摘要
针对目前黑盒成员推理攻击存在的访问受限失效问题,提出基于主成分分析(PCA)的成员推理攻击。首先,针对黑盒成员推理攻击存在的访问受限问题,提出一种快速决策成员推理攻击fast-attack。在基于距离符号梯度获取扰动样本的基础上将扰动难度映射到距离范畴来进行成员推理。其次,针对快速决策成员推理攻击存在的低迁移率问题,提出一种基于PCA的成员推理攻击PCA-based attack。将快速决策成员推理攻击中的基于扰动算法与PCA技术相结合来实现成员推理,以抑制因过度依赖模型而导致的低迁移行为。实验表明,fast-attack在确保攻击精度的同时降低了访问成本,PCA-based attack在无监督的设置下优于基线攻击,且模型迁移率相比fast-attack提升10%。
Aiming at the problem of restricted access failure in current black box membership inference attacks,a PCA-based membership inference attack was proposed.Firstly,in order to solve the restricted access problem of black box membership inference attacks,a fast decision membership inference attack named fast-attack was proposed.Based on the perturbation samples obtained by the distance symbol gradient,the perturbation difficulty was mapped to the distance category for membership inference.Secondly,in view of the low mobility problem of fast-attack,a PCA-based membership inference attack was proposed.Combining the algorithmic ideas based on the perturbation category in the fast-attack and the PCA technology to suppress the low-migration behavior caused by excessive reliance on the model.Finally,experiments show that fast-attack reduces the access cost while ensuring the accuracy of the attack.PCA-based attack is superior to the baseline attack under the unsupervised setting,and the migration rate of model is increased by 10%compared to fast-attack.
作者
彭长根
高婷
刘惠篮
丁红发
PENG Changgen;GAO Ting;LIU Huilan;DING Hongfa(State Key Laboratory of Public Big Data,Guizhou University,Guiyang 550025,China;Institute of Cryptography and Data Security,Guizhou University,Guiyang 550025,China;College of Computer Science and Technology,Guizhou University,Guiyang 550025,China;College of Information,Guizhou University of Finance and Economics,Guiyang 550025,China)
出处
《通信学报》
EI
CSCD
北大核心
2022年第1期149-160,共12页
Journal on Communications
基金
国家自然科学基金资助项目(No.U1836205,No.62002080)
贵州省科技计划基金资助项目(黔科合平台人才[2020]5017)
贵州省教育厅自然科学基金资助项目(黔教合KY字[2021]140)
贵州大学人才引进科研基金资助项目(贵大人基合字[2020]61)。
关键词
机器学习
对抗样本
成员推理攻击
主成分分析
隐私泄露
machine learning
adversarial example
membership inference attack
principal component analysis
privacy leakage