分割学习数据隐私研究综述  被引量：1

作　　者：秦轶群 马晓静 付佳韵[1,2] 胡平一 徐鹏 金海[1,3] QIN Yiqun;MA Xiaojing;FU Jiayun;HU Pingyi;XU Peng;JIN Hai(Services Computing Technology and System Lab,National Engineering Research Center for Big Data Technology,Wuhan 430074,China;School of Cyber Science and Engineering,Huazhong University of Science and Technology,Wuhan 430074,China;School of Computer Science and Engineering,Huazhong University of Science and Technology,Wuhan 430074,China)

机构地区：[1]大数据技术与系统国家地方联合工程研究中心,服务计算技术与系统教育部重点实验室,湖北武汉430074 [2]华中科技大学网络空间安全学院,湖北武汉430074 [3]华中科技大学计算机科学与技术学院,湖北武汉430074

出　　处：《网络与信息安全学报》2024年第3期20-37,共18页Chinese Journal of Network and Information Security

基　　金：国家自然科学基金(62272175)。

摘　　要：随着机器学习的快速发展,以其为核心的人工智能技术已经应用于生活的各个领域,但人们也日益担忧机器学习会泄露隐私信息。为了保护国家和公民的信息安全,我国颁布了《中华人民共和国个人信息保护法》来规范隐私信息的收集、使用和传输。然而机器学习需要使用大量数据,因此需要隐私保护技术在合法合规的情况下完成数据的收集和处理。分割学习可以在不共享原始数据的情况下在多个参与方之间训练分布式模型,成为机器学习隐私保护领域的研究热点。分割学习面临着数据隐私遭受攻击的风险,目前已有多种不同的攻击方法和对应的防御方法被提出,但已有的综述未对分割学习训练阶段数据隐私的研究内容进行讨论和总结。因此对分割学习训练阶段的数据隐私攻防技术进行综述。归纳了分割学习定义,给出了其原理和分类;介绍了分割学习中两类常见的攻击方法,原始数据重建攻击和标签推断攻击,分析了分割学习训练阶段数据隐私受到数据隐私攻击的原因,并总结了相应的防御方法;最后,讨论了分割学习数据隐私研究的未来发展方向。With the rapid development of machine learning,artificial intelligence technology has been widely applied across various domains of life.However,concerns regarding the privacy risks associated with machine learning have increased.In response to these concerns,the Personal Information Protection Law of the People's Republic of China was promulgated to regulate the collection,use,and transmission of private information.Despite this,machine learning requires a large amount of data,necessitating the development of privacy protection technologies that allow for the collection and processing of data under legal and compliant conditions.Split learning,a privacy-preserving machine learning technique that enables the training of distributed models among multiple participants without sharing raw data,has emerged as a research focus.It has been recognized that split learning is vulnerable to data privacy attacks,and various attacks along with corresponding defenses have been proposed.However,existing surveys have not discussed and summarized research on data privacy during the training phase of split learning.The comprehensive overview of data privacy attack and defense techniques in the training phase of split learning was offered.Initially,the definition,principles,and classifications of split learning were summarized.Subsequently,two common attacks in split learning,namely the raw data reconstruction attack and the label leakage attack,were introduced.The causes of these attacks in the training phase of split learning were then analyzed,and corresponding defenses were presented.Finally,future research directions in the area of data privacy for split learning were discussed.

关 键 词：隐私保护 人工智能安全 分布式机器学习 分割学习 

分 类 号：TP309.2[自动化与计算机技术—计算机系统结构]