摘要
详细分析了数据沙箱模式下,深度学习数据窃取攻击的威胁模型,量化评估了数据处理阶段和模型训练阶段攻击的危害程度和鉴别特征。针对数据处理阶段的攻击,提出基于模型剪枝的数据泄露防御方法,在保证原模型可用性的前提下减少数据泄露量;针对模型训练阶段的攻击,提出基于模型参数分析的攻击检测方法,从而拦截恶意模型防止数据泄露。这2种防御方法不需要修改或加密数据,也不需要人工分析深度学习模型训练代码,能够更好地应用于数据沙箱模式下数据窃取防御。实验评估显示,基于模型剪枝的防御方法最高能够减少73%的数据泄露,基于模型参数分析的检测方法能够有效识别95%以上的攻击行为。
The threat model of deep-learning-based data theft in data sandbox model was analyzed in detail,and the degree of damage and distinguishing characteristics of this attack were quantitatively evaluated both in the data processing stage and the model training stage.Aiming at the attack in the data processing stage,a data leakage prevention method based on model pruning was proposed to reduce the amount of data leakage while ensuring the availability of the original model.Aiming at the attack in model training stage,an attack detection method based on model parameter analysis was proposed to intercept malicious models and prevent data leakage.These two methods do not need to modify or encrypt data,and do not need to manually analyze the training code of deep learning model,so they can be better applied to data theft defense in data sandbox mode.Experimental evaluation shows that the defense method based on model pruning can reduce 73%of data leakage,and the detection method based on model parameter analysis can effectively identify more than 95%of attacks.
作者
潘鹤中
韩培义
向夏雨
段少明
庄荣飞
刘川意
PAN Hezhong;HAN Peiyi;XIANG Xiayu;DUAN Shaoming;ZHUANG Rongfei;LIU Chuanyi(School of Cyberspace Security,Beijing University of Posts and Telecommunications,Beijing 100876,China;School of Computer Science and Technology,Harbin Institute of Technology(Shenzhen),Shenzhen 518055,China;Cyberspace Security Research Center,Peng Cheng Laboratory,Shenzhen 518066,China)
出处
《通信学报》
EI
CSCD
北大核心
2021年第11期133-144,共12页
Journal on Communications
基金
国家自然科学基金资助项目(No.61872110)。