联邦学习中的模型逆向攻防研究综述OACSCD
Survey on model inversion attack and defense in federated learning
联邦学习作为一种分布式机器学习技术可以解决数据孤岛问题,但机器学习模型会无意识地记忆训练数据,导致参与方上传的模型参数与全局模型会遭受各种隐私攻击.针对隐私攻击中的模型逆向攻击,对现有的攻击方法进行了系统总结.首先,概括并详细分析了模型逆向攻击的理论框架;其次,从威胁模型的角度对现有的攻击方法进行总结分析与比较;再次,总结与比较了不同技术类型的防御策略;最后,对现有模型逆向攻击常用的评估标准及数据集进行汇总,并对模型逆向攻击现有的主要挑战以及未来研究方向进行总结.
As a distributed machine learning technology,federated learning can solve the problem of data islands.How-ever,because machine learning models will unconsciously remember training data,model parameters and global models uploaded by participants will suffer various privacy attacks.A systematic summary of existing attack methods was con-ducted for model inversion attacks in privacy attacks.Firstly,the theoretical framework of model inversion attack was summarized and analyzed in detail.Then,existing attack methods from the perspective of threat models were summa-rized,analyzed and compared.Then,the defense strategies of different technology types were summarized and compared.Finally,the commonly used evaluation criteria and datasets were summarized for inversion attack of existing models,and the main challenges and future research directions were summarized for inversion attack of models.
王冬;秦倩倩;郭开天;刘容轲;颜伟鹏;任一支;罗清彩;申延召
杭州电子科技大学网络空间安全学院,浙江 杭州 310018杭州电子科技大学网络空间安全学院,浙江 杭州 310018杭州电子科技大学网络空间安全学院,浙江 杭州 310018杭州电子科技大学网络空间安全学院,浙江 杭州 310018杭州电子科技大学网络空间安全学院,浙江 杭州 310018杭州电子科技大学网络空间安全学院,浙江 杭州 310018山东浪潮科学研究院有限公司,山东 济南 250000山东区块链研究院,山东 济南 250000
计算机与自动化
联邦学习模型逆向攻击隐私安全
federated learningmodel inversion attackprivacy security
《通信学报》 2023 (11)
94-109,16
浙江省"尖兵""领雁"研发基金资助项目(No.2023C03203,No.2023C03180,No.2022C03174)浙江省属高校基本科研业务费专项资金资助项目(No.GK229909299001-023) Zhejiang Province's"Sharp Blade"and"Leading Goose"Research and Development Project(No.2023C03203,No.2023C03180,No.2022C03174),Zhejiang Province-funded Basic Research Fund for Universities Affiliated with Zhejiang Province(No.GK229909299001-023)
评论