网络与信息安全学报 ›› 2023, Vol. 9 ›› Issue (2): 1-20.doi: 10.11959/j.issn.2096-109x.2023017
• 综述 • 下一篇
陈晋音1,2, 李荣昌2, 黄国瀚2, 刘涛2, 郑海斌1, 程瑶3
修回日期:
2022-08-20
出版日期:
2023-04-25
发布日期:
2023-04-01
作者简介:
陈晋音(1982- ),女,浙江象山人,浙江工业大学教授,主要研究方向为人工智能安全、图数据挖掘和进化计算基金资助:
Jinyin CHEN1,2, Rongchang LI2, Guohan HUANG2, Tao LIU2, Haibin ZHENG1, Yao CHENG3
Revised:
2022-08-20
Online:
2023-04-25
Published:
2023-04-01
Supported by:
摘要:
联邦学习(FL,federated learning)是一种新兴的分布式机器学习技术,利用分散在各个机构的数据,通过传输中间结果(如模型参数、参数梯度、嵌入信息等)实现机器学习模型的联合构建。联邦学习中机构的训练数据不允许离开本地,因此降低了数据泄露的风险。根据机构之间数据分布的差异,FL 通常分为横向联邦学习(HFL,horizontal FL)、纵向联邦学习(VFL,vertical FL),以及联邦迁移学习(TFL, transfer FL)。其中,VFL适用于机构具有相同样本空间但不同特征空间的场景,广泛应用于医疗诊断、金融评估和教育服务等领域。尽管 VFL 在现实应用中有出色的表现,但其本身仍然面临诸多隐私和安全问题,尚缺少对VFL方法与安全性展开全面综述的工作。为了构建高效且安全的VFL系统,从VFL方法及其隐私和安全两个方面展开,首先从边缘模型、通信机制、对齐机制以及标签处理机制4个角度对现有的VFL方法进行详细总结和归纳;其次介绍并分析了 VFL 面临的隐私和安全风险;进一步对其防御方法进行介绍和总结;此外,介绍了适用于VFL的常见数据集及平台框架。结合VFL面临的安全性挑战给出了VFL的未来研究方向,旨在为构建高效、鲁棒和安全的VFL的理论研究提供参考。
中图分类号:
陈晋音, 李荣昌, 黄国瀚, 刘涛, 郑海斌, 程瑶. 纵向联邦学习方法及其隐私和安全综述[J]. 网络与信息安全学报, 2023, 9(2): 1-20.
Jinyin CHEN, Rongchang LI, Guohan HUANG, Tao LIU, Haibin ZHENG, Yao CHENG. Survey on vertical federated learning: algorithm, privacy and security[J]. Chinese Journal of Network and Information Security, 2023, 9(2): 1-20.
表1
常见的纵向联邦学习中面临的安全和隐私威胁Table 1 Common security and privacy threats in vertical federal learning"
攻击类型 | 攻击目标 | 攻击方法 | 攻击阶段 | 攻击背景知识 | 威胁强度 | VFL框架 | 数据模态 | |||
训练阶段 | 推理阶段 | 协调者模型 | 嵌入信息 | 标签信息 | ||||||
隐私性 | 标签 | 模型补全 | √ | √ | × | × | × | ● | 神经网络 | 图像、文本 |
隐私性 | 标签 | 主动攻击 | √ | × | × | × | × | ● | 神经网络 | 图像、文本 |
隐私性 | 标签 | 直接攻击 | √ | √ | × | × | × | ○ | 神经网络 | 图像、文本 |
隐私性 | 标签 | 范数攻击 | √ | √ | × | √ | × | ○ | 神经网络 | 文本 |
隐私性 | 属性 | 等式求解攻击 | √ | √ | × | × | × | ? | 逻辑回归 | 文本 |
隐私性 | 属性 | 路径限制攻击 | √ | √ | × | × | × | ? | 决策树 | 文本 |
隐私性 | 属性 | 生成回归网络 | × | √ | √ | √ | × | ● | 神经网络 | 文本 |
隐私性 | 属性 | 解码器攻击 | √ | √ | × | √ | × | ● | 神经网络 | 图像、文本 |
隐私性 | 成员信息 | PSI暴露 | √ | √ | × | × | × | ? | 神经网络、逻辑回归 | 图像、文本 |
隐私性 | 原始数据 | 逆向乘法攻击 | √ | × | × | × | × | ? | 逻辑回归 | 文本 |
隐私性 | 原始数据 | 逆向加法攻击] | √ | × | × | × | × | ? | XGBoost | 文本 |
隐私性 | 原始数据 | 特征空间劫持攻击 | √ | × | × | × | × | ● | 神经网络 | 图像 |
安全性 | VFL模型 | 梯度替换后门攻击 | √ | × | × | × | √ | ● | 神经网络 | 图像、文本 |
注:√表示满足,×表示不满足。威胁强度(根据攻击所需背景知识和攻击场景评估其具有的威胁性):○表示低,?表示中,●表示高。 |
表3
纵向联邦学习和横向联邦学习差异及其风险独特性Table 3 Differences between vertical and horizontal federal learning and their risk uniqueness"
类型 | 横向联邦学习 | 纵向联邦学习 | 风险独特性 |
数据提供 | 每个参与者都有各自的特征和标签 | 主动方具有标签,被动方具有特征 | 易遭受标签推断攻击 |
数据处理 | 无须对齐操作 | 需要进行数据对齐 | 数据成员直接在对齐过程中被泄露 |
模型结构 | 参与者模型结构完整 | 参与者模型结构不完整 | 攻击者对全局模型的操纵能力相对较弱 |
传输内容 | 上传下发模型参数信息或梯度信息 | 上传嵌入层信息,下发梯度信息 | 嵌入层成为隐私泄露或者攻击的目标 |
聚合机制 | 平均聚合等鲁棒聚合方式 | 直接拼接或相加 | 缺少对后门攻击的聚合防御 |
推理方式 | 参与者对全局模型单独推理,获得不同推理结果 | 参与者需要联合进行推理,输出同一个推理结果 | 易在推理阶段引入对抗攻击 |
表4
纵向联邦学习中的常用数据集Table 4 Common datasets in longitudinal federated learning"
适用场景 | 数据集 | 样本数量 | 特征数量 | 标签类别 | 数据模态 | 任务类型 | VFL引用文献 |
MIMIC-III[ | 21 139 | 714 | 2 | 文本 | 分类任务 | [27],[28],[29] | |
生物医疗 | Breast[ | 569 | 31 | 2 | 文本 | 分类任务 | [16],[21],[75],[100] |
Purchase100[ | 197 324 | 600 | 2 | 文本 | 分类任务 | [51] | |
Insurance Claim[ | 188 318 | 116 | 2 | 文本 | 分类任务 | [34] | |
金融交易 | Bank Market[ | 4 521 | 17 | 2 | 文本 | 分类任务 | [20],[101] |
Credit Card Clients[ | 284 807 | 28 | 2 | 文本 | 分类任务 | [17],[27],[31],[34],[49],[75],[100],[102] | |
Adult[ | 48 842 | 12 | 2 | 文本 | 分类任务 | [51],[75] | |
Criteo[ | 4 500 000 | 40 | 2 | 文本 | 分类任务 | [21],[103] | |
广告推荐 | Avazu | 4 000 000 | 17 | 2 | 文本 | 分类任务 | [103] |
Cora[ | 2 708 | 1 433 | 7 | 网络 | 分类任务 | [22],[23],[104] | |
文献引用 | Citeseer[ | 3 312 | 3 703 | 6 | 网络 | 分类任务 | [22],[23],[104] |
Pubmed[ | 19 717 | 500 | 3 | 网络 | 分类任务 | [22],[23],[104] | |
MNIST[ | 70 000 | 784 | 10 | 图像 | 分类任务 | [16],[18],[27],[28],[29][31],[45],[105],[106] | |
Fashion-MNIST[ | 70 000 | 784 | 10 | 图像 | 分类任务 | [105],[45],[28],[58] | |
Cifar10[ | 60 000 | 3 072 | 10 | 图像 | 分类任务 | [21],[27],[28],[105] | |
物体识别 | Cifar100[ | 60 000 | 3 072 | 100 | 图像 | 分类任务 | [21] |
COCO-QA[ | 78 736 | — | — | 图像、文本 | 分类任务 | [51] | |
NUS-WIDE[ | 269 648 | 5 018 | 81 | 图像、文本 | 分类任务 | [10],[27] | |
CelebA[ | 202 599 | 116 412 | 2 | 图像 | 分类任务 | [58] | |
News Popularity[ | 93 239 | 11 | — | 时序文本 | 回归任务 | [16],[24],[31],[33] | |
新闻媒体 | Yahoo Answers[ | 146 000 | — | 10 | 文本 | 分类任务 | [21] |
Superconductivity[ | 20 000 | 81 | — | 文本 | 回归任务 | [29] | |
物理 | Drive Diagnosis[ | 58 509 | 48 | 11 | 文本 | 分类任务 | [101] |
家电能源 | Appliances Energy[ | 19 735 | 29 | — | 文本 | 回归任务 | [20],[101] |
表5
纵向联邦学习的平台和框架Table 5 Vertical federal learning platform and framework"
框架或平台 | 开发者 | 加密手段 | 是否开源 | 使用类型 | 框架 | 特点 | 应用场景 |
FATE | 微众银行 | 同态加密 | 是 | 研究、商用 | Tensorflow、PyTorch | 支持联邦迁移学习技术 | 车险定价、信贷风控等 |
PaddleFL | 百度 | 安全多方计算 | 是 | 研究、商用 | PaddlePaddle | 基于全栈开源软件部署 | 计算机视觉、推荐算法等 |
Pysyft | OpenMined | 同态加密、秘密共享 | 是 | 研究 | TensorFlow、PyTorch | 多种隐私控制策略 | 金融风控、广告推荐等 |
iBond | 同盾科技 | 同态加密、秘密分享 | 否 | 商用 | (未知) | 引入知识联邦概念 | 自然语言处理、金融风控 |
PowerFL | 腾讯 | 多方安全计算 | 否 | 商用 | Angel | 考虑数据异质性 | 金融风控、广告推荐 |
[1] | 焦李成, 杨淑媛, 刘芳 ,等. 神经网络七十年:回顾与展望[J]. 计算机学报, 2016,39(8): 1697-1716. |
JIAO L C , YANG S Y , LIU F ,et al. Seventy years beyond neural networks:retrospect and prospect[J]. Chinese Journal of Computers, 2016,39(8): 1697-1716. | |
[2] | 中华人民共和国数据安全法[N]. 中华人民共和国全国人民代表大会常务委员会公报, 2021(5): 951-956. |
FData Security Law of the People's Republic of China[N]. Communiqué of the Standing Committee of the National People's Congress of the People's Republic of China, 2021(5): 951-956. | |
[3] | GODDARD M . The EU general data protection regulation (GDPR):European regulation that has a global impact[J]. International Journal of Market Research, 2017,59(6): 703-705. |
[4] | HORD A . Federated learning for mobile keyboard prediction[J]. arXiv preprint arXiv:1811.03604, 2018. |
[5] | YANG Q , LIU Y , CHEN T ,et al. Federated machine learning:concept and applications[J]. ACM Transactions on Intelligent Systems and Technology (TIST), 2019,10(2): 1-19. |
[6] | 李少波, 杨磊, 李传江 ,等. 联邦学习概述:技术、应用及未来[J]. 计算机集成制造系统, 2021,1(10): 1-29. |
LI S B , YANG L , LI C J ,et al. Overview of federated learning:technology,applications and future[J]. Computer Integrated Manufacturing Systems, 2021,1(10): 1-29. | |
[7] | 周传鑫, 孙奕, 汪德刚 ,等. 联邦学习研究综述[J]. 网络与信息安全学报, 2021,7(5): 1-16. |
ZHOU C X , SUN Y , WANG D ,et al. Survey of federated learning research[J]. Chinese Journal of Network and Information Security, 2021,7(5): 1-16. | |
[8] | 卫新乐, 张志勇, 宋斌 ,等. 基于纵向联邦学习的社交网络跨平台恶意用户检测方法[J]. 小型微型计算机系统, 2021,(10): 1-9. |
WEI X L , ZHANG Z Y , SONG B ,et al. Social networks cross-platform malicious user detection method based on vertical federated learning[J]. Journal of Chinese Mini-Micro Computer Systems, 2021,(10): 1-9. | |
[9] | 李鸣 . 基于纵向联邦学习的推荐系统技术研究[D]. 杭州:浙江大学, 2021. |
LI M . Research on recommendation system technology based on vertical federated learning[D]. Hangzhou:Zhejiang University, 2021. | |
[10] | KANG Y , LIU Y , CHEN T J . Fedmv:semi-supervised vertical federated learning with multiview training[J]. arXiv preprint arXiv:2008.10838, 2020. |
[11] | WU Z , LI Q , HE B . Exploiting record similarity for practical vertical federated learning[J]. arXiv preprint arXiv:2106.06312, 2021. |
[12] | LUO X , WU Y , XIAO X ,et al. Feature inference attack on model predictions in vertical federated learning[C]// Proceedings of IEEE 37th International Conference on Data Engineering (ICDE). 2021: 181-192. |
[13] | LI O , SUN J , YANG X ,et al. Label leakage and protection in two-party split learning[J]. arXiv preprint arXiv:2102.08504, 2021. |
[14] | WENG H , ZHANG J , XUE F ,et al. Privacy leakage of real-world vertical federated learning[J]. arXiv preprint arXiv:2011.09290, 2020. |
[15] | LIU Y , YI Z , CHEN T . Backdoor attacks and defenses in feature-partitioned collaborative learning[J]. arXiv preprint arXiv:2007.03608, 2020. |
[16] | HARDY S , HENECKA W , IVEY-LAW H , ,et al. Private federated learning on vertically partitioned data via entity resolution and additively homomorphic encryption[J]. arXiv preprint arXiv:1711.10677, 2017. |
[17] | YANG K , FAN T , CHEN T ,et al. A quasi-Newton method based vertical federated learning framework for logistic regression[J]. arXiv preprint arXiv:1912.00513, 2019. |
[18] | YANG S , REN B , ZHOU X ,et al. Multi-VFL for vertical federated learning without third-party coordinator[J]. arXiv preprint arXiv:1911.09824, 2019. |
[19] | CHENG K , FAN T , JIN Y ,et al. SecureBoost:a lossless federated learning framework[J]. IEEE Intelligent Systems, 2021,36(6): 87-98. |
[20] | WU Y , CAI S , XIAO X ,et al. Privacy preserving vertical federated learning for tree-based models[C]// Proceedings of the VLDB Endowment, 2020. 2090-2103. |
[21] | VEPAKOMMA P , GUPTA O , SWEDISH T ,et al. Split learning for health:distributed deep learning without sharing raw patient data[J]. arXiv preprint arXiv:1812.00564, 2018. |
[22] | FU C , ZHANG X , JI S ,et al. Label inference attacks against vertical federated learning[C]// Proceedings of USENIX Security Symposium. 2022: 1397-1414. |
[23] | NI X , XU X , LYU L ,et al. A vertical federated learning framework for graph convolutional network[J]. arXiv preprint arXiv:2106.11593, 2021. |
[24] | ZHOU J , CHEN C , ZHENG L ,et al. Vertically federated graph neural network for privacy-preserving node classification[J]. arXiv preprint arXiv:2005.11903, 2020. |
[25] | GU B , XU A , HUO Z ,et al. Privacy-preserving asynchronous federated learning algorithms for multi-party vertically collaborative learning[J]. arXiv preprint arXiv:2008.06233, 2020. |
[26] | MCMAHAN H B , MOORE E , RAMAGE D ,et al. Federated learning of deep networks using model averaging[J]. arXiv preprint arXiv:1602.05629, 2016. |
[27] | LIU Y , KANG Y , ZHANG X ,et al. A communication efficient collaborative learning framework for distributed features[J]. arXiv preprint arXiv:1912.11187, 2019. |
[28] | CHEN T , JIN X , SUN Y ,et al. VAFL:a method of vertical asynchronous federated learning[J]. arXiv preprint arXiv:2007.06081, 2020. |
[29] | DAS A , PATTERSON S . Multi-tier federated learning for vertically partitioned data[C]// Proceedings of IEEE International Conference on Acoustics,Speech and Signal Processing (ICASSP). 2021: 3100-3104. |
[30] | WRIGHT S , NOCEDAL J . Numerical optimization[J]. Springer Science, 1999,35(67-68): 7. |
[31] | ZHANG Q , GU B , DENG C ,et al. AsySQN:faster vertical federated learning algorithms with better computation resource utilization[C]// Proceedings of the 27th ACM SIGKDD Conference on Knowledge Discovery & Data Mining. 2021: 3917-3927. |
[32] | LIN Y J . Deep gradient compression:reducing the communication bandwidth for distributed training[J]. arXiv preprint arXiv:1712.01887, 2017. |
[33] | YANG K , SONG Z , ZHANG Y ,et al. Model optimization method based on vertical federated learning[C]// Proceedings of IEEE International Symposium on Circuits and Systems (ISCAS). 2021: 1-5. |
[34] | LI M , CHEN Y , WANG Y ,et al. Efficient asynchronous vertical federated learning via gradient prediction and double-end sparse compression[C]// Proceedings of 16th International Conference on Control,Automation,Robotics and Vision (ICARCV). 2020: 291-296. |
[35] | LIU D , . Accelerating intra-party communication in vertical federated learning with RDMA[C]// Proceedings of the 1st Workshop on Distributed Machine Learning. 2020: 14-20. |
[36] | 黄翠婷, 张帆, 孙小超 ,等. 隐私集合求交技术的理论与金融实践综述[J]. 信息通信技术与政策, 2021,47(6): 50. |
HUANG C T , ZHANG F , SUN X C ,et al. A survey of private set intersection technology and finance practice[J]. Information and Communications Technology and Policy, 2021,47(6): 50. | |
[37] | MEADOWS C , . A more efficient cryptographic matchmaking protocol for use in the absence of a continuously available third party[C]// Proceedings of 1986 IEEE Symposium on Security and Privacy. 1986: 134-134. |
[38] | DE CRISTOFARO E , TSUDIK G . Experimenting with fast private set intersection[C]// Proceedings of International Conference on Trust and Trustworthy Computing. 2012: 55-73. |
[39] | RABIN M O . How To Exchange Secrets with Oblivious Transfer[J]. IACR Cryptol, 2005,2005(187): 1-26. |
[40] | ISHAI Y , KILIAN J , NISSIM K ,et al. Extending oblivious transfers efficiently[C]// Proceedings of Annual International Cryptology Conference. 2003: 145-161. |
[41] | KISSNER L , SONG D . Privacy-preserving set operations[C]// Proceedings of Annual International Cryptology Conference. 2005: 241-257. |
[42] | CAMENISCH J , ZAVERUCHA G M . Private intersection of certified sets[C]// Proceedings of International Conference on Financial Cryptography and Data Security. 2009: 108-127. |
[43] | ZHANG Q , GU B , DENG C ,et al. Secure bilevel asynchronous vertical federated learning with backward updating[J]. arXiv preprint arXiv:2103.00958, 2021. |
[44] | XIA W , LI Y , ZHANG L ,et al. A vertical federated learning framework for horizontally partitioned labels[J]. arXiv preprint arXiv:2106.10056, 2021. |
[45] | MUGUNTHAN V , GOYAL P , KAGAL L . Multi-VFL:a vertical federated learning system for multiple data and label owners[J]. arXiv preprint arXiv:2106.05468, 2021. |
[46] | REDDI S , CHARLES Z , ZAHEER M ,et al. Adaptive federated optimization[J]. arXiv preprint arXiv:2003.00295, 2020. |
[47] | FENG S , YU H . Multi-participant multi-class vertical federated learning[J]. arXiv preprint arXiv:2001.11154, 2020. |
[48] | HU Y , LIU P , KONG L ,et al. Learning privately over distributed features:An ADMM sharing approach[J]. arXiv preprint arXiv:1907.07735, 2019. |
[49] | GU B , DANG Z , LI X ,et al. Federated doubly stochastic kernel learning for vertically partitioned data[C]// Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery& Data Mining. 2020: 2483-2493. |
[50] | CHEN X , LI J , CHAKRABARTI C . Communication and computation reduction for split learning using asynchronous training[J]. arXiv preprint arXiv:2107.09786, 2021. |
[51] | ZHANG S , XIANG L , YU X ,et al. Privacy-preserving federated learning on partitioned attributes[J]. arXiv preprint arXiv:2104.14383, 2021. |
[52] | SHOKRI R , STRONATI M , SONG C ,et al. Membership inference attacks against machine learning models[C]// Proceedings of 2017 IEEE Symposium on Security and Privacy (SP). 2017: 3-18. |
[53] | LIU Y , ZHANG X , WANg L . Asymmetrical vertical federated learning[J]. arXiv preprint arXiv:2004.07427, 2020. |
[54] | ZHU L , LIU Z , HAN S . Deep leakage from gradients[J]. Advances in Neural Information Processing Systems, 2019,32: 14774-14784. |
[55] | GEIPING J , BAUERMEISTER H , DR?GE H , ,et al. Inverting gradients--how easy is it to break privacy in federated learning[J]. arXiv preprint arXiv:2003.14053, 2020. |
[56] | YIN H , MALLYA A , VAHDAT A ,et al. See through gradients:image batch recovery via grad inversion[C]// Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 2021: 16337-16346. |
[57] | MAHENDRAN A , VEDALDI A . Understanding deep image representations by inverting them[C]// Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 2015: 5188-5196. |
[58] | PASQUINI D , ATENIESE G , BERNASCHI M . Unleashing the tiger:inference attacks on split learning[J]. arXiv preprint arXiv:2012.02670, 2020. |
[59] | GU T , LIU K , DOLAN-GAVITT B , ,et al. Badnets:evaluating backdooring attacks on deep neural networks[J]. IEEE Access, 2019,7: 47230-47244. |
[60] | LIAO C , ZHONG H , SQUICCIARINI A ,et al. Backdoor embedding in convolutional neural network models via invisible perturbation[J]. arXiv preprint arXiv:1808.10307, 2018. |
[61] | XIE C , HUANG K , CHEN P Y ,et al. Dba:distributed backdoor attacks against federated learning[C]// Proceedings of International Conference on Learning Representations. 2019: 1-19. |
[62] | SHAFAHI A , HUANG W R , NAJIBI M ,et al. Poison frogs! targeted clean-label poisoning attacks on neural networks[J]. arXiv preprint arXiv:1804.00792, 2018. |
[63] | TURNER A , TSIPRAS D , MADRY A . Label-consistent backdoor attacks[J]. arXiv preprint arXiv:1912.02771, 2019. |
[64] | WENG C H , LEE Y T , WU S H B . On the trade-off between adversarial and backdoor robustness[J]. Advances in Neural Information Processing Systems, 2020,33. |
[65] | GOODFELLOW I J , SHLENS J , SZEGEDY C . Explaining and harnessing adversarial examples[J]. arXiv preprint arXiv:1412.6572, 2014. |
[66] | LIU J , XIE C , KENTHAPADI K ,et al. Rvfr:Robust vertical federated learning via feature subspace recovery[C]// Proceedings of NeurIPS Workshop New Frontiers in Federated Learning:Privacy,Fairness,Robustness,Personalization and Data Ownership. 2021: 1-9. |
[67] | CHEN J Y . Graph-fraudster:adversarial attacks on graph neural network based vertical federated learning[J]. arXiv preprint arXiv:2110.06468, 2021. |
[68] | RONALD L R , ADLEMAN L , DERTOUZOS M L . On data banks and privacy homomorphisms[J]. Foundations of Secure Computation, 1978,4(11): 169-180. |
[69] | GENTRY C , . Fully homomorphic encryption using ideal lattices[C]// Proceedings of the forty-first annual ACM symposium on Theory of computing. 2009: 1-10. |
[70] | OU W . A homomorphic-encryption-based vertical federated learning scheme for rick management[J]. Computer Science and Information Systems, 2020:22. |
[71] | 夏家骏, 鲁颖, 张子扬 ,等. 基于秘密共享与同态加密的纵向联邦学习方案研究[J]. 信息通信技术与政策, 2021,47(6): 19-26. |
XIA J J , LU Y , ZHANG Z Y ,et al. Research on vertical federated learning based on secret sharing and homomorphic encryption[J]. Information and Communications Technology and Policy, 2021,47(6): 19-26. | |
[72] | DWORK C , MCSHERRY F , NISSIM K ,et al. Calibrating noise to sensitivity in private data analysis[C]// Proceedings of Theory of Cryptography Conference. 2006: 265-284. |
[73] | ABADI M , CHU A , GOODFELLOW I ,et al. Deep learning with differential privacy[C]// Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. 2016: 308-318. |
[74] | WANG C , LIANG J , HUANG M ,et al. Hybrid differentially private federated learning on vertically partitioned data[J]. arXiv preprint arXiv:2009.02763, 2020. |
[75] | SZEGEDY C , ZAREMBA W , SUTSKEVER I ,et al. Intriguing properties of neural networks[J]. Computer Science, 2013. |
[76] | ELAZAR Y , GOLDBERG Y . Adversarial removal of demographic attributes from text data[J]. arXiv preprint arXiv:1808.06640, 2018. |
[77] | LIAO P , ZHAO H , XU K ,et al. Information obfuscation of graph neural networks[C]// Proceedings of International Conference on Machine Learning. 2021: 6600-6610. |
[78] | ZHANG S , XIANG L , YU X ,et al. Privacy-preserving federated learning on partitioned attributes[J]. arXiv preprint arXiv:2104.14383, 2021. |
[79] | SUN J , YAO Y , GAO W ,et al. Defending against reconstruction attack in vertical federated learning[J]. arXiv preprint arXiv:2107.09898, 2021. |
[80] | LIU Y , KANG Y , ZOU T ,et al. Vertical Federated Learning[J]. arXiv preprint arXiv:2211.12814, 2022. |
[81] | JOHNSON A E W , POLLARD T J , SHEN L ,et al. MIMIC-III,a freely accessible critical care database[J]. Scientific data, 2016,3(1): 1-9. |
[82] | STREET W N , WOLBERG W H , MANGARIAN O L . Nuclear feature extraction for breast tumor diagnosis[J]. In Biomedical image processing and biomedical visualization, 1993,1905: 861-870. |
[83] | MORO S , CORTEZ P , RITA P . A data-driven approach to predict the success of bank telemarketing[J]. Decision Support Systems, 2014,62: 22-31. |
[84] | YEH I , LIEN C . The comparisons of data mining techniques for the predictive accuracy of probability of default of credit card clients[J]. Expert systems with applications, 2009,36(2): 2473-2480. |
[85] | KOHAVI R . Scaling up the accuracy of naive-bayes classifiers:A decision-tree hybrid[J]. Kdd, 1996,96: 202-207. |
[86] | ZHAO P , XIAO K , ZHANG Y ,et al. AMEIR:Automatic Behavior Modeling,Interaction Exploration and MLP Investigation in the Recommender System[C]// Proceedings of International Joint Conferences on Artifi-cial Intelligence. 2021: 2104-2110. |
[87] | MCCALLUM A K , NIGAM K , RENNIE J ,et al. Automating the construction of internet portals with machine learning[J]. Information Retrieval, 2000,3: 127-163. |
[88] | SEN P , NAMATA G , BILGIC M ,et al. Collective classification in network data[J]. AI magazine, 2008,29(3): 93. |
[89] | DENG L . The MNIST database of handwritten digit images for machine learning research[J]. IEEE signal processing magazine, 2021,29(6): 141-142. |
[90] | XIAO H , RASUL K , VOLLGRAF R . Fashion-MNIST:a novel image dataset for benchmarking machine learning algorithms[J]. arXiv preprint arXiv:1708.07747, 2017. |
[91] | KRIZHEVSKY A , HINTON G . Learning multiple layers of features from tiny images[R]. Technical report,Citeseer, 2009. |
[92] | REN M , KIROS R , ZEMEL R . Exploring models and data for image question answering[J]. Advances in neural information processing systems, 2015,28: 2953-2961. |
[93] | CHUA T S , TANG J , HONG R ,et al. NUS-WIDE:a real-world web image database from national university of Singapore[C]// Proceedings of ACM International Conference on Image and Video Retrieval. 2009: 1-9. |
[94] | LIU Z , LUO P , WANG X ,et al. Deep learning face attributes in the wild[C]// Proceedings of IEEE International Conference on Computer Vision. 2015: 3730-3738. |
[95] | FERNANDES K , VINAGRE P , CORTEZ P . A proactive intelligent decision support system for predicting the popularity of online news[C]// Proceedings of Portuguese Conference on Artificial Intelligence. 2015: 535-546. |
[96] | ZHANG X , ZHAO J , LECUN Y . Character-level convolutional networks for text classification[C]// Proceedings of The Advances in neural information processing systems. 2015: 1-9. |
[97] | HAMIDIEH K . A data-driven statistical model for predicting the critical temperature of a superconductor[J]. Computational Materials Science, 2018,154: 346-354. |
[98] | CANDANEDO L M , FELDHEIM V , DERAMAIX D . Data driven prediction models of energy use of appliances in a low-energy house[J]. Energy and buildings, 2017,140: 81-97. |
[99] | ZHANG C , ZHANG J , CHAI D ,et al. Aegis:A trusted,automatic and accurate verification framework for vertical federated learning[J]. arXiv preprint arXiv:2108.06958, 2021. |
[100] | ZHU H , WANG R , JIN Y ,et al. PIVODL:privacy-preserving vertical federated learning over distributed labels[J]. arXiv preprint arXiv:2108.11444, 2021. |
[101] | WENJIE S , XUAN S . Vertical federated learning based on DFP and BFGS[J]. arXiv preprint arXiv:2101.09428, 2021. |
[102] | SUN J , YANG X , YAO Y ,et al. Vertical federated learning without revealing intersection membership[J]. arXiv preprint arXiv:2106.05508, 2021. |
[103] | SHAN C , JIAO H , FU J . Towards representation identical privacy-preserving graph neural network via split learning[J]. arXiv preprint arXiv:2107.05917, 2021. |
[104] | XIA W , LI Y , ZHANG L ,et al. A Vertical federated learning framework for horizontally partitioned labels[J]. arXiv preprint arXiv:2106.10056, 2021. |
[105] | ROMANINI D , HALL A J , Papadopoulos P ,et al. Pyvertical:a vertical federated learning framework for multi-headed splitnn[J]. arXiv preprint arXiv:2104.00489, 2021. |
[106] | GAO Y , DOAN B G , ZHANG Z ,et al. Backdoor attacks and countermeasures on deep learning:a comprehensive review[J]. arXiv preprint arXiv:2007.10760, 2020. |
[1] | 陈先意, 顾军, 颜凯, 江栋, 许林峰, 付章杰. 针对车牌识别系统的双重对抗攻击[J]. 网络与信息安全学报, 2023, 9(3): 16-27. |
[2] | 张宇, 李海良. 基于RSA的图像可识别对抗攻击方法[J]. 网络与信息安全学报, 2021, 7(5): 40-48. |
[3] | 陈晋音, 张敦杰, 黄国瀚, 林翔, 鲍亮. 面向图神经网络的对抗攻击与防御综述[J]. 网络与信息安全学报, 2021, 7(3): 1-28. |
[4] | 刘西蒙,谢乐辉,王耀鹏,李旭如. 深度学习中的对抗攻击与防御[J]. 网络与信息安全学报, 2020, 6(5): 36-53. |
阅读次数 | ||||||
全文 |
|
|||||
摘要 |
|
|||||
|