| 摘要: |
| 大数据时代下,基于神经网络的模型研究是人工智能领域的一个主流方向。相比于其它的智能优化算法,神经网络具有自适应性强、泛化能力显著等优点,被广泛应用于语音识别、计算机视觉和自然语言处理等领域。然而,随着神经网络在各领域发挥关键作用的同时,也引发了隐私泄露、数据窃取等隐私安全问题。人工智能安全问题也随之成为当前国内外的研究热点。基于神经网络的模型反演攻击技术研究如何从神经网络模型输出数据中进行学习、推导,以得到有关输入数据的信息。通过对输入数据进行深度挖掘和关联分析,可能会还原出用户的重要敏感数据,从而引发更为严重的安全问题。同时,模型反演攻击技术也会推导出有关神经网络的网络结构和模型参数等信息,对神经网络模型的安全造成威胁。为了系统了解基于神经网络的模型反演攻击技术的研究进展和现状,本文对神经网络的安全问题及模型反演攻击技术研究进行了详细调研。首先,本文介绍了模型反演攻击技术的概念和常见攻击场景。然后,讨论神经网络面临的模型反演攻击挑战,包括原始数据保护、敏感数据泄露、模型训练隐私等安全问题。接着,对基于梯度优化和参数训练的两类神经网络模型反演攻击技术进行综述,对各类方法进行对比,并总结了典型的防御方法。最后总结全文并探讨了未来的研究方向。 |
| 关键词: 神经网络 模型反演攻击 人工智能安全 |
| DOI:10.19363/J.cnki.cn10-1380/tn.2022.12.14 |
| 投稿时间:2020-09-23修订日期:2020-12-15 |
| 基金项目:本课题得到2021年重庆市属本科高校与中科院所属院所合作项目(No.HZ2021015)资助。 |
|
| A Survey of Model Inversion Attack Techniques Based on Neural Networks |
| ZHANG Huan,HAN Yanni,ZHAO Yining,ZHANG Fan,TAN Qian,MENG Yuan |
| Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100085, China;School of Cyber Security, University of Chinese Academy of Science, Beijing 100049, China;China Mobile Information Technology Center, Beijing 100083, China;Cyber security department of the Public Security Bureau of Aksu City, Aksu Prefecture, Xinjiang 843000, China |
| Abstract: |
| In the era of big data, neural network-based model research is a mainstream direction in the field of artificial intelligence. Compared with other intelligent optimization algorithms, neural network has the advantages of strong adaptability and significant generalization ability, and is widely used in the fields of speech recognition, computer vision and natural language processing. However, as neural network plays a key role in various fields, it also causes privacy security problems such as privacy leakage and data theft. Artificial intelligence security has become a hot topic at home and abroad. Model inversion attack technique based on neural network studies how to learn and derive from the output data of neural network models to obtain information about the input data. Through in-depth mining and association analysis of the input data, important sensitive data of users may be restored, leading to more serious security problems. At the same time, the model inversion attack technology can also deduce the information about the network structure and model parameters of the neural network, which will threaten the security of the neural network model. In order to systematically understand the research progress and present situation of model inversion attack technology based on neural network, this paper makes a detailed investigation on the security problems of neural network and model inversion attack technology. Firstly, this paper introduces the concept of model inversion attack technology and common attack scenarios. Then, the challenges of model inversion attacks faced by neural networks are discussed, including original data protection, sensitive data leakage, model training privacy and other security issues. Then, two kinds of neural network model inversion attack techniques based on gradient optimization and parameter training are reviewed, various methods are compared, and the typical defense methods are summarized. Finally, the paper summarizes the whole paper and discusses the future research direction. |
| Key words: neural network model inversion attack artificial intelligence security |
