘要
Abstract
As a distributed machine learning technology,federated learning can solve the problem of data islands.How-ever,because machine learning models will unconsciously remember training data,model parameters and global models uploaded by participants will suffer various privacy attacks.A systematic summary of existing attack methods was con-ducted for model inversion attacks in privacy attacks.Firstly,the theoretical framework of model inversion attack was summarized and analyzed in detail.Then,existing attack methods from the perspective of threat models were summa-rized,analyzed and compared.Then,the defense strategies of different technology types were summarized and compared.Finally,the commonly used evaluation criteria and datasets were summarized for inversion attack of existing models,and the main challenges and future research directions were summarized for inversion attack of models.关键词
联邦学习/模型逆向攻击/隐私安全Key words
federated learning/model inversion attack/privacy security分类
信息技术与安全科学引用本文复制引用
王冬,秦倩倩,郭开天,刘容轲,颜伟鹏,任一支,罗清彩,申延召..联邦学习中的模型逆向攻防研究综述[J].通信学报,2023,44(11):94-109,16.基金项目
浙江省"尖兵""领雁"研发基金资助项目(No.2023C03203,No.2023C03180,No.2022C03174) (No.2023C03203,No.2023C03180,No.2022C03174)
浙江省属高校基本科研业务费专项资金资助项目(No.GK229909299001-023) Zhejiang Province's"Sharp Blade"and"Leading Goose"Research and Development Project(No.2023C03203,No.2023C03180,No.2022C03174),Zhejiang Province-funded Basic Research Fund for Universities Affiliated with Zhejiang Province(No.GK229909299001-023) (No.GK229909299001-023)
