语义通信模型联合训练框架中的隐私泄露  

作　　者：罗倩雯 王碧舳 卞志强 许晓东 韩书君 张静璇 LUO Qianwen;WANG Bizhu;BIAN Zhiqiang;XU Xiaodong;HAN Shujun;ZHANG Jingxuan(State Key Laboratory of Networking and Switching Technology,Beijing University of Posts and Telecommunications,Beijing 100876,China)

机构地区：[1]北京邮电大学网络与交换技术国家重点实验室,北京100876

出　　处：《移动通信》2024年第2期111-116,共6页Mobile Communications

基　　金：中国博士后科学基金面上项目“面向6G极高可靠低时延通信的智能按需服务技术研究”(2023M740342)。

摘　　要：为了同时保障端边协同训练语义编解码模型过程中的模型训练效率与数据隐私保护,基于U型分割的语义编解码模型端边协同训练框架是一种可行的方法。然而,端边之间交互的中间特征值与特征梯度仍然可能会泄露终端设备的数据隐私。基于U型分割的语义编解码模型端边协同训练框架可以在一定程度上解决端边协同训练语义编解码模型过程中模型训练效率与数据隐私保护之间的矛盾。然而,该框架下端边之间的交互过程仍然可能泄露终端设备的数据隐私。针对这一问题,提出了一种面向U型分割语义编解码模型协同训练过程的特征泄露攻击算法,通过分析训练过程中终端设备与边缘服务器之间交互的中间特征值和特征梯度,对终端的私有隐私数据进行重构。仿真结果表明,当使用单回合中间特征值对终端数据进行推断时,语义编解码模型使用浅层分割点或模型训练轮次较多时,中间特征值会包含更多的数据语义信息。此外,当攻击者增加本地攻击迭代次数,并选取多回合中间特征值和特征梯度对终端数据进行推断时,重构的终端数据与真实数据的图像结构相似度可以从0.2759提升到0.4017。To simultaneously guarantee the model training efficiency and data privacy protection during the end-edge collaborative training of semantic codec model,the end-edge collaborative training framework based on U-shaped segmentation is a feasible approach.However,the intermediate feature values and feature gradients interacted between the end edges may still leak the data privacy of the end devices.The U-shaped segmentation-based end-edge collaborative training framework can resolve the conflict between model training efficiency and data privacy protection in the training process to a certain extent.However,the end-edge interaction process under this framework may still leak the data privacy of the end devices.To address this problem,a feature leakage attack algorithm for the collaborative training process of U-shaped segmentation semantic codec model is proposed.By analyzing the intermediate feature values and feature gradients of the end-edge interactions during the training process,the end device's private data is reconstructed.The simulation results show that when a single-round intermediate feature value is used to infer the data of the end device,the intermediate feature value contains more semantic information of the data when the semantic codec model uses shallow segmentation points or the model has more training rounds.In addition,when the attacker increases the number of local attack iterations and selects multi-round intermediate feature values and feature gradients for inferring the data of end device,the image structure similarity between the reconstructed data and the real data can be improved from 0.2759 to 0.4017.

关 键 词：语义通信 端边协同训练 数据重构 隐私泄露 模型分割 

分 类 号：TN929.5[电子电信—通信与信息系统]