摘要
在深度学习中,成员推理攻击是指对于任意给定的样本,推断其是否属于目标模型的训练数据集。由于训练数据集中包含隐私信息,对成员推理攻击进行防御属于重要的隐私保护问题。文章首先介绍了成员推理攻击的定义和造成攻击的原因;接着详细地介绍了现有的防御算法;最后提出防御方案,并描述防御方案的防御途径。与当下最先进的成员推理攻击防御措施相比,该方案在保护成员隐私和保护模型效用之间提供了最优越的权衡。文章对所使用的方案做了详细的解释,帮助研究者更好地理解成员推理攻击及其防御,为进一步降低训练数据集的隐私风险、更好地取得模型效用和隐私安全之间的平衡性,提供了一定的参考。
Membership inference attacks in deep learning refer to inferring whether a given sample be-longs to the training dataset of a target model.Due to the presence of privacy-sensitive information in the training dataset,defending against membership inference attacks is crucial for privacy protection.This paper begins by defining membership inference attacks and elucidating the underlying reasons causing such attacks.Subsequently,existing defense algorithms are comprehensively reviewed.Final-ly,a novel defense mechanism is proposed,delineating the defensive approach adopted in this paper.Compared to state-of-the-art defenses against membership inference attacks,this method offers superi-or trade-offs between preserving member privacy and maintaining model utility.Detailed explanations of the employed techniques are provided to facilitate a better understanding of membership inference attacks and their defenses,thereby furnishing valuable insights for mitigating privacy risks in training datasets and striking a balance between model utility and privacy security.
作者
余良钊
李啸宇
周灿彬
YU Liang-zhao;LI Xiao-yu;ZHOU Can-bin(Cyberspace Institute of Advanced Technology,Guangzhou University,Guangzhou 510006,China;School of Computer Science and Cyber Engineering,Guangzhou University,Guangzhou 510006,China)
出处
《广州大学学报(自然科学版)》
CAS
2024年第5期76-84,共9页
Journal of Guangzhou University:Natural Science Edition
基金
国家自然科学基金资助项目(U1936116)。
关键词
成员推理攻击
防御技术
隐私保护
机器学习
membership inference attack
defense technology
privacy protection
machine learning
