面向正常拟合迁移学习模型的成员推理攻击

doi:10.11959/j.issn.1000-436x.2021209

通信学报 ›› 2021, Vol. 42 ›› Issue (10): 197-210.doi: 10.11959/j.issn.1000-436x.2021209

面向正常拟合迁移学习模型的成员推理攻击

陈晋音¹^,², 上官文昌², 张京京³, 郑海斌², 郑雅羽², 张旭鸿⁴

¹ 浙江工业大学网络空间安全研究院，浙江杭州 310012
² 浙江工业大学信息工程学院，浙江杭州 310012
³ 军事科学院系统工程研究院信息系统安全技术国防科技重点实验室，北京 100039
⁴ 浙江大学控制科学与工程学院，浙江杭州 310007

修回日期:2021-09-27 出版日期:2021-10-25 发布日期:2021-10-01
作者简介:陈晋音（1982- ），女，浙江宁波人，博士，浙江工业大学教授，主要研究方向为智能计算、数据挖掘、网络安全等
上官文昌（1996- ），男，湖北十堰人，浙江工业大学硕士生，主要研究方向为深度学习、人工智能、深度学习、隐私攻防等
张京京（1988- ），男，北京人，博士，军事科学院系统工程研究院工程师，主要研究方向为深度学习、人工智能和对抗性攻击和防御等
郑海斌（1995- ），男，浙江台州人，浙江工业大学博士生，主要研究方向为深度学习、人工智能和对抗性攻击和防御等
郑雅羽（1978- ），男，浙江温州人，博士，浙江工业大学副教授，主要研究方向为嵌入式软硬件应用开发、视频图像处理算法、服务器网络技术等
张旭鸿（1988- ），男，河北石家庄人，博士，浙江大学助理教授，主要研究方向为分布式大数据与人工智能系统、大数据挖掘与分析、数据驱动安全、人工智能与安全等
基金资助:
国家重点研发计划基金资助项目(2018AAA0100801);国家自然科学基金资助项目(62072406);浙江省自然科学基金资助项目(LY19F020025);宁波市“科技创新2025”重大专项基金资助项目(2018B10063)

Membership inference attacks against transfer learning for generalized model

Jinyin CHEN¹^,², Wenchang SHANGGUAN², Jingjing ZHANG³, Haibin ZHENG², Yayu ZHENG², Xuhong ZHANG⁴

¹ Institute of Cyberspace Security, Zhejiang University of Technology, Hangzhou 310012, China
² School of Information Engineering, Zhejiang University of Technology, Hangzhou 310012, China
³ National Key Laboratory of Science and Technology on Information System Security, Institute of System Engineering, Chinese Academy of Military Science, Beijing 100039, China
⁴ School of Control Science and Engineering, Zhejiang University, Hangzhou 310007, China

Revised:2021-09-27 Online:2021-10-25 Published:2021-10-01
Supported by:
The National Key Research and Development Program of China(2018AAA0100801);The National Natural Science Foundation of China(62072406);The Natural Science Foundation of Zhejiang Province(LY19F020025);The Major Special Funding for “Science and Technology Innovation 2025” in Ningbo(2018B10063)

摘要/Abstract

摘要：

针对现有成员推理攻击（MIA）在面向正常拟合迁移学习模型时性能较差的问题，对迁移学习模型在正常拟合情况下的 MIA 进行了系统的研究，设计异常样本检测获取容易受攻击的数据样本，实现对单个样本的成员推理攻击。最终，将提出的攻击方法在 4 种图像数据集上展开攻击验证，结果表明，所提 MIA 有较好的攻击性能。例如，从VGG16（用Caltech101预训练）迁移的Flowers102分类器上，所提MIA实现了83.15%的成员推理精确率，揭示了在迁移学习环境下，即使不访问教师模型，通过访问学生模型依然能实现对教师模型的MIA。

关键词: 成员推理攻击, 深度学习, 迁移学习, 隐私风险, 正常拟合模型

Abstract:

For the problem of poor performance of exciting membership inference attack (MIA) when facing the transfer learning model that is generalized, the MIA for the transfer learning model that is generalized was first systematically studied, the anomaly detection was designed to obtain vulnerable data samples, and MIA was carried out against individual samples.Finally, the proposed method was tested on four image data sets, which shows that the proposed MIA has great attack performance.For example, on the Flowers102 classifier migrated from VGG16 (pretraining with Caltech101), the proposed MIA achieves 83.15% precision, which reveals that in the environment of transfer learning, even without access to the teacher model, the MIA for the teacher model can be achieved by visiting the student model.

Key words: membership inference attack, deep learning, transfer learning, privacy risk, generalized model

中图分类号:

TN92

陈晋音, 上官文昌, 张京京, 郑海斌, 郑雅羽, 张旭鸿. 面向正常拟合迁移学习模型的成员推理攻击[J]. 通信学报, 2021, 42(10): 197-210.

Jinyin CHEN, Wenchang SHANGGUAN, Jingjing ZHANG, Haibin ZHENG, Yayu ZHENG, Xuhong ZHANG. Membership inference attacks against transfer learning for generalized model[J]. Journal on Communications, 2021, 42(10): 197-210.

图/表 10

图1

图2

表1

攻击I：访教-攻教模式下不同攻击的攻击性能比较"

比较项	方法	Caltech101			Flowers102			CIFAR100			PubFig83
比较项	方法	VGG16	VGG19	Resnet50	VGG16	VGG19	Resnet50	VGG16	VGG19	Resnet50	VGG16	VGG19	Resnet50
	FMIA	62	60	59	42	43	40	76	73	77	35	31	32
异常样本	GMIA	62	60	59	42	43	40	76	73	77	35	31	32
	PMIA	51	53	50	29	27	28	58	58	54	23	22	20
	TMIA	62	60	59	42	43	40	76	73	77	35	31	32
	FMIA	42.41%	48.23%	45.12%	40.17%	46.66%	44.31%	48.03%	47.64%	49.46%	42.49%	46.31%	49.15%
精确率	GMIA	51.39%	52.87%	51.01%	48.35%	46.12%	47.16%	43.93%	45.63%	46.29%	41.27%	51.50%	41.30%
	PMIA	92.64%	93.83%	91.64%	94.22%	93.99%	93.23%	94.33%	91.38%	94.09%	90.66%	92.28%	94.86%
	TMIA	$93 . 98 %$	93.60%	$91 . 92 %$	93.49%	93.54%	93.01%	90.08%	90.20%	92.34%	$91 . 98 %$	$93 . 36 %$	90.74%
	FMIA	54.42%	52.59%	53.37%	48.05%	47.33%	45.27%	40.26%	41.45%	40.48%	44.02%	41.63%	45.48%
覆盖率	GMIA	54.69%	53.60%	53.81%	43.68%	44.00%	44.92%	41.30%	41.27%	43.18%	48.61%	46.94%	46.77%
	PMIA	70.61%	74.97%	71.30%	72.57%	71.08%	72.86%	71.66%	72.20%	72.50%	73.58%	73.49%	71.14%
	TMIA	$72 . 05 %$	70.79%	70.39%	$73 . 40 %$	$72 . 51 %$	$73 . 10 %$	71.61%	70.35%	71.13%	72.62%	73.12%	$72 . 28 %$

表1

图3

表2

攻击III：访学-攻学模式下不同攻击的攻击性能比较"

比较项	方法	Flowers102			CIFAR100			PubFig83
比较项	方法	VGG16	VGG19	Resnet50	VGG16	VGG19	Resnet50	VGG16	VGG19	Resnet50
	FMIA	46	43	40	76	73	77	35	31	32
	GMIA	46	43	40	76	73	77	35	31	32
异常样本	PMIA	29	27	28	58	58	54	23	22	20
	TMIA	$46$	$43$	$40$	$76$	$73$	$77$	$35$	$31$	$32$
	FMIA	52.34%	53.55%	53.91%	41.59%	44.28%	42.51%	43.82%	45.70%	46.15%
	GMIA	52.54%	53.06%	53.65%	41.72%	40.79%	41.49%	40.87%	44.08%	44.13%
精确率	PMIA	94.10%	94.37%	94.76%	92.36%	91.89%	92.56%	92.87%	93.12%	90.29%
	TMIA	93.29%	93.53%	93.97%	92.00%	91.55%	$93 . 43 %$	92.34%	$94 . 65 %$	$90 . 47 %$
	FMIA	51.42%	52.99%	52.76%	42.11%	50.21%	53.57%	48.36%	45.50%	45.63%
	GMIA	50.30%	50.09%	50.32%	47.01%	47.84%	49.64%	47.21%	48.48%	49.80%
覆盖率	PMIA	73.51%	71.89%	74.30%	73.42%	72.24%	74.12%	73.43%	73.63%	72.84%
	TMIA	71.15%	71.50%	72.36%	$74 . 48 %$	$73 . 29 %$	72.97%	$73 . 80 %$	72.95%	72.12%

表2

图4

图5

表3

表4

图6

参考文献 49

[1]	高红民, 曹雪莹, 陈忠昊 ,等. 基于多尺度近端特征拼接网络的高光谱图像分类方法[J]. 通信学报, 2021,42(2): 92-102.
	GAO H M , CAO X Y , CHEN Z H ,et al. Hyperspectral image classification method based on multi-scale proximal feature concatenate network[J]. Journal on Communications, 2021,42(2): 92-102.
[2]	崔颖, 徐凯, 陆忠军 ,等. 主动学习策略融合算法在高光谱图像分类中的应用[J]. 通信学报, 2018,39(4): 91-99.
	CUI Y , XU K , LU Z J ,et al. Combination strategy of active learning for hyperspectral images classification[J]. Journal on Communications, 2018,39(4): 91-99.
[3]	KIM I , BAEK W , KIM S . Spatially attentive output layer for image classification[C]// Proceedings of 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). Piscataway:IEEE Press, 2020: 9530-9539.
[4]	SZEGEDY C , LIU W , JIA Y Q ,et al. Going deeper with convolutions[C]// Proceedings of 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). Piscataway:IEEE Press, 2015: 1-9.
[5]	WANG T W , ZHU Y Z , JIN L W ,et al. Decoupled attention network for text recognition[C]// The Thirty-Second Innovative Applications of Artificial Intelligence Conference. Palo Alto:AAAI Press, 2020: 12216-12224.
[6]	YU D L , LI X , ZHANG C Q ,et al. Towards accurate scene text recognition with semantic reasoning networks[C]// Proceedings of 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). Piscataway:IEEE Press, 2020: 12110-12119.
[7]	GRAVES A , MOHAMED A R , HINTON G . Speech recognition with deep recurrent neural networks[C]// Proceedings of 2013 IEEE International Conference on Acoustics,Speech and Signal Processing. Piscataway:IEEE Press, 2013: 6645-6649.
[8]	HINTON G , DENG L , YU D ,et al. Deep neural networks for acoustic modeling in speech recognition:the shared views of four research groups[J]. IEEE Signal Processing Magazine, 2012,29(6): 82-97.
[9]	SEN P , NAMATA G , BILGIC M ,et al. Collective classification in network data[J]. AI Magazine, 2008,29(3): 93-106.
[10]	LIBEN-NOWELL D , KLEINBERG J . The link-prediction problem for social networks[J]. Journal of the American Society for Information Science and Technology, 2007,58(7): 1019-1031.
[11]	张思成, 林云, 涂涯 ,等. 基于轻量级深度神经网络的电磁信号调制识别技术[J]. 通信学报, 2020,41(11): 12-21.
	ZHANG S C , LIN Y , TU Y ,et al. Electromagnetic signal modulation recognition technology based on lightweight deep neural network[J]. Journal on Communications, 2020,41(11): 12-21.
[12]	WANG Q , DU P F , YANG J Y ,et al. Transferred deep learning based waveform recognition for cognitive passive radar[J]. Signal Processing, 2019,155: 259-267.
[13]	SIMONYAN K , ZISSERMAN A . Very deep convolutional networks for large-scale image recognition[C]// Proceedings of 3rd International Conference on Learning Representations.[S.n.:s.l.], 2015: 803-807.
[14]	HE K M , ZHANG X Y , REN S Q ,et al. Deep residual learning for image recognition[C]// Proceedings of 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). Piscataway:IEEE Press, 2016: 770-778.
[15]	BROWN T B , MANN B , RYDER N ,et al. Language models are few-shot learners[C]// Proceedings of 2020 Advances in Neural Information Processing Systems (NIPS).[S.n.:s.l.], 2020: 6-12.
[16]	RAFFEL C , SHAZEER N , ROBERTS A ,et al. Exploring the limits of transfer learning with a unified text-to-text transformer[J]. Journal of Machine Learning Research, 2020,21(1): 1-67.
[17]	OLATUNJI I E , NEJDL W , KHOSLA M . Membership inference attack on graph neural networks[J]. arXiv Preprint,arXiv:2101.06570, 2021.
[18]	HUI B , YANG Y C , YUAN H L ,et al. Practical blind membership inference attack via differential comparisons[C]// Proceedings of 2021 Network and Distributed System Security Symposium. Reston:Internet Society, 2021: 21-25.
[19]	LI J C , LI N H , Ribeiro B . Membership inference attacks and defenses in supervised learning via generalization gap[J]. arXiv Preprint,arXiv:2002.12062, 2020.
[20]	SALEM A , ZHANG Y , HUMBERT M ,et al. ML-leaks:model and data independent membership inference attacks and defenses on machine learning models[C]// Proceedings of 2019 Network and Distributed System Security Symposium. Reston:Internet Society, 2019: 24-27.
[21]	SHOKRI R , STRONATI M , SONG C Z ,et al. Membership inference attacks against machine learning models[C]// Proceedings of 2017 IEEE Symposium on Security and Privacy (SP). Piscataway:IEEE Press, 2017: 3-18.
[22]	SONG L W , SHOKRI R , MITTAL P . Privacy risks of securing machine learning models against adversarial examples[C]// Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2019: 241-257.
[23]	YEOM S , GIACOMELLI I , FREDRIKSON M ,et al. Privacy risk in machine learning:analyzing the connection to overfitting[C]// Proceedings of 2018 IEEE 31st Computer Security Foundations Symposium (CSF). Piscataway:IEEE Press, 2018: 268-282.
[24]	NASR M , SHOKRI R , HOUMANSADR A . Comprehensive privacy analysis of deep learning:passive and active white-box inference attacks against centralized and federated learning[C]// Proceedings of 2019 IEEE Symposium on Security and Privacy (SP). Piscataway:IEEE Press, 2019: 739-753.
[25]	LEINO K , FREDRIKSON M . Stolen memories:leveraging model memorization for calibrated white-box membership inference[C]// Proceedings of 2020 USENIX Security Symposium (USENIX Security 20). Berkeley:USENIX Association, 2020: 1605-1622.
[26]	LONG Y H , WANG L , BU D Y ,et al. A pragmatic approach to membership inferences on machine learning models[C]// Proceedings of 2020 IEEE European Symposium on Security and Privacy (EuroS＆P). Piscataway:IEEE Press, 2020: 521-534.
[27]	ZOU Y , ZHANG Z K , BACKES M ,et al. Privacy analysis of deep learning in the wild:membership inference attacks against transfer learning[J]. arXiv Preprint,arXiv:2009.04872, 2020.
[28]	BACKES M , BERRANG P , HUMBERT M ,et al. Membership privacy in MicroRNA-based studies[C]// Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2016: 319-330.
[29]	HAGESTEDT I , ZHANG Y , HUMBERT M ,et al. MBeacon:privacy-preserving beacons for DNA methylation data[C]// Proceedings of 2019 Network and Distributed System Security Symposium. Reston:Internet Society, 2019: 21-27.
[30]	PYRGELIS A , TRONCOSO C , DE CRISTOFARO E . Knock knock,who's there? membership inference on aggregate location data[C]// Proceedings of 2018 Network and Distributed System Security Symposium. Reston:Internet Society, 2018: 35-42.
[31]	CHEN J C , RANJAN R , KUMAR A ,et al. An end-to-end system for unconstrained face verification with deep convolutional neural networks[C]// Proceedings of 2015 IEEE International Conference on Computer Vision Workshop (ICCVW). Piscataway:IEEE Press, 2015: 360-368.
[32]	REN S Q , HE K M , GIRSHICK R ,et al. Faster R-CNN:towards real-time object detection with region proposal networks[C]// Proceedings of IEEE Transactions on Pattern Analysis and Machine Intelligence. Piscataway:IEEE Press, 2015: 1137-1149.
[33]	REDMON J , DIVVALA S , GIRSHICK R ,et al. You only look once:unified,real-time object detection[C]// Proceedings of 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). Piscataway:IEEE Press, 2016: 779-788.
[34]	CAELLES S , MANINIS K K , PONT-TUSET J ,et al. One-shot video object segmentation[C]// Proceedings of 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). Piscataway:IEEE Press, 2017: 5320-5329.
[35]	KUNZE J , KIRSCH L , KURENKOV I ,et al. Transfer learning for speech recognition on a budget[C]// Proceedings of the 2nd Workshop on Representation Learning for NLP. Stroudsburg:Association for Computational Linguistics, 2017: 168-177.
[36]	WANG D , ZHENG T F . Transfer learning for speech and language processing[C]// Proceedings of 2015 Asia-Pacific Signal and Information Processing Association Annual Summit and Conference (APSIPA). Piscataway:IEEE Press, 2015: 1225-1237.
[37]	HEIGOLD G , VANHOUCKE V , SENIOR A ,et al. Multilingual acoustic models using distributed deep neural networks[C]// Proceedings of 2013 IEEE International Conference on Acoustics,Speech and Signal Processing. Piscataway:IEEE Press, 2013: 8619-8623.
[38]	CIRE?AN D C , MEIER U , SCHMIDHUBER J . Transfer learning for Latin and Chinese characters with deep neural networks[C]// Proceedings of 2012 International Joint Conference on Neural Networks (IJCNN). Piscataway:IEEE Press, 2012: 1-6.
[39]	JOHNSON M , SCHUSTER M , LE Q V ,et al. Google's multilingual neural machine translation system:enabling zero-shot translation[J]. Transactions of the Association for Computational Linguistics, 2017,5: 339-351.
[40]	MIKOLOV T , LE Q V , SUTSKEVER I . Exploiting similarities among languages for machine translation[J]. Computer Science, 2014,17(4): 45-52.
[41]	WANG B , YAO U , CHICAGO U O ,et al. With great training comes great vulnerability:practical attacks against transfer learning[C]// Proceedings of 2018 USENIX Security Symposium (USENIX Security). Berkeley:USENIX Association, 2018: 1281-1297.
[42]	SCHUSTER R , SCHUSTER T , MERI Y ,et al. Humpty dumpty:controlling word meanings via corpus poisoning[C]// Proceedings of 2020 IEEE Symposium on Security and Privacy (SP). Piscataway:IEEE Press, 2020: 1295-1313.
[43]	LI F F , FERGUS R , PERONA P . Learning generative visual models from few training examples:an incremental Bayesian approach tested on 101 object categories[J]. Computer Vision and Image Understanding, 2007,106(1): 59-70.
[44]	KRIZHEVSKY A , HINTON G . Learning multiple layers of features from tiny images[J]. Handbook of Systemic Autoimmune Diseases, 2009,1(4): 130-138.
[45]	NILSBACK M E , ZISSERMAN A . Automated flower classification over a large number of classes[C]// Proceedings of 2008 Sixth Indian Conference on Computer Vision,Graphics ＆ Image Processing. Piscataway:IEEE Press, 2008: 722-729.
[46]	PINTO N , STONE Z , ZICKLER T ,et al. Scaling up biologically-inspired computer vision:a case study in unconstrained face recognition on facebook[C]// Proceedings of CVPR 2011 WORKSHOPS. Piscataway:IEEE Press, 2011: 35-42.
[47]	SIMONYAN K , ZISSERMAN A . Very deep convolutional networks for large-scale image recognition[J]. Computer Science, 2014,8(2): 475-483.
[48]	HE K M , ZHANG X Y , REN S Q ,et al. Deep residual learning for image recognition[C]// Proceedings of 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). Piscataway:IEEE Press, 2016: 770-778.
[49]	SZEGEDY C , VANHOUCKE V , IOFFE S ,et al. Rethinking the inception architecture for computer vision[C]// Proceedings of 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). Piscataway:IEEE Press, 2016: 2818-2826.

Dropout	训练	测试	异常样本/个	精确率	覆盖率
0	0.98	0.97	33	91.61%	55.40%
0.1	0.98	0.98	6	96.15%	63.55%
0.3	0.96	0.96	6	95.44%	56.08%

面向正常拟合迁移学习模型的成员推理攻击

Membership inference attacks against transfer learning for generalized model

在线阅读

PDF下载

可视化

摘要/Abstract

引用本文

使用本文

图/表 10

参考文献 49

相关文章 15

Metrics

推荐阅读 0

数据集	α	异常样本	精确率	覆盖率
	0.1	212	56.61%	35.28%
Caltech101	0.2	103	77.39%	59.50%
	0.3	57	91.66%	78.03%
	0.2	207	58.91%	37.66%
Flowers102	0.3	125	71.30%	58.62%
	0.4	75	92.25%	79.10%
	0.1	243	58.89%	34.72%
CIFAR100	0.2	157	76.24%	55.17%
	0.3	68	91.22%	75.97%
	0.1	154	57.74%	35.71%
PubFig83	0.2	80	73.15%	54.74%
	0.3	33	93.16%	75.29%

[1]	陈东昱, 陈华, 范丽敏, 付一方, 王舰. 基于深度学习的随机性检验策略研究[J]. 通信学报, 2023, 44(6): 23-33.
[2]	李荣鹏, 汪丙炎, 张宏纲, 赵志峰. 知识增强的语义通信接收端设计[J]. 通信学报, 2023, 44(6): 70-76.
[3]	马帅, 裴科, 祁华艳, 李航, 曹雯, 王洪梅, 熊海良, 李世银. 基于生成模型的地磁室内高精度定位算法研究[J]. 通信学报, 2023, 44(6): 211-222.
[4]	张佳乐, 朱诚诚, 孙小兵, 陈兵. 基于GAN的联邦学习成员推理攻击与防御方法[J]. 通信学报, 2023, 44(5): 193-205.
[5]	杨洁, 董标, 付雪, 王禹, 桂冠. 基于轻量化分布式学习的自动调制分类方法[J]. 通信学报, 2022, 43(7): 134-142.
[6]	杨秀璋, 彭国军, 李子川, 吕杨琦, 刘思德, 李晨光. 基于Bert和BiLSTM-CRF的APT攻击实体识别及对齐研究[J]. 通信学报, 2022, 43(6): 58-70.
[7]	廖勇, 王世义. 高速移动环境下基于RM-Net的大规模MIMO CSI反馈算法[J]. 通信学报, 2022, 43(5): 166-176.
[8]	廖育荣, 王海宁, 林存宝, 李阳, 方宇强, 倪淑燕. 基于深度学习的光学遥感图像目标检测研究进展[J]. 通信学报, 2022, 43(5): 190-203.
[9]	赵增华, 童跃凡, 崔佳洋. 基于域自适应的Wi-Fi指纹设备无关室内定位模型[J]. 通信学报, 2022, 43(4): 143-153.
[10]	廖勇, 程港, 李玉杰. 基于深度展开的大规模MIMO系统CSI反馈算法[J]. 通信学报, 2022, 43(12): 77-88.
[11]	段雪源, 付钰, 王坤, 李彬. 基于简单统计特征的LDoS攻击检测方法[J]. 通信学报, 2022, 43(11): 53-64.
[12]	霍俊彦, 邱瑞鹏, 马彦卓, 杨付正. 基于最邻近帧质量增强的视频编码参考帧列表优化算法[J]. 通信学报, 2022, 43(11): 136-147.
[13]	康海燕, 冀源蕊. 基于本地化差分隐私的联邦学习方法研究[J]. 通信学报, 2022, 43(10): 94-105.
[14]	彭长根, 高婷, 刘惠篮, 丁红发. 面向机器学习模型的基于PCA的成员推理攻击[J]. 通信学报, 2022, 43(1): 149-160.
[15]	张红霞, 王琪, 王登岳, 王奔. 基于深度学习的区块链蜜罐陷阱合约检测[J]. 通信学报, 2022, 43(1): 194-202.