| 引用本文: |
-
张 欢,韩言妮,谭 倩,徐 震,胡彦杰.基于神经网络的模型反演攻击技术综述[J].信息安全学报,已采用 [点击复制]
- ZHANG Huan,HAN Yanni,TAN Qian,XU Zhen,HU Yanjie.A Survey of Model Inversion Attack Techniques Based on Neural Networks[J].Journal of Cyber Security,Accept [点击复制]
|
|
| 摘要: |
| 大数据时代下,基于神经网络的模型研究是人工智能领域的一个主流方向。相比于其它的智能优化算法,神经网络具有自适应性强、泛化能力显著等优点。基于神经网络模型的反演攻击技术研究如何从神经网络模型输出数据中进行学习、推导,以得到有关输入数据的信息。本文首先介绍了反演攻击技术的概念和常见攻击场景。然后,讨论神经网络模型中面临的反演攻击挑战,包括原始数据保护、敏感数据泄露、模型训练隐私等关键问题。接着,对基于梯度优化和参数训练的神经网络模型反演攻击技术进行综述,对各类方法进行对比,并总结了典型的防御方法。最后总结全文并探讨了未来的研究方向。 |
| 关键词: 神经网络 模型反演攻击 隐私攻击 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2022.12.14 |
| 投稿时间:2020-09-23修订日期:2020-12-15 |
| 基金项目:国家自然科学基金项目(面上项目,重点项目,重大项目) |
|
| A Survey of Model Inversion Attack Techniques Based on Neural Networks |
|
ZHANG Huan, HAN Yanni, TAN Qian, XU Zhen, HU Yanjie
|
| (Institute of Information Engineering,Chinese Academy of Sciences) |
| Abstract: |
| In the era of big data, model research based on neural network is a mainstream direction in the field of artificial intelli-gence. Compared with other intelligent optimization algorithms, neural network has the advantages of strong self-adaptability and remarkable generalization ability. The inversion attack technology based on neural network model studies how to learn and derive from the output data of neural network model to obtain information about the input data. This paper first introduces the concept of inversion attack technology and common attack scenarios. Then, it discusses the inversion attack challenges faced in the neural network model, including the key issues of original data protection, sensitive data leakage, model training privacy, etc. Then, the techniques of neural network model inversion attack based on gradient optimization and parameter training are reviewed and compared, and typical defense methods are summa-rized. Finally, the paper summarizes the whole paper and discusses the future research directions. |
| Key words: neural network model inversion attack private attack |
