【打印本页】      【下载PDF全文】   View/Add Comment  Download reader   Close
←前一篇|后一篇→ 过刊浏览    高级检索
本文已被:浏览 455次   下载 141 本文二维码信息
分享到: 微信 更多
(中国科学院信息工程研究所 北京 中国 100085;中国科学院大学网络空间安全学院 北京 中国 100049;中国移动信息技术中心 北京 中国 100083;新疆阿克苏地区阿克苏市公安局网安部门 新疆阿克苏 中国 843000)
关键词:  神经网络  模型反演攻击  人工智能安全
Received:September 23, 2020Revised:December 15, 2020
A Survey of Model Inversion Attack Techniques Based on Neural Networks
ZHANG Huan,HAN Yanni,ZHAO Yining,ZHANG Fan,TAN Qian,MENG Yuan
Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100085, China;School of Cyber Security, University of Chinese Academy of Science, Beijing 100049, China;China Mobile Information Technology Center, Beijing 100083, China;Cyber security department of the Public Security Bureau of Aksu City, Aksu Prefecture, Xinjiang 843000, China
In the era of big data, neural network-based model research is a mainstream direction in the field of artificial intelligence. Compared with other intelligent optimization algorithms, neural network has the advantages of strong adaptability and significant generalization ability, and is widely used in the fields of speech recognition, computer vision and natural language processing. However, as neural network plays a key role in various fields, it also causes privacy security problems such as privacy leakage and data theft. Artificial intelligence security has become a hot topic at home and abroad. Model inversion attack technique based on neural network studies how to learn and derive from the output data of neural network models to obtain information about the input data. Through in-depth mining and association analysis of the input data, important sensitive data of users may be restored, leading to more serious security problems. At the same time, the model inversion attack technology can also deduce the information about the network structure and model parameters of the neural network, which will threaten the security of the neural network model. In order to systematically understand the research progress and present situation of model inversion attack technology based on neural network, this paper makes a detailed investigation on the security problems of neural network and model inversion attack technology. Firstly, this paper introduces the concept of model inversion attack technology and common attack scenarios. Then, the challenges of model inversion attacks faced by neural networks are discussed, including original data protection, sensitive data leakage, model training privacy and other security issues. Then, two kinds of neural network model inversion attack techniques based on gradient optimization and parameter training are reviewed, various methods are compared, and the typical defense methods are summarized. Finally, the paper summarizes the whole paper and discusses the future research direction.
Key words:  neural network  model inversion attack  artificial intelligence security