Computer Science

Computer Science ›› 2024, Vol. 51 ›› Issue (9): 401-407.doi: 10.11896/jsjkx.230600112

• Information Security • Previous Articles     Next Articles

Cross-age Identity Membership Inference Based on Attention Feature Decomposition

LIU Yulu, WU Shuhong, YU Dan, MA Yao, CHEN Yongle   

  1. College of Computer Science and Technology(College of Data Science),Taiyuan University of Technology,Jinzhong,Shanxi 030600,China
  • Received:2023-06-13 Revised:2024-03-03 Online:2024-09-15 Published:2024-09-10
  • About author:LIU Yulu,born in 1998,postgraduate,is a student member of CCF(No.P2665G).Her main research interests include artificial intelligence security and information security.
    WU Shuhong,born in 1969,Ph.D,associate professor,master supervisor.Her main research interests include embedded systems,intelligent information processing,brain informatics and information security.
  • Supported by:
    Basic Research Program of Shanxi Province(20210302123131,20210302124395).

PDF (PC)

368

Abstract: Generative adversarial networks(GANs) can generate high-resolution “non-existent” realistic images,so they are widely used in various artificial data synthesis scenarios,especially in the field of face image generation.However,the face generators based on these models typically require highly sensitive facial images of different identities for training,which may lead to potential data leakage enabling attackers to infer identity membership relationships.To address this issue,this study proposes an identity membership inference attack when significant difference exist between the obtained samples and the actual training samples for the queried identity,resulting in a drastic decline in the performance of identity membership inference based on samples.Subsequently,a reconstruction error attack scheme is designed based on attention feature decomposition to further enhance the attack performance.This scheme maximizes the elimination of influences from factors such as background poses between different samples,as well as mitigates the representation difference caused by a large age span.Extensive experiments are conducted on three representative face datasets,training generative models with three mainstream GAN architectures and performing the proposed attacks.Experimental results demonstrate that the proposed attack scheme achieves an average increase of 0.2 in AUCROC value compared to previous researches.

Key words: Identity membership inference, Face embedding, Attention feature decomposition, Generative adversarial networks, Face generation

CLC Number: 

  • TP309
[1]SHOKRI R,STRONATI M,SONG C,et al.Membership Infe-rence Attacks Against Machine Learning Models[C]//2017 IEEE Symposium on Security and Privacy(SP).San Jose,CA,USA:IEEE,2017:3-18.
[2]PENG C G,GAO T,LIU H L,et al.PCA-based membership inference attack for machine learning models[J].Journal on Communications,2022,43(1):149-160.
[3]ZHANG J L,ZHU C C,SUN X B,et al.Membership inference attack and defense method in federated learning based on GAN[J].Journal on Communications,2023,44(5):193-205.
[4]YANG P P,ZHANG X M.Label-based data-free membership inference attack[J].Cyber Security And Data Governance,2023,42(5):44-49.
[5]GOODFELLOW I,POUGET-ABADIE J,MIRZA M,et al.Ge-nerative adversarial nets[C]//Proceedings of the 27th International Conference on Neural Information Processing Systems-Volume 2.2014,2672-2680.
[6]LUCIC M,KURACH K,MICHALSKI M,et al.Are gans created equal? a large-scale study[C]//Proceedings of the 27th International Conference on Neural Information Processing Systems.2018:698-707.
[7]MAO X,LI Q,XIE H,et al.Least squares generative adversarial networks[C]//Proceedings of the IEEE International Confe-rence on Computer Vision.2017:2794-2802.
[8]GULRAJANI I,AHMED F,ARJOVSKY M,et al.Improvedtraining of wasserstein gans[C]//Proceedings of the 27th International Conference on Neural Information Processing Systems.2017:2234-2242.
[9]RADFORD A,METZ L,CHINTALA S.Unsupervised representation learning with deep convolutional generative adversarial networks[J].arXiv:1511.06434,2015.
[10]HAYES J,MELIS L,DANEZIS G,et al.Logan:Membership inference attacks against generative models[J].arXiv:1705.07663,2017.
[11]HILPRECHT B,HÄRTERICH M,BERNAU D.Monte Carloand Reconstruction Membership Inference Attacks against Ge-nerative Models[J].Proceedings Priv.Enhancing Technol.,2019,2019(4):232-249.
[12]CHEN D,YU N,ZHANG Y,et al.Gan-leaks:A taxonomy of membership inference attacks against generative models[C]//Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security.2020:343-362.
[13]TINSLEY P,CZAJKA A,FLYNN P.This face does not exist…but it might be yours! identity leakage in generative models[C]//Proceedings of the IEEE/CVF Winter Conference on Applications of Computer Vision.2021:1320-1328.
[14]WEBSTER R,RABIN J,SIMON L,et al.This person(probably) exists.identity membership attacks against gan generated faces[J].arXiv:2107.06018,2021.
[15]SUN Y,WANG X,TANG X.Deeply learned face representations are sparse,selective,and robust[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2015:2892-2900.
[16]HUANG Z,ZHANG J,SHAN H.When age-invariant face re-cognition meets face age synthesis:A multi-task learning framework[C]//Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition.2021:7282-7291.
[17]WANG H,WANG Y,ZHOU Z,et al.Cosface:Large margin cosine loss for deep face recognition[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition.2018:5265-5274.
[18]LIU Z,LUO P,WANG X,et al.Deep learning face attributes in the wild[C]//Proceedings of the IEEE International Conference on Computer Vision.2015:3730-3738.
[19]PANIS G,LANITIS A,TSAPATSOULIS N,et al.Overview of research on facial ageing using the FG-NET ageing database[J].Iet Biometrics,2016,5(2):37-46.
[20]ZHENG T,DENG W,HU J.Cross-age lfw:A database forstudying cross-age face recognition in unconstrained environments[J].arXiv:1708.08197,2017.
[1] XING Kaiyan, CHEN Wen. Multi-generator Active Learning Algorithm Based on Reverse Label Propagation and ItsApplication in Outlier Detection [J]. Computer Science, 2024, 51(4): 359-365.
[2] WU Guibin, YANG Zongyuan, XIONG Yongping, ZHANG Xing, WANG Wei. Seal Removal Based on Generative Adversarial Gated Convolutional Network [J]. Computer Science, 2024, 51(1): 198-206.
[3] SONG Xinyang, YAN Zhiyuan, SUN Muyi, DAI Linlin, LI Qi, SUN Zhenan. Review of Talking Face Generation [J]. Computer Science, 2023, 50(8): 68-78.
[4] YAN Yan, SUI Yi, SI Jianwei. Remote Sensing Image Pan-sharpening Method Based on Generative Adversarial Network [J]. Computer Science, 2023, 50(8): 133-141.
[5] WANG Jinwei, ZENG Kehui, ZHANG Jiawei, LUO Xiangyang, MA Bin. GAN-generated Face Detection Based on Space-Frequency Convolutional Neural Network [J]. Computer Science, 2023, 50(6): 216-224.
[6] LIANG Weiliang, LI Yue, WANG Pengfei. Lightweight Face Generation Method Based on TransEditor and Its Application Specification [J]. Computer Science, 2023, 50(2): 221-230.
[7] XU Guo-ning, CHEN Yi-peng, CHEN Yi-ming, CHEN Jin-yin, WEN Hao. Data Debiasing Method Based on Constrained Optimized Generative Adversarial Networks [J]. Computer Science, 2022, 49(6A): 184-190.
[8] XU Hui, KANG Jin-meng, ZHANG Jia-wan. Digital Mural Inpainting Method Based on Feature Perception [J]. Computer Science, 2022, 49(6): 217-223.
[9] DOU Zhi, WANG Ning, WANG Shi-jie, WANG Zhi-hui, LI Hao-jie. Sketch Colorization Method with Drawing Prior [J]. Computer Science, 2022, 49(4): 195-202.
[10] GAO Zhi-yu, WANG Tian-jing, WANG Yue, SHEN Hang, BAI Guang-wei. Traffic Prediction Method for 5G Network Based on Generative Adversarial Network [J]. Computer Science, 2022, 49(4): 321-328.
[11] LI Si-quan, WAN Yong-jing, JIANG Cui-ling. Multiple Fundamental Frequency Estimation Algorithm Based on Generative Adversarial Networks for Image Removal [J]. Computer Science, 2022, 49(3): 179-184.
[12] TAN Xin-yue, HE Xiao-hai, WANG Zheng-yong, LUO Xiao-dong, QING Lin-bo. Text-to-Image Generation Technology Based on Transformer Cross Attention [J]. Computer Science, 2022, 49(2): 107-115.
[13] ZHOU Shi-jin, XING Hong-jieHebei. Memory-augmented GAN-based Anomaly Detection [J]. Computer Science, 2022, 49(11A): 211000202-9.
[14] ZHANG Wei-qi, TANG Yi-feng, LI Lin-yan, HU Fu-yuan. Image Stream From Paragraph Method Based on Scene Graph [J]. Computer Science, 2022, 49(1): 233-240.
[15] XU Tao, TIAN Chong-yang, LIU Cai-hua. Deep Learning for Abnormal Crowd Behavior Detection:A Review [J]. Computer Science, 2021, 48(9): 125-134.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.