针对机器学习的成员推断攻击综述  被引量：2

作　　者：彭钺峰 赵波[1] 刘会 安杨[2] PENG Yuefeng;ZHAO Bo;LIU Hui;AN Yang(School of Cyber Science and Engineering,Wuhan University,Wuhan 430000,China;School of Computer Science,Wuhan University,Wuhan 430000,China)

机构地区：[1]武汉大学国家网络安全学院,武汉430000 [2]武汉大学计算机学院,武汉430000

出　　处：《计算机科学》2023年第3期351-359,共9页Computer Science

基　　金：国家自然科学基金(U1936122)。

摘　　要：近年来,机器学习不仅在计算机视觉、自然语言处理等领域取得了显著成效,也被广泛应用于人脸图像、金融数据、医疗信息等敏感数据处理领域。最近,研究人员发现机器学习模型会记忆它们训练集中的数据,导致攻击者可以对模型实施成员推断攻击,即攻击者可以推断给定数据是否存在于某个特定机器学习模型的训练集。成员推断攻击的成功,可能导致严重的个人隐私泄露。例如,如果能确定某个人的医疗记录属于某医院的数据集,则表明这个人曾经是那家医院的病人。首先介绍了成员推断攻击的基本原理;然后系统地对近年来代表性攻击和防御的研究进行了总结和归类,特别针对不同条件设置下如何进行攻击和防御进行了详细的阐述;最后回顾成员推断攻击的发展历程,探究机器学习隐私保护面临的主要挑战和未来潜在的发展方向。In recent years,machine learning has not only achieved remarkable results in conventional fields such as computer vision and natural language processing,but also been widely applied to process sensitive data such as face images,financial data and medical information.Recently,researchers find that machine learning models will remember the data in their training sets,making them vulnerable to membership inference attacks,that is,the attacker can infer whether the given data exists in the training set of a specific machine learning model.The success of membership inference attacks may lead to serious individual privacy leakage.For example,the existence of a patient’s medical record in a hospital’s analytical training set reveals that the patient was once a patient there.The paper first introduces the basic principle of membership inference attacks,and then systematically summarizes and classifies the representative research achievements on membership inference attacks and defenses in recent years.In particular,how to attack and defend under different conditions is described in detail.Finally,by reviewing the development of membership inference attacks,this paper explores the main challenges and potential development directions of machine learning privacy protection in the future.

关 键 词：机器学习 成员推断 隐私泄露 隐私保护 

分 类 号：TP181[自动化与计算机技术—控制理论与控制工程]