[1] |
SHOKRI R , STRONATI M , SONG C ,et al. Membership inference attacks against machine learning models[C]// IEEE Symposium on Security and Privacy. 2017
|
[2] |
KHOSRAVY M , NAKAMURA K , HIROSE Y ,et al. Model inversion attack:analysis under gray-box scenario on deep learning based face recognition system[J]. KSII Transactions on Internet and Information Systems, 2021,15(3): 1100-1119.
|
[3] |
TRUONG J B , MAINI P , WALLS R ,et al. Data-free model extraction[C]// IEEE/CVF Conference on Computer Vision and Pattern Recognition. 2021
|
[4] |
谭作文, 张连福 . 机器学习隐私保护研究综述[J]. 软件学报, 2020,31(7): 30.
|
|
TAN Z W , ZHANG L F . Survey on privacy preserving techniques for machine learning[J]. Journal of Software. 2020,31(7): 30.
|
[5] |
DINH L , KRUEGER D , BENGIO Y . NICE:non-linear independent components estimation[J]. Computer Science, 2014.
|
[6] |
GOMEZ A N , REN M , URTASUN R ,et al. The reversible residual network:backpropagation without storing activations[C]// International Conference on Neural Information Processing Systems(NIPS). 2017: 2211-2221.
|
[7] |
JACOBSEN J H , SMEULDERS A , OYALLON E . i-RevNet:deep invertible networks[C]// International Conference on Learning Representations. 2018.
|
[8] |
MELIS L , SONG C Z , DE-CRISTOFARO E ,et al. Exploiting unintended feature leakage in collaborative learning[C]// Proc of the IEEE Symp on Security and Privacy. 2019
|
[9] |
TRAMèR F , ZHANG F , JUELS A ,et al. Stealing machine learning models via prediction APIs[C]// Proc of the USENIX Security Symposium. 2016: 601-618.
|
[10] |
SALEM A , ZHANG Y , HUMBERT M ,et al. ML-Leaks:model and data independent membership inference attacks and defenses on machine learning models[C]// Network and Distributed Systems Security (NDSS) Symposium. 2019.
|
[11] |
CHEN S I , KAHLA M , JIA R X ,et al. Knowledge-enriched distributional model inversion attacks[C]// Proceedings of the IEEE/CVF International Conference on Computer Vision (ICCV). 2021: 16178-16187.
|
[12] |
SZEGEDY C , VANHOUCKE V , IOFFE S ,et al. Rethinking the inception architecture for computer vision[C]// Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR). 2016: 2818-2826.
|
[13] |
LIU Y , WEN R , HE X ,et al. ML-doctor:holistic risk assess ment of inference attacks against machine learning models[C]// USENIX Security Symposium. 2022.
|
[14] |
MEJIA F A , GAMBLE P , HAMPEL-ARIAS Z ,et al. Robust or private? adversarial training makes models more vulnerable to privacy attacks[R]. 2019.
|
[15] |
AL-RUBAIE M , CHANG J M . Privacy-preserving machine learning:threats and solutions[J]. IEEE Security & Privacy, 2019,17(2): 49-58.
|
[16] |
ABADI M , CHU A , GOODFELLOW I ,et al. Deep learning with differential privacy[C]// ACM SIGSAC Conference on Computer and Communications Security (CCS). 2016: 308-318.
|
[17] |
CHOO C A C , TRAMER F , CARLINI N ,et al. Label-only membership inference attacks[J]. arXiv Preprint arXiv:2007.14321, 2020.
|
[18] |
CHENG Z , LI Z , ZHANG J ,et al. Differentially private machine learning model against model extraction attack[C]// 2020 International Conferences on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber,Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData) and IEEE Congress on Cybermatics (Cybermatics). 2020.
|
[19] |
JIA J Y , SALEM A , BACKES M ,et al. MemGuard:defending againstblack-box membership inference attacks via adversarial examples[C]// Proceedings of 2019 ACM SIGSAC Conference on Computer and Communications Security. 2019: 259-274.
|
[20] |
NASR M , SHOKRI R , HOUMANSADR A . Comprehensive privacy analysis of deep learning:passive and active white-box inference attacks against centralized and federated learning[C]// Proceedings of 2019 IEEE Symposium on Security and Privacy. 2019: 739-753.
|
[21] |
ZHANG G , LIU B , TIAN H ,et al. How does a deep learning model architecture impact its privacy[J]. arXiv Preprint arXiv:2210.11049, 2022.
|