Journal on Communications ›› 2023, Vol. 44 ›› Issue (5): 193-205.doi: 10.11959/j.issn.1000-436x.2023094
• Papers • Previous Articles Next Articles
Jiale ZHANG1,2, Chengcheng ZHU1,2, Xiaobing SUN1,2, Bing CHEN3
Revised:
2023-03-06
Online:
2023-05-25
Published:
2023-05-01
Supported by:
CLC Number:
Jiale ZHANG, Chengcheng ZHU, Xiaobing SUN, Bing CHEN. Membership inference attack and defense method in federated learning based on GAN[J]. Journal on Communications, 2023, 44(5): 193-205.
"
类别 | MNIST | F-MNIST | CIFAR-10 | |||||
Before | DefMIA | Before | DefMIA | Before | DefMIA | |||
0 | 0.903 | 0.501 | 0.942 | 0.512 | 0.876 | 0.483 | ||
1 | 0.961 | 0.506 | 0.922 | 0.502 | 0.889 | 0.491 | ||
2 | 0.953 | 0.551 | 0.925 | 0.524 | 0.879 | 0.507 | ||
3 | 0.977 | 0.575 | 0.921 | 0.504 | 0.874 | 0.498 | ||
4 | 0.977 | 0.597 | 0.953 | 0.533 | 0.901 | 0.503 | ||
5 | 0.896 | 0.546 | 0.932 | 0.517 | 0.877 | 0.488 | ||
6 | 0.923 | 0.549 | 0.897 | 0.503 | 0.894 | 0.502 | ||
7 | 0.924 | 0.535 | 0.933 | 0.513 | 0.886 | 0.514 | ||
8 | 0.923 | 0.529 | 0.967 | 0.539 | 0.882 | 0.489 | ||
9 | 0.921 | 0.535 | 0.929 | 0.507 | 0.906 | 0.504 |
[10] | CHEN J L , ZHANG J L , ZHAO Y C ,et al. Beyond model-level membership privacy leakage:an adversarial approach in federated learning[C]// Proceedings of 2020 29th International Conference on Computer Communications and Networks (ICCCN). Piscataway:IEEE Press, 2020: 1-9. |
[11] | HAYES J , MELIS L , DANEZIS G ,et al. LOGAN:membership inference attacks against generative models[C]// Proceedings of Privacy Enhancing Technologies Symposium. Berlin:Springer, 2019: 133-152. |
[12] | NASR M , SHOKRI R , HOUMANSADR A . Comprehensive privacy analysis of deep learning:passive and active white-box inference attacks against centralized and federated learning[C]// Proceedings of 2019 IEEE Symposium on Security and Privacy (SP). Piscataway:IEEE Press, 2019: 739-753. |
[13] | GOODFELLOW I , POUGET-ABADIE J , MIRZA M ,et al. Generative adversarial networks[J]. Communications of the ACM, 2020,63(11): 139-144. |
[14] | QU Y Y , YU S , ZHANG J W ,et al. GAN-DP:generative adversarial net driven differentially privacy-preserving big data publishing[C]// Proceedings of 2019 IEEE International Conference on Communications (ICC). Piscataway:IEEE Press, 2019: 1-6. |
[15] | JONSSON K V , KREITZ G , UDDIN M . Secure multi-party sorting and applications[J]. IACR Cryptology ePrint Archive, 2011:doi.eprint.iacr.org/2011/122. |
[16] | AONO Y , HAYASHI T , WANG L ,et al. Privacy-preserving deep learning via additively homomorphic encryption[J]. IEEE Transactions on Information Forensics and Security, 2017,13(5): 1333-1345. |
[17] | ABADI M , CHU A , GOODFELLOW I ,et al. Deep learning with differential privacy[C]// Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2016: 308-318. |
[18] | JIA J Y , SALEM A , BACKES M ,et al. MemGuard:defending against black-box membership inference attacks via adversarial examples[C]// Proceedings of the 2019 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2019: 259-274. |
[19] | ZHOU Y H , YE Q , LV J C . Communication-efficient federated learning with compensated overlap-FedAvg[J]. IEEE Transactions on Parallel and Distributed Systems, 2022,33(1): 192-205. |
[20] | FREDRIKSON M , JHA S , RISTENPART T . Model inversion attacks that exploit confidence information and basic countermeasures[C]// Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2015: 1322-1333. |
[21] | TOLPEGIN V , TRUEX S , GURSOY M E ,et al. Data poisoning attacks against federated learning systems[C]// European Symposium on Research in Computer Security. Berlin:Springer, 2020: 480-501. |
[22] | ZHANG J L , CHEN J J , WU D ,et al. Poisoning attack in federated learning using generative adversarial nets[C]// Proceedings of 2019 18th IEEE International Conference on Trust,Security and Privacy In Computing and Communications/13th IEEE International Conference on Big Data Science and Engineering (TrustCom/BigDataSE). Piscataway:IEEE Press, 2019: 374-380. |
[23] | MOTHUKURI V , PARIZI R M , POURIYEH S ,et al. A survey on security and privacy of federated learning[J]. Future Generation Computer Systems, 2021,115: 619-640. |
[24] | PROUDFOOT D . Anthropomorphism and AI:Turing’s much misunderstood imitation game[J]. Artificial Intelligence, 2011,175(5-6): 950-957. |
[25] | ZHANG J L , CHEN B , CHENG X ,et al. PoisonGAN:generative poisoning attacks against federated learning in edge computing systems[J]. IEEE Internet of Things Journal, 2021,8(5): 3310-3322. |
[26] | BAGDASARYAN E , VEIT A , HUA Y ,et al. How to backdoor federated learning[C]// International Conference on Artificial Intelligence and Statistics. New York:PMLR, 2020: 2938-2948. |
[27] | XU G W , LI H W , LIU S ,et al. VerifyNet:secure and verifiable federated learning[J]. IEEE Transactions on Information Forensics and Security, 2020,15: 911-926. |
[1] | MCMAHAN H B , MOORE E , RAMAGE D ,et al. Communication-efficient learning of deep networks from decentralized data[J]. arXiv Preprint,arXiv:1602.05629, 2016. |
[2] | LI T , SAHU A K , TALWALKAR A ,et al. Federated learning:challenges,methods,and future directions[J]. IEEE Signal Processing Magazine, 2020,37(3): 50-60. |
[28] | LU Y L , HUANG X H , DAI Y Y ,et al. Blockchain and federated learning for privacy-preserved data sharing in industrial IoT[J]. IEEE Transactions on Industrial Informatics, 2020,16(6): 4177-4186. |
[29] | SALEM A , ZHANG Y , HUMBERT M ,et al. ML-leaks:model and data independent membership inference attacks and defenses on machine learning models[C]// Proceedings of 2019 Network and Distributed System Security Symposium. Reston:Internet Society, 2019: 1-15. |
[3] | YANG Q , LIU Y , CHEN T J ,et al. Federated machine learning[J]. ACM Transactions on Intelligent Systems and Technology, 2019,10(2): 1-19. |
[4] | SATTLER F , WIEDEMANN S , MüLLER K R , ,et al. Robust and communication-efficient federated learning from non-i.i.d.data[J]. IEEE Transactions on Neural Networks and Learning Systems, 2019,31(9): 3400-3413. |
[30] | ZHANG J W , ZHANG J L , CHEN J J ,et al. GAN enhanced membership inference:a passive local attack in federated learning[C]// Proceedings of 2020 IEEE International Conference on Communications (ICC). Piscataway:IEEE Press, 2020: 1-6. |
[31] | HITAJ B , ATENIESE G , PEREZ-CRUZ F . Deep models under the GAN:information leakage from collaborative deep learning[C]// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. New York:ACM Press, 2017: 603-618. |
[5] | TRUEX S , LIU L , GURSOY M E ,et al. Demystifying membership inference attacks in machine learning as a service[J]. IEEE Transactions on Services Computing, 2021,14(6): 2073-2089. |
[6] | WANG Z B , SONG M K , ZHANG Z F ,et al. Beyond inferring class representatives:user-level privacy leakage from federated learning[C]// Proceedings of IEEE Conference on Computer Communications. Piscataway:IEEE Press, 2019: 2512-2520. |
[32] | NGUYEN A , YOSINSKI J , CLUNE J . Deep neural networks are easily fooled:high confidence predictions for unrecognizable images[C]// Proceedings of 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). Piscataway:IEEE Press, 2015: 427-436. |
[33] | DENG L . The MNIST database of handwritten digit images for machine learning research[best of the Web][J]. IEEE Signal Processing Magazine, 2012,29(6): 141-142. |
[7] | MELIS L , SONG C Z , CRISTOFARO E D ,et al. Exploiting unintended feature leakage in collaborative learning[C]// Proceedings of 2019 IEEE Symposium on Security and Privacy (SP). Piscataway:IEEE Press, 2019: 691-706. |
[8] | ZHU L , LIU Z , HAN S . Deep leakage from gradients[J]. arXiv Preprint,arXiv:1906.08935, 2019. |
[34] | XIAO H , RASUL K , VOLLGRAF R . Fashion-MNIST:a novel image dataset for benchmarking machine learning algorithms[J]. arXiv Preprint,arXiv:1708.07747, 2017. |
[35] | HE K M , ZHANG X Y , REN S Q ,et al. Deep residual learning for image recognition[C]// Proceedings of 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR). Piscataway:IEEE Press, 2016: 770-778. |
[9] | SHOKRI R , STRONATI M , SONG C Z ,et al. Membership inference attacks against machine learning models[C]// Proceedings of 2017 IEEE Symposium on Security and Privacy (SP). Piscataway:IEEE Press, 2017: 3-18. |
[36] | WU D , QI S Y , QI Y ,et al. Understanding and defending against White-box membership inference attack in deep learning[J]. Knowledge-Based Systems, 2023,259:110014. |
[1] | Xindi MA, Qinghua LI, Qi JIANG, Zhuo MA, Sheng GAO, Youliang TIAN, Jianfeng MA. Byzantine-robust federated learning over Non-IID data [J]. Journal on Communications, 2023, 44(6): 138-153. |
[2] | Youliang TIAN, Shihong WU, Ta LI, Lindong WANG, Hua ZHOU. Federated learning optimization algorithm based on incentive mechanism [J]. Journal on Communications, 2023, 44(5): 169-180. |
[3] | Kaiju LI, Qiang XU, Hao WANG. Communication-efficient federated learning method via redundant data elimination [J]. Journal on Communications, 2023, 44(5): 79-93. |
[4] | Shengxing YU, Zekai CHEN, Zhong CHEN, Ximeng LIU. DAGUARD: distributed backdoor attack defense scheme under federated learning [J]. Journal on Communications, 2023, 44(5): 110-122. |
[5] | Hui JIANG, Tianliu HE, Min LIU, Sheng SUN, Yuwei WANG. High-performance federated continual learning algorithm for heterogeneous streaming data [J]. Journal on Communications, 2023, 44(5): 123-136. |
[6] | Xin SUN, Guifu ZHANG, Hongyan XING, Wang Zenghui. Research on intrusion detection for maritime meteorological sensor network based on balancing generative adversarial network [J]. Journal on Communications, 2023, 44(4): 124-136. |
[7] | Shengxing YU, Zhong CHEN. Efficient secure federated learning aggregation framework based on homomorphic encryption [J]. Journal on Communications, 2023, 44(1): 14-28. |
[8] | Lingtao TANG, Di WANG, Shengyun LIU. Data augmentation scheme for federated learning with non-IID data [J]. Journal on Communications, 2023, 44(1): 164-176. |
[9] | Yanhua LIU, Jiaqi LI, Zhengui OU, Xiaoling GAO, Ximeng LIU, Weizhi MENG, Baoxu LIU. Adversarial training driven malicious code detection enhancement method [J]. Journal on Communications, 2022, 43(9): 169-180. |
[10] | Yanwen WANG, Weimin LEI, Wei ZHANG, Huan MENG, Xinyi CHEN, Wenhui YE, Qingyang JING. Survey on video image reconstruction method based on generative model [J]. Journal on Communications, 2022, 43(9): 194-208. |
[11] | Shaoshuai FAN, Jianbo WU, Hui TIAN. Federated learning resource management for energy-constrained industrial IoT devices [J]. Journal on Communications, 2022, 43(8): 65-77. |
[12] | Zijia MO, Zhipeng GAO, Yang YANG, Yijing LIN, Shan SUN, Chen ZHAO. Efficient distributed model sharing strategy for data privacy protection in Internet of vehicles [J]. Journal on Communications, 2022, 43(4): 83-94. |
[13] | Xueyuan DUAN, Yu FU, Kun WANG. Multi-dimensional time series anomaly detection method based on VAE-WGAN [J]. Journal on Communications, 2022, 43(3): 1-13. |
[14] | Xiayu XIANG, Jiahui WANG, Zirui WANG, Shaoming DUAN, Hezhong PAN, Rongfei ZHUANG, Peiyi HAN, Chuanyi LIU. Generate medical synthetic data based on generative adversarial network [J]. Journal on Communications, 2022, 43(3): 211-224. |
[15] | Haiyan KANG, Yuanrui JI. Research on federated learning approach based on local differential privacy [J]. Journal on Communications, 2022, 43(10): 94-105. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|