面向机器学习的成员推理攻击综述

doi:10.11896/jsjkx.220800227

计算机科学 ›› 2023, Vol. 50 ›› Issue (1): 302-317.doi: 10.11896/jsjkx.220800227

面向机器学习的成员推理攻击综述

陈得鹏¹, 刘肖¹, 崔杰¹, 何道敬²

1 安徽大学计算机科学与技术学院合肥 230601
2 哈尔滨工业大学(深圳)计算机科学与技术学院广东深圳 518055

收稿日期:2022-08-24 修回日期:2022-10-06 出版日期:2023-01-15 发布日期:2023-01-09
通讯作者: 崔杰(cuijie@ahu.edu.cn).
作者简介:depengchen@ahu.edu.cn
基金资助:
国家自然科学基金(U1936220,61872001,62011530046)

Survey of Membership Inference Attacks for Machine Learning

CHEN Depeng¹, LIU Xiao¹, CUI Jie¹, HE Daojing²

1 School of Computer Science and Technology,Anhui University,Hefei 230601,China
2 School of Computer Science and Technology,Harbin Institute of Technology(Shenzhen),Shenzhen,Guangdong 518055,China

Received:2022-08-24 Revised:2022-10-06 Online:2023-01-15 Published:2023-01-09
About author:CHEN Depeng,born in 1988,Ph.D,lecturer,is a member of China Computer Federation.His main research interests include information security,machine leaning and IoT security.
CUI Jie,born in 1980,Ph.D,professor,Ph.D supervisor,is a member of China Computer Federation.His main research interests include applied cryptography,IoT security,vehicular ad hoc networks,cloud computing security and so on.
Supported by:
National Natural Science Foundation of China(U1936220,61872001,62011530046).

摘要/Abstract

摘要： 随着机器学习的不断发展,特别是在深度学习领域,人工智能已经融入到人们日常生活的方方面面。机器学习模型被部署到多种场景的应用中,提升了传统应用的智能化水平。然而,近年来的研究指出,用于训练机器学习模型的个人数据时常面临隐私泄露的风险。其中,成员推理攻击就是针对机器学习模型威胁用户隐私安全的一种非常重要的攻击方式。成员推理攻击的目的是判断用户数据样本是否被用于训练目标模型(如在医疗、金融等领域的用户数据),从而直接干涉到用户隐私信息。首先介绍了成员推理攻击的相关背景知识,随后对现有的成员推理攻击按照攻击者是否拥有影子模型进行分类,并对成员推理攻击在不同领域的威胁进行了相应的总结。其次,介绍了应对成员推理攻击的防御手段,对现有的防御机制按照模型过拟合、基于模型压缩和基于扰动等策略进行分类和总结。最后,对现有的成员推理攻击和防御机制的优缺点进行了分析,并提出了成员推理攻击的一些潜在的研究方向。

关键词: 机器学习, 隐私保护, 成员推理攻击, 防御机制

Abstract: Artificial intelligence has been integrated into all aspects of people's daily lives with the continuous development of machine learning,especially in the deep learning area.Machine learning models are deployed in various applications,enhancing the intelligence of traditional applications.However,in recent years,research has pointed out that personal data used to train machine learning models is vulnerable to the risk of privacy disclosure.Membership inference attacks(MIAs) are significant attacks against the machine learning model that threatens users' privacy.MIA aims to judge whether user data samples are used to train the target model.When the data is closely related to the individual,such as in medical,financial,and other fields,it directly interferes with the user's private information.This paper first introduces the background knowledge of membership inference attacks.Then,we classify the existing MIAs according to whether the attacker has a shadow model.We also summarize the threats of MIAs in different fields.Also,this paper points out the defense means against MIAs.The existing defense mechanisms are classified and summarized according to the strategies for preventing model overfitting,model-based compression,and disturbance.Finally,this paper analyzes the advantages and disadvantages of the current MIAs and defense mechanisms and proposes possible research directions for future MIAs.

Key words: Machine learning, Privacy-preserving, Membership inference attack, Defense mechanism

中图分类号:

TP391

陈得鹏, 刘肖, 崔杰, 何道敬. 面向机器学习的成员推理攻击综述[J]. 计算机科学, 2023, 50(1): 302-317. https://doi.org/10.11896/jsjkx.220800227

CHEN Depeng, LIU Xiao, CUI Jie, HE Daojing. Survey of Membership Inference Attacks for Machine Learning[J]. Computer Science, 2023, 50(1): 302-317. https://doi.org/10.11896/jsjkx.220800227

参考文献

[1]CHEN X,CHO Y H,DOU Y,et al.Predicting Future Earnings Changes Using Machine Learning and Detailed Financial Data[J].Journal of Accounting Research,2022,60(2):467-515.
[2]ZHANG Z,YAN C,MALIN B A.Membership Inference At-tacks against Synthetic Health Data [J].Journal of Biomedical Informatics,2022,125:103977.
[3]PYRGELIS A,TRONCOSO C,CRISTOFARO E D.Knock Knock,Who's There? Membership Inference on Aggregate Location Data[J].arXiv:1708.06145,2017.
[4]TABASSI E,BURNS K,HADJIMICHAEL M,et al.A Taxonomy and Terminology of Adversarial Machine Learning[OL].https://doi.org/10.6028/NIST.IR.8269-draft.
[5]WACHTER S,MITTELSTADT B,FLORIDI L.Why a Right to Explanation of Automated Decision-Making Does Not Exist in the General Data Protection Regulation [J].International Data Privacy Law,2017,7(2):76-99.
[6]SHOKRI R,STRONATI M,SONG C,et al.Membership Inference Attacks against Machine Learning Models [C]//Sympo-sium on Security and Privacy.2017:3-18.
[7]LONG Y,BINDSCHAEDLER V,LEI W,et al.Understanding Membership Inferences on Well-Generalized Learning Models [J].arXiv:1802.04889,2018.
[8]IROLLA P,CHTEL G.Demystifying the Membership Inference Attack [C]//Conference on Cybersecurity and Privacy.2019:1-7.
[9]SALEM A,ZHANG Y,HUMBERT M,et al.ML-Leaks:Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models [C]//Network and Distri-buted System Security Symposium.2019:1-15.
[10]REZAEI S,LIU X.An Efficient Subpopulation-based Membership Inference Attack[J].arXiv:2203.02080,2022.
[11]LIU G,WANG C,PENG K,et al.SocInf:Membership Infe-rence Attacks on Social Media Health Data With Machine Learning [J].IEEE Transactions on Computational Social Systems,2019,6(5):907-921.
[12]TRUEX S,LIU L,GURSOY M E,et al.Demystifying Membership Inference Attacks in Machine Learning as a Service [J].IEEE Transactions on Services Computing,2019,14(6):2073-2089.
[13]SABLAYROLLES A,DOUZE M,OLLIVIER Y,et al.White-box vs Black-box:Bayes Optimal Strategies for Membership Inference [C]//Proceedings of International Conference on Machine Learning.2019:5558-5567.
[14]NASR M,SHOKRI R,HOUMANSADR A.Comprehensive Privacy Analysis of Deep Learning:Passive and Active White-box Inference Attacks against Centralized and Federated Learning [C]//Symposium on Security and Privacy.2019:739-753.
[15]SONG L,SHOKRI R,MITTAL P.Privacy Risks of Securing Machine Learning Models against Adversarial Examples [C]//Proceedings of ACM SIGSAC Conference on Computer and Communications Security.2019:241-257.
[16]LI G,REZAEI S,LIU X.User-Level Membership Inference Attack against Metric Embedding Learning [J].arXiv:2203.02077,2022.
[17]LIU H,JIA J,QU W,et al.EncoderMI:Membership Inference against Pre-trained Encoders in Contrastive Learning [C]//Proceedings of ACM SIGSAC Conference on Computer and Communications Security.2021:2081-2095.
[18]LI Z,ZHANG Y.Membership Leakage in Label-Only Expo-sures [C]//Proceedings of ACM SIGSAC Conference on Computer and Communications Security.2021:880-895.
[19]SONG L,MITTAL P.Systematic Evaluation of Privacy Risks of Machine Learning Models [C]//Proceedings of USENIX Secu-rity Symposium.2021:2615-2632.
[20]RAHIMIAN S,OREKONGDY T.Differential Privacy Defenses and Sampling Attacks for Membership Inference [C]//Procee-dings of ACM Workshop on Artificial Intelligence and Security.2021:193-202.
[21]HUI B,YANG Y,YUAN H,et al.Practical Blind Membership Inference Attack via Differential Comparisons[C]//Network and Distributed System Security Symposium.2021:1-17.
[22]LEINO K,FREDRIKSON M.Stolen Memories:LeveragingModel Memorization for Calibrated White-Box Membership Inference [C]//Proceedings of USENIX Security Symposium.2020:1605-1622.
[23]CHOO C C A,TRAMER F,CARLINI N,et al.Label-OnlyMembership Inference Attacks [C]//Proceedings of International Conference on Machine Learning.2021:1964-1967.
[24]JIA J,SALEM A,BACKES M,et al.MemGuard:Defendingagainst Black-Box Membership Inference Attacks via Adversa-rial Examples[C]//Proceedings of ACM SIGSAC Conference on Computer and Communications Security.2019:259-274.
[25]YEOM S,GIACOMELLI I,FREDRIKSON M,et al.PrivacyRisk in Machine Learning:Analyzing the Connection to Overfitting [C]//IEEE Computer Security Foundations Symposium.2018:268-282.
[26]REZAEI S,SHAFIQ Z,LIU X.Accuracy-Privacy Trade-off in Deep Ensemble:A Membership Inference Perspective [J].ar-Xiv:2105.05381,2021.
[27]GROSSO G D,JALALZAI H,PICHLER G,et al.LeveragingAdversarial Examples to Quantify Membership Information Leakage [C]//Proceedings of IEEE Conference on Computer Vision and Pattern Recognition.2022:1-13.
[28]SHAFRAN A,PELEG S,HOSHEN Y.Membership Inference Attacks are Easier on Difficult Problems [C]//International Conference on Computer Vision.2021:14820-14829.
[29]YUAN X,ZHANG L.Membership Inference Attacks and Defenses in Neural Network Pruning [C]//Proceedings of USENIX Security Symposium.2022:4561-4578.
[30]HAYES J,MELIS L,DANEZIS G,et al.LOGAN:Membership Inference Attacks Against Generative Models [J].Proceedings on Privacy Enhancing Technologies,2019,(1):133-135.
[31]HILPRECHT B,HRTERICH M,BERNAU D.Reconstruction and Membership Inference Attacks against Generative Models [J].Proceedings Privacy Enhancing Technologies,2019,(4):232-249.
[32]LIU K S,XIAO C,LI B,et al.Performing Co-Membership Attacks Against Deep Generative Models [C]//International Conference on Data Mining.2019:459-467.
[33]CHEN D,YU N,ZHANG Y,et al.GAN-Leaks:A Taxonomy of Membership Inference Attacks against Generative Models [C]//Proceedings of ACM SIGSAC Conference on Computer and Communications Security.2020:343-362.
[34]WEBSTER R,RABIN J,SIMON L,et al.This Person(Probably) Exists.Identity Membership Attacks Against GAN Gene-rated Faces [J].arXiv:2107.06018,2021.
[35]HU H,PANG J.Membership Inference Attacks against GANs by Leveraging Over-representation Regions [C]//Proceedings of ACM SIGSAC Conference on Computer and Communications Security.2021:2387-2389.
[36]CHEN J,ZHANG J,ZHAO Y,et al.Beyond Model-Level Membership Privacy Leakage:an Adversarial Approach in Federated Learning [C]//International Conference on Computer Communications and Networks.2020:1-9.
[37]MELIS L,SONG C,CRISTOFARO E D,et al.Exploiting Unintended Feature Leakage in Collaborative Learning [C]//IEEE Symposium on Security and Privacy.Piscataway,2019:691-706.
[38]ZHANG J,ZHANG J,CHEN J,et al.GAN Enhanced Membership Inference:A Passive Local Attack in Federated Learning [C]//IEEE International Conference on Communications.2020:1-6.
[39]HU H,SALCIC Z,SUN L,et al.Source Inference Attacks in Federated Learning [C]//IEEE International Conference on Data Mining.2021:1102-1107.
[40]PICHLER G,ROMANELLI M,VEGA L R,et al.Perfectly Accurate Membership Inference by a Dishonest Central Server in Federated Learning [J].arXiv:2203.16463,2022.
[41]CHEN H,LI H,DONG G,et al.Practical Membership Inference Attack Against Collaborative Inference in Industrial IoT [J].IEEE Transactions on Industrial Informatics,2020,18(1):477-487.
[42]ZHANG G,LIU B,ZHU T,et al.Label-Only Membership Inference Attacks and Defenses in Semantic Segmentation Models [J/OL].IEEE Transactions on Dependable and Secure Computing.https://ieeexplore.ieee.org/abstract/document/9723588.
[43]HE Y,RAHIMIAN S,SCHIELE B,et al.Segmentations-Leak:Membership Inference Attacks and Defenses in Semantic Image Segmentation [C]//European Conference on Computer Vision.2020:519-535.
[44]ZHANG M,REN Z,WANG Z,et al.Membership Inference Attacks Against Recommender Systems [C]//Proceedings of ACM SIGSAC Conference on Computer and Communications Security.2021:864-879.
[45]WANG Y,HUANG L,YU P S,et al Membership Inference Attacks on Knowledge Graphs [J].arXiv:2104.08273,2021.
[46]SHAH M A,SZURLEY J,MUELLER M,et al.Evaluating the Vulnerability of End-to-End Automatic Speech Recognition Models to Membership Inference Attacks [C]//Interspeech.2021:891-895.
[47]MIAO Y,XUE M,CHEN C,et al.The Audio Auditor:User-Level Membership Inference in Internet of Things Voice Ser-vices [C]//Proceedings on Privacy Enhancing Technologies.2021:209-228.
[48]OLATUNJI I E,NEJDL W,KHOSLA M.Membership Infe-rence Attack on Graph Neural Networks [J].arXiv:2101.06570,2021.
[49]WU B,YANG X,PAN S,et al.Adapting Membership Inference Attacks to GNN for Graph Classification:Approaches and Implications [C]//IEEE International Conference on Data Mining.2021:1421-1426.
[50]HE X,WEN R,WU Y,et al.Node-Level Membership Inference Attacks Against Graph Neural Networks [J].arXiv:2102.05429,2021.
[51]ZHANG Z,CHEN M,BACKES M,et al.Inference Attacksagainst Graph Neural Networks [C]//Proceedings of USENIX Security Symposium.2022:1-18.
[52]DUDDU V,BOUTET A,SHEJWALKAR V.Quantifying Privacy Leakage in Graph Embedding [C]//International Confe-rence on Mobile and Ubiquitous Systems:Computing,Networking and Services.2020:76-85.
[53]SONG C,RAGHUNATHAN A.Information Leakage in Em-bedding Models [C]//Proceedings of ACM SIGSAC Conference on Computer and Communications Security.2020:377-390.
[54]HISAMOTO S,POST M,DUH K.Membership Inference At-tacks on Sequence-to-Sequence Models:Is My Data in Your Machine Translation System? [J].Transactions of the Association for Computational Linguistics,2020,8:49-63.
[55]YANG Y,GOHARI P,TOPCU U.On The Vulnerability of Recurrent Neural Networks to Membership Inference Attacks[J].arXiv:2110.03054,2021.
[56]THOMAS A,ADELANI D I,DAVODY A,et al.Investigating the Impact of Pre-trained Word Embeddings on Memorization in Neural Networks [C]//International Conference on Text,Speech,and Dialogue.2020:273-281.
[57]MAHLOUJIFAR S,INAN H A,CHASE M,et al.Membership Inference on Word Embedding and Beyond [J].arXiv:2106.11384,2021.
[58]MIRESHGHALLAH F,GOYAL K,UNIYAL A,et al.Quantifying Privacy Risks of Masked Language Models Using Membership Inference Attacks [J].arXiv:2203.03929,2022.
[59]CHEN J,WANG W H,SHI X.Differential Privacy Protection Against Membership Inference Attack on Machine Learning for Genomic Data [C]//Proceedings of the Pacific Symposium.2020:26-37.
[60]BAGMAR A,MAIYA S R,BIDWALKA S,et al.Membership Inference Attacks on Lottery Ticket Networks [J].arXiv:2108.03506,2021
[61]GUPTA U,STRIPELIS D,LAM P K,et al.Membership Infe-rence Attacks on Deep Regression Models for Neuroimaging [C]//Proceedings of the Fourth Conference on Medical Imaging with Deep Learning.2021:228-251.
[62]JAGANNATHA A,RAWAT B,YU H.Membership Inference Attack Susceptibility of Clinical Language Models [J].arXiv:2104.08305,2021.
[63]YE J,MADDI A,MURAKONDA S K,et al.Enhanced Membership Inference Attacks against Machine Learning Models [J].arXiv:2111.09679,2021.
[64]ZOU Y,ZHANG Z,BACKES M,et al.Privacy Analysis of Deep Learning in the Wild:Membership Inference Attacks against Transfer Learning [J].arXiv:2009.04872,2020.
[65]CHEN C,WU B,QIU M,et al.A Comprehensive Analysis of Information Leakage in Deep Transfer Learning [J].arXiv:2009.01989,2020.
[66]REZAEI S,LIU X.On the Difficulty of Membership Inference Attacks [C]//Proceedings of IEEE Conference on Computer Vision and Pattern Recognition.2021:7892-7900.
[67]HINTERSDORF D,STRUPPEK L,KERSTING K.Do NotTrust or Not To Trust Prediction Scores for MembershipInfe-rence Attacks [J].arXiv:2111.09076,2021.
[68]LI J,LI N,RIBEIRO B.Membership Inference Attacks and Defenses in Classification Models [C]//Proceedings of the Ele-venth ACM Conference on Data and Application Security and Privacy.2021:5-16.
[69]SRIVASTAVA N,HINTON G,KRIZHEVSKY A,et al.Dropout:A Simple Way to Prevent Neural Networks from Overfitting [J].Journal of Machine Learning Research,2014,15(1):1929-1958.
[70]CARUANA R,LAWRENCE S,GILES C.Overfitting in Neural Nets:Backpropagation,Conjugate Gradient,and Early Stopping[C]//Neural Information Proceedings Systems.2000:402-408.
[71]HINTON G,VINYALS O,DEAN J.Distilling the Knowledge in a Neural Network [J].Computer Science,2015,14(7):38-39.
[72]KAYA Y,DUMITRAS T.When Does Data AugmentationHelpwith Membership Inference Attacks? [C]//International Conference on Machine Learning.2021:5345-5355.
[73]YU D,ZHANG H,CHEN W,et al.How Does Data Augmentation Affect Privacy in Machine Learning? [C]//Proceedings of AAAI Conference on Artificial Intelligence.2021:10746-10753.
[74]KAYA Y,HONG S,DUMITRAS T.On the Effectiveness of Regularization Against Membership Inference Attacks [J].ar-Xiv:2006.05336,2020.
[75]NASR M,SHOKRI R,HOUMANSADR A.Machine Learning with Membership Privacy using Adversarial Regularization[C]//Proceedings of ACM SIGSAC Conference on Computer and Communications Security.2018:634-646.
[76]CHEN D,YU N,FRITZ M.RelaxLoss:Defending Membership Inference Attacks without Losing Utility [C]//Proceedings of International Conference on Learning Representations.2022:1-28.
[77]LIU Y,WEN R,HE X,et al.ML-Doctor:Holistic Risk Assessment of Inference Attacks Against Machine Learning Models [C]//Proceedings of USENIX Security Symposium.2021:4525-4542.
[78]ZHENG J,CAO Y,WANG H.Resisting Membership Inference Attacks through Knowledge Distillation [J].Neurocomputing,2021,452(3):114-126.
[79]SHEJWALKAR V,HOUMANSADR A.Membership Privacyfor Machine Learning Models Through Knowledge Transfer [J].arXiv:1906.06589,2019.
[80]WANG Y,WANG C,WANG Z,et al.Against Membership Inference Attack:Pruning is All You Need [C]//International Joint Conference on Artificial Intelligence.2021:3141-3147.
[81]DWORK C,ROTH A.The algorithmic foundations of differen-tial privacy [J].Foundations Trends in Theoretical Computer Science,2014,9(3/4):211-407.
[82]ABADI M,CHU A,GOODFELLOW I,et al.Deep Learningwith Differential Privacy [C]//Proceedings of ACM SIGSAC Conference on Computer and Communications Security.2016:308-318.
[83]RAHMAN M A,RAHMAN T,LAGANIÈRE R,et al.Membership Inference Attack against Differentially Private Deep Learning Model [J].Transactions on Data Privacy,2018,11(1):61-79.
[84]JAGIELSKI M,ULLMAN J,OPREA A.Auditing Differentially Private Machine Learning:How Private is Private SGD?[C]//Conference on Neural Information Proceedings Systems.2020:22205-22216.
[85]TRUEX S,LIU L,GURSOY M E,et al.Effects of Differential Privacy and Data Skewness on Membership Inference Vulnerability[C]//IEEE International Conference on Trust,Privacy and Security in Intelligent Systems and Applications.2019:82-91.
[86]NASERI M,HAYES J,CRISTOFARO E D.Local and Central Differential Privacy for Robustness and Privacy in Federated Learning [J].arXiv:2009.03561,2020.
[87]BERNAU D,ROBL J,GRASSAL P W,et al.Comparing Local and Central Differential Privacy Using Membership Inference Attacks[C]//Annual Conference on Data and Applications Security and Privacy.2021:22-42.
[88]JAYARAMAN B,EVANS D.Evaluating Differentially Private Machine Learning in Practice [C]//Proceedings of USENIX Security Symposium.2019:1895-1912.
[89]ZHANG B,YU R,SUN H,et al.Privacy for All:DemystifyVulnerability Disparity of Differential Privacy against Membership Inference Attack [J].arXiv:2001.08855,2020.
[90]XIONG A,WANG T,LI N,et al.Towards Effective Differential Privacy Communication for Users′ Data Sharing Decision and Comprehension [C]//IEEE Symposium on Security and Privacy.2020:392-410.
[91]NASR M,SONG S,THAKURTA A,et al.Adversary Instantiation:Lower Bounds for Differentially Private Machine Learning [C]//IEEE Symposium on Security and Privacy.2021:866-882.
[92]CHEN Q,XIANG C,XUE M,et al.Differentially Private Data Generative Models [J].arXiv:1812.02274,2018.
[93]WUNDERLICH D,BERNAU D,ALDÀ F,et al.On the Privacy-utility Trade-off in Differentially Private Hierarchical Text Classification [J].arXiv:2103.02895,2021.
[94]HUMPHRIES T,RAFUSE M,TULLOCH L,et al.Differen-tially Private Learning Does Not Bound Membership Inference [J].arXiv:2010.12112,2020.
[95]MAHLOUJIFAR S,SABLAYROLLES A,CORMODE G,et al.Optimal Membership Inference Bounds for Adaptive Composition of Sampled Gaussian Mechanisms [J].arXiv:2204.06106,2022.
[96]LIU B,DING M,SHAHAM S,et al.When Machine Learning Meets Privacy:A Survey and Outlook[J].ACM Computing Surveys,2021,54(2):1-36.
[97]YANG Z,SHAO B,XUAN B,et al.Defending Model Inversion and Membership Inference Attacks via Prediction Purification [J].arXiv:2005.03915,2020.
[98]HOU J,QIAN J,WANG Y,et al.ML Defense:against Prediction API Threats in Cloud-based Machine Learning Service [C]//Proceedings of the International Symposium on Quality of Service.2019:1-10.
[99]HANZLIK L,ZHANG Y,GROSSE K,et al.MLCapsule:Guar-ded Offline Deployment of Machine Learning as a Service [C]//Proceedings of IEEE Conference on Computer Vision and Pattern Recognition.2021:3300-3309.
[100]WU B,ZHAO S,CHEN C,et al.Generalization in Generative Adversarial Networks:A Novel Perspective from Privacy Protection[C]//Advances in Neural Information Proceedings Systems 32.2019:1-11.
[101]MUKHERJEE S,XU Y,TRIVEDI A,et al.privGAN:Protecting GANs from Membership Inference Attacks at Low Cost to Utility[J].Proceedings on Privacy Enhancing Technologies,2021(3):142-163.
[102]PAUL W,CAO Y,ZHANG M,et al.Defending Medical Image Diagnostics against Privacy Attacks using Generative Methods[J].arXiv:2103.03078,2021.
[103]WEBSTER R,RABIN J,SIMON L,et al.Generating Private Data Surrogates for Vision Related Tasks[C]//International Conference on Pattern Recognition.2021:263-269.
[104]HU L,LI J,LIN G,et al.Defending against Membership Infe-rence Attacks with High Utility by GAN [J/OL].IEEE Transactions on Dependable and Secure Computing.https://ieeexplore.ieee.org/document/9773984/authors#authors.
[105]YANG R,MA J,MIAO Y,et al.Privacy-preserving Generative Framework Against Membership Inference Attacks [J].arXiv:2202.05469,2022.
[106]ALVAR S R,WANG L,PEI J,et al.Membership Privacy Protection for Image Translation Models via Adversarial Knowledge Distillation [J].arXiv:2203.05212,2022.
[107]CHEN J,WANG W,GAO H,et al.PAR-GAN:Improving the Generalization of Generative Adversarial Networks Against Membership Inference Attacks [C]//Proceedings of ACM SIGKDD Conference on Knowledge Discovery & Data Mining.2021:127-137.
[108]PAPERNOT N,ABADI M,ERLINGSSON L,et al.Semi-supervised Knowledge Transfer for Deep Learning from Private Training Data [J].arXiv:1610.05755,2016.
[109]PAPERNOT N,SONG S,MIRONOV I,et al.Scalable Private Learning with PATE [J].arXiv:1802.08908,2018.
[110]SAEIDIAN S,CERVIA G,OECHTERING T J,et al.Quanti-fying Membership Privacy via Information Leakage [J].IEEE Transactions on Information Forensics and Security,2021,16:3096-3108.
[111]HUANG H,LUO W,ZENG G,et al.DAMIA:Leveraging Domain Adaptation as a Defense against Membership Inference Attacks [J].IEEE Transactions on Dependable and Secure Computing,2022,19(5):3183-3199.
[112]TOPLE S,SHARMA A,NORI A.Alleviating Privacy Attacks via Causal Learning[C]//Proceedings of International Confe-rence on Machine Learning.2020:9537-9547.
[113]YIN Y,CHEN K,SHOU L,et al.Defending Privacy Against More Knowledgeable Membership Inference Attackers [C]//Proceedings of ACM SIGKDD Conference on Knowledge Discovery & Data Mining.2021:2026-2036.
[114]LEE H,KIM J,AHN S,et al.Digestive neural networks:A novel defense strategy against inference attacks in federated lear-ning[J].Computers & Security,2021,109:102378.
[115]TANG X,MAHLOUJIFAR S,SONG L,et al.Mitigating Membership Inference Attacks by Self-Distillation Through a Novel Ensemble Architecture [J].arXiv:2110.08324,2021.
[116]JARIN I,ESHETE B.MIAShield:Defending Membership Infe-rence Attacks via Preemptive Exclusion of Members [J].arXiv:2203.00915,2022.

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed

面向机器学习的成员推理攻击综述

Survey of Membership Inference Attacks for Machine Learning

PDF (PC)

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

Metrics

本文评价

推荐阅读 0

[1]	王艺潭, 王一舒, 袁野. 学习索引研究综述 Survey of Learned Index 计算机科学, 2023, 50(1): 1-8. https://doi.org/10.11896/jsjkx.211000149
[2]	徐苗苗, 陈珍萍. 基于对称加密和双层真值发现的连续群智感知激励机制 Incentive Mechanism for Continuous Crowd Sensing Based Symmetric Encryption and Double Truth Discovery 计算机科学, 2023, 50(1): 294-301. https://doi.org/10.11896/jsjkx.220400101
[3]	鲁晨阳, 邓苏, 马武彬, 吴亚辉, 周浩浩. 基于分层抽样优化的面向异构客户端的联邦学习 Federated Learning Based on Stratified Sampling Optimization for Heterogeneous Clients 计算机科学, 2022, 49(9): 183-193. https://doi.org/10.11896/jsjkx.220500263
[4]	冷典典, 杜鹏, 陈建廷, 向阳. 面向自动化集装箱码头的AGV行驶时间估计 Automated Container Terminal Oriented Travel Time Estimation of AGV 计算机科学, 2022, 49(9): 208-214. https://doi.org/10.11896/jsjkx.210700028
[5]	宁晗阳, 马苗, 杨波, 刘士昌. 密码学智能化研究进展与分析 Research Progress and Analysis on Intelligent Cryptology 计算机科学, 2022, 49(9): 288-296. https://doi.org/10.11896/jsjkx.220300053
[6]	汤凌韬, 王迪, 张鲁飞, 刘盛云. 基于安全多方计算和差分隐私的联邦学习方案 Federated Learning Scheme Based on Secure Multi-party Computation and Differential Privacy 计算机科学, 2022, 49(9): 297-305. https://doi.org/10.11896/jsjkx.210800108
[7]	吕由, 吴文渊. 隐私保护线性回归方案与应用 Privacy-preserving Linear Regression Scheme and Its Application 计算机科学, 2022, 49(9): 318-325. https://doi.org/10.11896/jsjkx.220300190
[8]	何强, 尹震宇, 黄敏, 王兴伟, 王源田, 崔硕, 赵勇. 基于大数据的进化网络影响力分析研究综述 Survey of Influence Analysis of Evolutionary Network Based on Big Data 计算机科学, 2022, 49(8): 1-11. https://doi.org/10.11896/jsjkx.210700240
[9]	李瑶, 李涛, 李埼钒, 梁家瑞, Ibegbu Nnamdi JULIAN, 陈俊杰, 郭浩. 基于多尺度的稀疏脑功能超网络构建及多特征融合分类研究 Construction and Multi-feature Fusion Classification Research Based on Multi-scale Sparse Brain Functional Hyper-network 计算机科学, 2022, 49(8): 257-266. https://doi.org/10.11896/jsjkx.210600094
[10]	张光华, 高天娇, 陈振国, 于乃文. 基于N-Gram静态分析技术的恶意软件分类研究 Study on Malware Classification Based on N-Gram Static Analysis Technology 计算机科学, 2022, 49(8): 336-343. https://doi.org/10.11896/jsjkx.210900203
[11]	陈明鑫, 张钧波, 李天瑞. 联邦学习攻防研究综述 Survey on Attacks and Defenses in Federated Learning 计算机科学, 2022, 49(7): 310-323. https://doi.org/10.11896/jsjkx.211000079
[12]	李亚茹, 张宇来, 王佳晨. 面向超参数估计的贝叶斯优化方法综述 Survey on Bayesian Optimization Methods for Hyper-parameter Tuning 计算机科学, 2022, 49(6A): 86-92. https://doi.org/10.11896/jsjkx.210300208
[13]	赵璐, 袁立明, 郝琨. 多示例学习算法综述 Review of Multi-instance Learning Algorithms 计算机科学, 2022, 49(6A): 93-99. https://doi.org/10.11896/jsjkx.210500047
[14]	肖治鸿, 韩晔彤, 邹永攀. 基于多源数据和逻辑推理的行为识别技术研究 Study on Activity Recognition Based on Multi-source Data and Logical Reasoning 计算机科学, 2022, 49(6A): 397-406. https://doi.org/10.11896/jsjkx.210300270
[15]	姚烨, 朱怡安, 钱亮, 贾耀, 张黎翔, 刘瑞亮. 一种基于异质模型融合的 Android 终端恶意软件检测方法 Android Malware Detection Method Based on Heterogeneous Model Fusion 计算机科学, 2022, 49(6A): 508-515. https://doi.org/10.11896/jsjkx.210700103