Privacy Preserving Machine Learning: Threats and Solutions, 2018 IEEE Security and Privacy Magazine
一篇综述,老师说和我们打算写的比较接近的文,所以读读看。【写得挺差】
intro:本文旨在联立ml与安全
ml:ml流程:分为有/无/半监督
threats:要面临的威胁:
- Private Data in the Clear(保留了原始数据),
- Reconstruction Attacks(重建输入向量,需要保留原始数据在模型里并提供了白盒),
- model Inversion Attacks(逆向最像输入的样本均值,置信度重要),
- Membership Inference Attacks(推定训练集成员),
- De-anonymization (Re-Identification) (去匿名化,Netflix比赛样例)
Privacy-Preserving Machine Learning (PPML):多方协作上传训练集时如何保护隐私:
- Cryptographic Approaches(加密方式:homomorphic encryption, garbled circuits, secret sharing, secure processors:【同态加密,乱码电路,密钥共享,安全处理器】
- Perturbation Approaches(扰动方法:Differential Privacy (DP),Local Differential Privacy,Dimensionality Reduction (DR) :【差分隐私,本地差分隐私,维度降低
机遇与前景:大公司该如何保护屁民隐私
可读的ref:
- Fingerprint Reconstruction: From Minutiae to Phase 【重建指纹】
- Membership Inference Attacks Against Machine Learning Models 【推定成员】
Stealing Machine Learning Models via Prediction APIs, USENIX Security, 2016
intro:做的工作,Simple equation-solving model extraction attacks,path-finding algorithm for extracting decision trees, Model extraction attacks against models
背景:定义ml是种映射函数,输入输出都有些啥,介绍训练过程
Model extraction attacks:攻击影响因素
- Machine learning services(各家ml服务的不同之处,比如能自选自改模型吗,输出带置信度吗,用的啥模型
- Attack scenarios (攻击目的:逃避后续的查询费用,偷隐私,逃避检测
- Threat model in detail(可进行直接与间接查询,即能/否任意输入不论样本空间范围
Extraction with Confidence Values:有置信度的提取。如何评估攻击奏效程度,模型简介。
- Equation-Solving Attacks(算式计算型攻击:二元LR,多类LR
扫一扫
1177
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
