计算机科学

计算机科学 ›› 2024, Vol. 51 ›› Issue (9): 401-407.doi: 10.11896/jsjkx.230600112

• 信息安全 • 上一篇    下一篇

基于注意力特征解耦的跨年龄身份成员推理

刘宇璐, 武淑红, 于丹, 马垚, 陈永乐   

  1. 太原理工大学计算机科学与技术学院(大数据学院) 山西 晋中 030600
  • 收稿日期:2023-06-13 修回日期:2024-03-03 出版日期:2024-09-15 发布日期:2024-09-10
  • 通讯作者: 武淑红(wushuhong@tyut.edu.cn)
  • 作者简介:(2893066290@qq.com)
  • 基金资助:
    山西省基础研究计划(20210302123131,20210302124395)

Cross-age Identity Membership Inference Based on Attention Feature Decomposition

LIU Yulu, WU Shuhong, YU Dan, MA Yao, CHEN Yongle   

  1. College of Computer Science and Technology(College of Data Science),Taiyuan University of Technology,Jinzhong,Shanxi 030600,China
  • Received:2023-06-13 Revised:2024-03-03 Online:2024-09-15 Published:2024-09-10
  • About author:LIU Yulu,born in 1998,postgraduate,is a student member of CCF(No.P2665G).Her main research interests include artificial intelligence security and information security.
    WU Shuhong,born in 1969,Ph.D,associate professor,master supervisor.Her main research interests include embedded systems,intelligent information processing,brain informatics and information security.
  • Supported by:
    Basic Research Program of Shanxi Province(20210302123131,20210302124395).

PDF (PC)

372

摘要: 生成对抗网络(GANs)模型可以生成高分辨率的“不存在”的物体真实图像,近期被广泛应用于各种人工合成数据,尤其是人脸图像生成领域。然而,由于基于该模型的人脸生成器通常需要根据不同身份高度敏感的面部图像进行训练,其中存在潜在数据泄露使得攻击者能够对身份成员关系进行推断的问题。为此,首先设计对查询身份所获取样本与其实际参与训练样本之间存在巨大差异时的身份成员推理攻击,这些差异会导致基于样本推理身份成员关系的性能急剧下降;其次,在此基础上设计基于各身份解耦表征的重建误差攻击方案,在最大化消除不同样本间背景姿势等因素影响的同时,消除巨大年龄跨度导致的表征差异,进一步提高了攻击性能;最后,基于3个代表性的人脸数据集在3个主流GAN架构上训练生成模型并进行攻击,实验结果表明,在各种攻击场景下,此攻击方案较对比方法AUCROC值平均提高0.2。

关键词: 身份成员推理, 人脸嵌入, 注意力特征解耦, 生成对抗网络, 人脸生成

Abstract: Generative adversarial networks(GANs) can generate high-resolution “non-existent” realistic images,so they are widely used in various artificial data synthesis scenarios,especially in the field of face image generation.However,the face generators based on these models typically require highly sensitive facial images of different identities for training,which may lead to potential data leakage enabling attackers to infer identity membership relationships.To address this issue,this study proposes an identity membership inference attack when significant difference exist between the obtained samples and the actual training samples for the queried identity,resulting in a drastic decline in the performance of identity membership inference based on samples.Subsequently,a reconstruction error attack scheme is designed based on attention feature decomposition to further enhance the attack performance.This scheme maximizes the elimination of influences from factors such as background poses between different samples,as well as mitigates the representation difference caused by a large age span.Extensive experiments are conducted on three representative face datasets,training generative models with three mainstream GAN architectures and performing the proposed attacks.Experimental results demonstrate that the proposed attack scheme achieves an average increase of 0.2 in AUCROC value compared to previous researches.

Key words: Identity membership inference, Face embedding, Attention feature decomposition, Generative adversarial networks, Face generation

中图分类号: 

  • TP309
[1]SHOKRI R,STRONATI M,SONG C,et al.Membership Infe-rence Attacks Against Machine Learning Models[C]//2017 IEEE Symposium on Security and Privacy(SP).San Jose,CA,USA:IEEE,2017:3-18.
[2]PENG C G,GAO T,LIU H L,et al.PCA-based membership inference attack for machine learning models[J].Journal on Communications,2022,43(1):149-160.
[3]ZHANG J L,ZHU C C,SUN X B,et al.Membership inference attack and defense method in federated learning based on GAN[J].Journal on Communications,2023,44(5):193-205.
[4]YANG P P,ZHANG X M.Label-based data-free membership inference attack[J].Cyber Security And Data Governance,2023,42(5):44-49.
[5]GOODFELLOW I,POUGET-ABADIE J,MIRZA M,et al.Ge-nerative adversarial nets[C]//Proceedings of the 27th International Conference on Neural Information Processing Systems-Volume 2.2014,2672-2680.
[6]LUCIC M,KURACH K,MICHALSKI M,et al.Are gans created equal? a large-scale study[C]//Proceedings of the 27th International Conference on Neural Information Processing Systems.2018:698-707.
[7]MAO X,LI Q,XIE H,et al.Least squares generative adversarial networks[C]//Proceedings of the IEEE International Confe-rence on Computer Vision.2017:2794-2802.
[8]GULRAJANI I,AHMED F,ARJOVSKY M,et al.Improvedtraining of wasserstein gans[C]//Proceedings of the 27th International Conference on Neural Information Processing Systems.2017:2234-2242.
[9]RADFORD A,METZ L,CHINTALA S.Unsupervised representation learning with deep convolutional generative adversarial networks[J].arXiv:1511.06434,2015.
[10]HAYES J,MELIS L,DANEZIS G,et al.Logan:Membership inference attacks against generative models[J].arXiv:1705.07663,2017.
[11]HILPRECHT B,HÄRTERICH M,BERNAU D.Monte Carloand Reconstruction Membership Inference Attacks against Ge-nerative Models[J].Proceedings Priv.Enhancing Technol.,2019,2019(4):232-249.
[12]CHEN D,YU N,ZHANG Y,et al.Gan-leaks:A taxonomy of membership inference attacks against generative models[C]//Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security.2020:343-362.
[13]TINSLEY P,CZAJKA A,FLYNN P.This face does not exist…but it might be yours! identity leakage in generative models[C]//Proceedings of the IEEE/CVF Winter Conference on Applications of Computer Vision.2021:1320-1328.
[14]WEBSTER R,RABIN J,SIMON L,et al.This person(probably) exists.identity membership attacks against gan generated faces[J].arXiv:2107.06018,2021.
[15]SUN Y,WANG X,TANG X.Deeply learned face representations are sparse,selective,and robust[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2015:2892-2900.
[16]HUANG Z,ZHANG J,SHAN H.When age-invariant face re-cognition meets face age synthesis:A multi-task learning framework[C]//Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition.2021:7282-7291.
[17]WANG H,WANG Y,ZHOU Z,et al.Cosface:Large margin cosine loss for deep face recognition[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2018:5265-5274.
[18]LIU Z,LUO P,WANG X,et al.Deep learning face attributes in the wild[C]//Proceedings of the IEEE International Conference on Computer Vision.2015:3730-3738.
[19]PANIS G,LANITIS A,TSAPATSOULIS N,et al.Overview of research on facial ageing using the FG-NET ageing database[J].Iet Biometrics,2016,5(2):37-46.
[20]ZHENG T,DENG W,HU J.Cross-age lfw:A database forstudying cross-age face recognition in unconstrained environments[J].arXiv:1708.08197,2017.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发