网络与信息安全学报 ›› 2021, Vol. 7 ›› Issue (1): 1-10.doi: 10.11959/j.issn.2096-109x.2021001

• 综述 •    下一篇

人工智能模型数据泄露的攻击与防御研究综述

任奎, 孟泉润, 闫守琨, 秦湛   

  1. 浙江大学网络空间安全学院,浙江 杭州 310027
  • 修回日期:2020-09-29 出版日期:2021-02-15 发布日期:2021-02-01
  • 作者简介:任奎(1978- ),男,安徽芜湖人,浙江大学教授、博士生导师,主要研究方向为人工智能安全、数据安全、物联网安全。
    孟泉润(1994- ),男,河南新乡人,浙江大学硕士生,主要研究方向为数据安全与隐私保护。
    闫守琨(1996- ),男,辽宁大连人,浙江大学硕士生,主要研究方向为人工智能安全与对抗攻防。
    秦湛(1988- ),男,北京人,浙江大学研究员、博士生导师,主要研究方向为数据安全与隐私保护、人工智能安全。
  • 基金资助:
    科技创新2030——“新一代人工智能”重大项目(2020AAA0107700)

Survey of artificial intelligence data security and privacy protection

Kui REN, Quanrun MENG, Shoukun YAN, Zhan QIN   

  1. School of Cyber Science and Technology, Zhejiang University, Hangzhou 310027, China
  • Revised:2020-09-29 Online:2021-02-15 Published:2021-02-01
  • Supported by:
    The National Key Research and Development Project(2020AAA0107700)

摘要:

人工智能和深度学习算法正在高速发展,这些新兴技术在音视频识别、自然语言处理等领域已经得到了广泛应用。然而,近年来研究者发现,当前主流的人工智能模型中存在着诸多安全隐患,并且这些隐患会限制人工智能技术的进一步发展。因此,研究了人工智能模型中的数据安全与隐私保护问题。对于数据与隐私泄露问题,主要研究了基于模型输出的数据泄露问题和基于模型更新的数据泄露问题。在基于模型输出的数据泄露问题中,主要探讨了模型窃取攻击、模型逆向攻击、成员推断攻击的原理和研究现状;在基于模型更新的数据泄露问题中,探讨了在分布式训练过程中,攻击者如何窃取隐私数据的相关研究。对于数据与隐私保护问题,主要研究了常用的3类防御方法,即模型结构防御,信息混淆防御,查询控制防御。综上,围绕人工智能深度学习模型的数据安全与隐私保护领域中最前沿的研究成果,探讨了人工智能深度学习模型的数据窃取和防御技术的理论基础、重要成果以及相关应用。

关键词: 人工智能, 数据安全, 隐私泄露, 隐私保护

Abstract:

Artificial intelligence and deep learning algorithms are developing rapidly.These emerging techniques have been widely used in audio and video recognition, natural language processing and other fields.However, in recent years, researchers have found that there are many security risks in the current mainstream artificial intelligence model, and these problems will limit the development of AI.Therefore, the data security and privacy protection was studied in AI.For data and privacy leakage, the model output based and model update based problem of data leakage were studied.In the model output based problem of data leakage, the principles and research status of model extraction attack, model inversion attack and membership inference attack were discussed.In the model update based problem of data leakage, how attackers steal private data in the process of distributed training was discussed.For data and privacy protection, three kinds of defense methods, namely model structure defense, information confusion defense and query control defense were studied.In summarize, the theoretical foundations, classic algorithms of data inference attack techniques were introduced.A few research efforts on the defense techniques were described in order to provoke further research efforts in this critical area.

Key words: artificial intelligence, data security, privacy leakage, privacy protection

中图分类号: 

No Suggested Reading articles found!