检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
名 称:
注 释:
作 者:WANG Zhibo LIU Kaixin HU Jiahui REN Ju GUO Hengchang YUAN Wei
机构地区:[1]School of Cyber Science and Engineering,Wuhan University,Wuhan 430072,China [2]School of Cyber Science and Technology,Zhejiang University,Zhejiang 310027,China [3]Department of Computer Science and Technology,Tsinghua University,Beijing 100084,China
出 处:《Chinese Journal of Electronics》2023年第1期1-12,共12页电子学报(英文版)
基 金:supported by the National Key R&D Program of China(2021ZD0112803);National Natural Science Foundation of China (62122066, U20A20182, 61872274, 62122095, U19A2067);the Key R&D Program of Zhejiang Province (2022C01018)。
摘 要:Collaborative inference(co-inference) accelerates deep neural network inference via extracting representations at the device and making predictions at the edge server,which however might disclose the sensitive information about private attributes of users(e.g.,race).Although many privacy-preserving mechanisms on co-inference have been proposed to eliminate privacy concerns,privacy leakage of sensitive attributes might still happen during inference.In this paper,we explore privacy leakage against the privacy-preserving co-inference by decoding the uploaded representations into a vulnerable form.We propose a novel attack framework named AttrL eaks,which consists of the shadow model of feature extractor(FE),the susceptibility reconstruction decoder,and the private attribute classifier.Based on our observation that values in inner layers of FE(internal representation) are more sensitive to attack,the shadow model is proposed to simulate the FE of the victim in the blackbox scenario and generates the internal representations.Then,the susceptibility reconstruction decoder is designed to transform the uploaded representations of the victim into the vulnerable form,which enables the malicious classifier to easily predict the private attributes.Extensive experimental results demonstrate that AttrLeaks outperforms the state of the art in terms of attack success rate.
关 键 词:Collaborative inference Private information leakage Attribute inference attack
分 类 号:TP309[自动化与计算机技术—计算机系统结构]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:18.222.230.215