A survey on membership inference attacks and defenses in machine learning

导出

摘要 Membership inference(MI)attacks mainly aim to infer whether a data record was used to train a target model or not.Due to the serious privacy risks,MI attacks have been attracting a tremendous amount of attention in the research community.One existing work conducted-to our best knowledge the first dedicated survey study in this specific area:The survey provides a comprehensive review of the literature during the period of 2017~2021(e.g.,over 100 papers).However,due to the tremendous amount of progress(i.e.,176 papers)made in this area since 2021,the survey conducted by the one existing work has unfortunately already become very limited in the following two aspects:(1)Although the entire literature from 2017~2021 covers 18 ways to categorize(all the proposed)MI attacks,the literature during the period of 2017~2021,which was reviewed in the one existing work,only covered 5 ways to categorize MI attacks.With 13 ways missing,the survey conducted by the one existing work only covers 27%of the landscape(in terms of how to categorize MI attacks)if a retrospective view is taken.(2)Since the literature during the period of 2017~2021 only covers 27%of the landscape(in terms of how to categorize),the number of new insights(i.e.,why an MI attack could succeed)behind all the proposed MI attacks has been significantly increasing since year 2021.As a result,although none of the previous work has made the insights as a main focus of their studies,we found that the various insights leveraged in the literature can be broken down into 10 groups.Without making the insights as a main focus,a survey study could fail to help researchers gain adequate intellectual depth in this area of research.In this work,we conduct a systematic study to address these limitations.In particular,in order to address the first limitation,we make the 13 newly emerged ways to categorize MI attacks as a main focus on the study.In order to address the second limitation,we provide-to our best knowledge-the first review of the various insights leveraged in the entire literature.We found that the various insights leveraged in the literature can be broken down into 10 groups.Moreover,our survey also provides a comprehensive review of the existing defenses against MI attacks,the existing applications of MI attacks,the widely used datasets(e.g.,107 new datasets),and the eva luation metrics(e.g.,20 new evaluation metrics).

作者 Jun Niu Peng Liu Xiaoyan Zhu Kuo Shen Yuecong Wang Haotian Chi Yulong Shen Xiaohong Jiang Jianfeng Ma Yuqing Zhang

机构地区 School of Computer Science and Technology Information Sciences and Technology School of Telecommunications Engineering School of Hangzhou Institute of Technology School of Automation and Software Engineering School of Systems Information Science School of Computer&Control Engineering School of Cyber Engineering

出处《Journal of Information and Intelligence》 2024年第5期404-454,共51页 信息与智能学报（英文）

基金 supported by National Natural Science Foundation of China(61941105,61772406,and U2336203) National Key Research and Development Program of China(2023QY1202) Beijing Natural Science Foundation(4242031).

关键词 Machine learning Privacy and security Membership inference attacks Defensive techniques

分类号 TP181 [自动化与计算机技术—控制理论与控制工程]

引文网络
相关文献

参考文献3

1Yan LI,Hongyang YAN,Teng HUANG,Zijie PAN,Jiewei LAI,Xiaoxue ZHANG,Kongyang CHEN,Jin LI.Model architecture level privacy leakage in neural networks[J].Science China(Information Sciences),2024,67(3):16-28. 被引量：1
2凌晨添.进化神经网络在信用卡欺诈检测中的应用[J].微电子学与计算机,2011,28(10):14-17. 被引量：14
3廖国辉,刘嘉勇.基于数据挖掘和机器学习的恶意代码检测方法[J].信息安全研究,2016,2(1):74-79. 被引量：13

二级参考文献8

1Odri S V, Petrovacki D P, Krstonosic G A. Evolutional development of a multilevel neural network[J]. Neural Networks, 1993,6(4) :583-595.
2Yao X, Liu Y. A new evolutionary system for evolving artificial neural networks[J]. IEEE. Tran. Neural Networks, 1997(8) : 694-713.
3Barse E L, Kvarnstrom H, Jonsson K Combining fraud and intrusion detection-meeting new requirements[C]// Proc. Nordic Workshop. Secure IT systems. Ireland: Cork, 2000.
4Barse E L, Kvamstrom H, Jonsson E. A synthetic fraud data generation methodology[C]// Lecture Notes in Computer Science, ICICS 2002, Laboratories for Information Technology, Singapore, Springer Verlag,2002.
5Margare H Dunham. Data mining introductory and advanced topics[M]. Boston: Prentice Hall, 2003.
6Yao X. A review of evolutionary artificial neural net- works[J]. Int. J. Intell. Syst., 1993,8(4):539-567.
7黄聪会,陈靖,龚水清,罗樵,朱清超.一种基于危险理论的恶意代码检测方法[J].中南大学学报（自然科学版）,2014,45(9):3055-3060. 被引量：4
8Yanyu HUANG,Siyi LV,Zheli LIU,Xiangfu SONG,Jin LI,Yali YUAN,Changyu Dong.Cetus:an efficient symmetric searchable encryption against file-injection attack with SGX[J].Science China(Information Sciences),2021,64(8):191-208. 被引量：4

共引文献22

1陈荣荣,詹国华,李志华.基于XGBoost算法模型的信用卡交易欺诈预测研究[J].计算机应用研究,2020,37(S01):111-112. 被引量：14
2佘玉萍,陈淑清.三种不同监督方法的离群值检测在欺诈交易上的比较[J].长春大学学报,2015,25(10):17-20. 被引量：2
3张燕.基于本质特征和网络特征的信用卡欺诈检测[J].微型电脑应用,2016,32(12):72-77. 被引量：1
4李俊丽,荀亚玲.强相关子空间离群检测算法[J].计算机工程与设计,2017,38(10):2754-2758. 被引量：3
5芦效峰,蒋方朔,周箫,崔宝江,伊胜伟,沙晶.基于API序列特征和统计特征组合的恶意样本检测框架[J].清华大学学报（自然科学版）,2018,58(5):500-508. 被引量：6
6李俊丽,张继福.基于属性聚类的离群数据挖掘算法[J].中北大学学报（自然科学版）,2018,39(3):310-315. 被引量：3
7李俊丽.基于Spark平台的离群数据并行挖掘算法[J].计算机与数字工程,2018,46(11):2175-2178. 被引量：2
8秦振凯.基于数据挖掘和机器学习方法的网络异常检测技术[J].电子技术与软件工程,2018(22):162-162. 被引量：3
9李赛虎,张丽娟.基于特征工程的信用卡欺诈检测策略研究[J].现代电子技术,2019,42(15):175-180. 被引量：1
10池亚平,余宇舟,杨建喜.基于深度学习的SDN恶意应用的检测方法[J].计算机工程与设计,2019,40(8):2134-2139. 被引量：8

1Yan Li,Tai-Kang Tian,Meng-Yu Zhuang,Yu-Ting Sun.De-biased knowledge distillation framework based on knowledge infusion and label de-biasing techniques[J].Journal of Electronic Science and Technology,2024,22(3):57-68.
2Song Fei,Wei-Dong Wu,Han-Shuo Zhang,Shao-Jie Liu,Dan Li,Bo Jin.Primary coexisting adenocarcinoma of the colon and neuroendocrine tumor of the duodenum: A case report and review of the literature[J].World Journal of Gastrointestinal Surgery,2024,16(8):2724-2734.
3YAN Ruosen,ZHOU Ran,ZHANG Jinhao.The Impact of Membership in Non-Local Chambers of Commerce on Corporate Innovation:The Dual Role of Business Culture and Social Networks[J].Frontiers of Business Research in China,2024,18(1):23-41.
4XUE Qianqiang,Yiding Meng.Vertical Interoperability and the Digital Markets Act: A Critical Analysis[J].US-China Law Review,2024,21(6):221-237.
5Ming-Xia Xie,Xing-Yue Hu,Qi-Yang Wang,Zheng Ren,Yu-Bo Liu,Mei-Qing Yang,Xiao-Ye Jin,Xiao-Min Yang,Rui Wang,Chuan-Chao Wang,Jiang Huang.Genetic formation of Sui populations in southwest China[J].Journal of Systematics and Evolution,2024,62(5):1054-1067.
6Jonathan Willman,Annu Lisa Kurian,Brandon Lucke-Wold.Mechanisms of vascular injury in neurotrauma: A critical review of the literature[J].World Journal of Meta-Analysis,2024,12(3):6-16.
7Kaeri Mukora,Sixtus Jason Gabriel,Earl Pollard.The Prevalence of Smoking in Caribbean Towns and Correlation with Disease States: A Survey[J].Open Journal of Preventive Medicine,2024,14(8):163-171.
8Han Zhen,Zhou Wen'an,Han Xiaoxuan,Wu Jie.Black-box membership inference attacks based on shadow model[J].The Journal of China Universities of Posts and Telecommunications,2024,31(4):1-16.
9Max H. Faykus III,Adam Pickeral,Ethan Marquez,Melissa C. Smith,Jon C. Calhoun.Efficient Vision Transformers for Autonomous Off-Road Perception Systems[J].Journal of Computer and Communications,2024,12(9):188-207.
10Shan Li,Yu Zhao,Pan Wu,Donald Grierson,Lei Gao.Ripening and rot:How ripening processes influence disease susceptibility in fleshy fruits[J].Journal of Integrative Plant Biology,2024,66(9):1831-1863.

Journal of Information and Intelligence

2024年第5期

浏览历史

内容加载中请稍等...

A survey on membership inference attacks and defenses in machine learning

参考文献3

二级参考文献8

共引文献22

相关作者

相关机构

相关主题

浏览历史