Journal on Communications ›› 2023, Vol. 44 ›› Issue (8): 1-13.doi: 10.11959/j.issn.1000-436x.2023149
• Papers •
Xiaolin CHEN1,2, Daoguang ZAN1,2, Bingchao WU1,2, Bei GUAN2,3, Yongji WANG2,3
Revised:
2023-07-25
Online:
2023-08-01
Published:
2023-08-01
Supported by:
CLC Number:
Xiaolin CHEN, Daoguang ZAN, Bingchao WU, Bei GUAN, Yongji WANG. Adversarial sample generation algorithm for vertical federated learning[J]. Journal on Communications, 2023, 44(8): 1-13.
"
对抗样本生成算法 | MNIST | CIFAR-10 | ImageNet-100 | |||||
Top1 | Top3 | Top1 | Top3 | Top1 | Top3 | |||
VFL-FGSM | 92.13% | 99.26% | 48.22% | 84.91% | 49.60% | 69.93% | ||
VFL-IFGSM | 85.42% | 98.72% | 41.25% | 82.86% | 40.42% | 67.46% | ||
VFL-MIFGSM | 80.32% | 91.51% | 43.04% | 89.45% | 37.51% | 53.42% | ||
VFL-LBFGS | 82.29% | 95.86% | 45.89% | 82.54% | 49.65% | 63.73% | ||
VFL-JMSA | 87.00% | 97.72% | 57.65% | 89.65% | 37.93% | 51.98% | ||
VFL-C&W | 41.24% | 76.37% | ||||||
VFL-GASG | 92.89% | 43.00% | 22.36% | 47.41% | ||||
目标模型 | 97.27% | 99.78% | 79.91% | 95.36% | 65.09% | 75.74% |
"
对抗样本生成算法 | MNIST | CIFAR-10 | ImageNet-100 | ||||||||
计算耗时/s | 目标模型1 | 模型A | 计算耗时/s | 目标模型2 | 模型B | 计算耗时/s | 目标模型3 | 模型C | |||
VFL-FGSM | 19.64 | 92.13% | 94.25% | 12.36 | 48.22% | 61.34% | 197.92 | 49.60% | 56.34% | ||
VFL-IFGSM | 56.23 | 85.42% | 91.83% | 41.25 | 41.25% | 59.84% | 471.50 | 40.42% | 55.41% | ||
VFL-MIFGSM | 57.75 | 80.32% | 86.26% | 51.89 | 43.04% | 67.63% | 563.23 | 37.51% | 49.92% | ||
VFL-LBFGS | 935.92 | 82.29% | 89.24% | 269.93 | 45.89% | 60.93% | 2669.86 | 49.65% | 52.53% | ||
VFL-JSMA | 1771.82 | 87.00% | 91.52% | 1524.34 | 57.65 % | 68.42% | 6404.60 | 37.93% | 51.69% | ||
VFL-C&W | 9360.65 | 41.24% | 59.25% | 8248.43 | 33849.15 | 42.82% | |||||
VFL-GASG | 43.00% | 58.57% | 22.36% |
"
训练样本比例 | MNIST | CIFAR-10 | ImageNet-100 | |||||
Top1 | Top3 | Top1 | Top3 | Top1 | Top3 | |||
5% | 33.16% | 92.13% | 42.90% | 74.39% | 23.87% | 48.27% | ||
10% | 30.90% | 92.94% | 41.79% | 73.39% | 24.92% | 47.48% | ||
20% | 30.73% | 92.50% | 43.51% | 76.01% | 25.83% | 49.45% | ||
40% | 31.24% | 92.86% | 43.48% | 76.65% | 23.65% | 48.18% | ||
80% | 30.96% | 92.88% | 42.14% | 75.05% | 22.83% | 48.32% | ||
100% | 31.24% | 92.89% | 43.00% | 75.21% | 22.36% | 47.41% | ||
极差 | 2.43% | 0.81% | 1.72% | 3.26% | 3.47% | 2.04% |
[1] | JOHN R , DAVID R , JOHN G . Data age 2025:the digitization of the world from edge to core[R]. 2018. |
[2] | VOIGT P , BUSSCHE A V D . The EU general data protection regulation (GDPR)[R]. 2017. |
[3] | PIPER D L A . Data protection laws of the world:full handbook[R]. 2017. |
[4] | 第十三届全国人民代表大会. 中华人民共和国数据安全法[Z]. 2021. |
The 13th National People’s Congress. Data security law of the People’s Republic of China[Z]. 2021. | |
[5] | MCMAHAN H B , MOORE E , RAMAGE D ,et al. Communication-efficient learning of deep networks from decentralized data[J]. arXiv Preprint,arXiv:1602.05629, 2016. |
[6] | YANG Q , LIU Y , CHEN T ,et al. Federated machine learning:concept and applications[J]. ACM Transactions on Intelligent Systems and Technology, 2019,10(2): 1-19. |
[7] | WANG G . Interpret federated learning with shapley values[J]. arXiv Preprint,arXiv:1905.04519, 2019. |
[8] | CAI F . ByteDance breaks federal learning:open source fedlearner framework,209% increase in advertising efficiency[R]. 2020. |
[9] | GE N , LI G H , ZHANG L ,et al. Failure prediction in production line based on federated learning:an empirical study[J]. Journal of Intelligent Manufacturing, 2022,33(8): 2277-2294. |
[10] | LIU H , ZHANG X , SHEN X ,et al. A federated learning framework for smart grids:securing power traces in collaborative learning[J]. arXiv Preprint,arXiv:2103.11870, 2021. |
[11] | ZHU L , LIU Z , HAN S . Deep leakage from gradients[C]// Proceedings of the 33rd International Conference on Neural Information Processing Systems. Piscataway:IEEE Press, 2019: 14774-14784. |
[12] | WENG H , ZHANG J , XUE F ,et al. Privacy leakage of real-world vertical federated learning[J]. arXiv Preprint,arXiv:2011.09290, 2020. |
[13] | FU C , ZHANG X , JI S ,et al. Label inference attacks against vertical federated learning[C]// 31st USENIX Security Symposium. Berkeley:USENIX Association, 2022: 1397-1414. |
[14] | LUO X J , WU Y C , XIAO X K ,et al. Feature inference attack on model predictions in vertical federated learning[C]// Proceedings of 2021 IEEE 37th International Conference on Data Engineering (ICDE). Piscataway:IEEE Press, 2021: 181-192. |
[15] | JIN X , CHEN P Y , HSU C Y ,et al. CAFE:catastrophic data leakage in vertical federated learning[J]. arXiv Preprint,arXiv:2110.15122, 2021. |
[16] | YANG R K , MA J F , ZHANG J Y ,et al. Practical feature inference attack in vertical federated learning during prediction in artificial In-ternet of things[J]. IEEE Internet of Things Journal, 2023:doi.10.1109/JIOT.2023.3275161. |
[17] | ZHANG C , LI S , XIA J ,et al. Batchcrypt:efficient homomorphic encryption for cross-silo federated learning[C]// Proceedings of the 2020 USENIX Annual Technical Conference. Berkeley:USENIX Association, 2020 |
[18] | LIU Y , ZHANG X W , KANG Y ,et al. FedBCD:a communication-efficient collaborative learning framework for distributed features[J]. IEEE Transactions on Signal Processing, 2022,70: 4277-4290. |
[19] | SZEGEDY C , ZAREMBA W , SUTSKEVER I ,et al. Intriguing properties of neural networks[J]. arXiv Preprint,arXiv:1312.6199, 2013. |
[20] | GOODFELLOW I J , SHLENS J , SZEGEDY C . Explaining and harnessing adversarial examples[J]. arXiv Preprint,arXiv:1412.6572, 2014. |
[21] | CHENG K W , FAN T , JIN Y L ,et al. SecureBoost:a lossless federated learning framework[J]. IEEE Intelligent Systems, 2021,36(6): 87-98. |
[22] | NI X , XU X , LYU L ,et al. A vertical federated learning framework for graph convolutional network[J]. arXiv Preprint,arXiv:2106.11593, 2021. |
[23] | CEBALLOS I , SHARMA V , MUGICA E ,et al. SplitNN-driven vertical partitioning[J]. arXiv Preprint,arXiv:2008.04137, 2020. |
[24] | 陈晋音, 李荣昌, 黄国瀚 ,等. 纵向联邦学习方法及其隐私和安全综述[J]. 网络与信息安全学报, 2023,9(2): 1-20. |
CHEN J Y , LI R C , HUANG G H ,et al. Survey on vertical federated learning:algorithm,privacy and security[J]. Chinese Journal of Network and Information Security, 2023,9(2): 1-20. | |
[25] | 王波, 代晓蕊, 王伟 ,等. 面向联邦学习的对抗样本投毒攻击[J]. 中国科学(信息科学), 2023,53(3): 470-484. |
WANG B , DAI X R , WANG W ,et al. Adversarial examples for poisoning attacks against federated learning[J]. Scientia Sinica (Informationis), 2023,53(3): 470-484. | |
[26] | 冯霁, 蔡其志, 姜远 . 联邦学习下对抗训练样本表示的研究[J]. 中国科学:信息科学, 2021,51(6): 900-911. |
FENG J , CAI Q Z , JIANG Y . Towards training time attacks for federated machine learning systems[J]. Scientia Sinica (Informationis), 2021,51(6): 900-911. | |
[27] | CARLINI N , WAGNER D . Towards evaluating the robustness of neural networks[C]// Proceedings of 2017 IEEE Symposium on Security and Privacy (SP). Piscataway:IEEE Press, 2017: 39-57. |
[28] | KURAKIN A , GOODFELLOW I J , BENGIO S . Artificial intelligence safety and security[M]. Boca Raton: CRC Press, 2018. |
[29] | DONG Y P , LIAO F Z , PANG T Y ,et al. Boosting adversarial attacks with momentum[C]// Proceedings of 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition. Piscataway:IEEE Press, 2018: 9185-9193. |
[30] | PAPERNOT N , MCDANIEL P , JHA S ,et al. The limitations of deep learning in adversarial settings[C]// Proceedings of 2016 IEEE European Symposium on Security and Privacy (EuroS&P). Piscataway:IEEE Press, 2016: 372-387. |
[31] | GOODFELLOW I , POUGET-ABADIE J , MIRZA M ,et al. Generative adversarial networks[J]. Communications of the ACM, 2020,63(11): 139-144. |
[32] | ARJOVSKY M , CHINTALA S , BOTTOU L . Wasserstein GAN[J]. arXiv Preprint,arXiv:1701.07875, 2017. |
[33] | RADFORD A , METZ L , CHINTALA S . Unsupervised representation learning with deep convolutional generative adversarial networks[J]. arXiv Preprint,arXiv:1511.06434, 2015. |
[1] | Xiaoxue GONG, Jiahao PANG, Qihan ZHANG, Changle XU, Wenshuai QIN, Lei GUO. Machine learning-based detection, identification and restoration method of jamming attacks in optical networks [J]. Journal on Communications, 2023, 44(7): 159-170. |
[2] | Qianyi DAI, Bin ZHANG, Song GUO, Kaiyong XU. Blockchain network layer anomaly traffic detection method based on multiple classifier integration [J]. Journal on Communications, 2023, 44(3): 66-80. |
[3] | Chengsheng YUAN, Qiang GUO, Zhangjie FU. Copyright protection algorithm based on differential privacy deep fake fingerprint detection model [J]. Journal on Communications, 2022, 43(9): 181-193. |
[4] | Gaofeng HE, Qianfeng WEI, Xiancai XIAO, Haiting ZHU, Bingfeng XU. Confirmation method for the detection of malicious encrypted traffic with data privacy protection [J]. Journal on Communications, 2022, 43(2): 156-170. |
[5] | Zhibin FENG, Yuhua XU, Zhiyong DU, Xin LIU, Wen LI, Hao HAN, Xiaobo ZHANG. Active defense technology against intelligent jammer [J]. Journal on Communications, 2022, 43(10): 42-54. |
[6] | Yanhui LU, Han LIU, Hang LI, Guangxu ZHU. Time series generation model based on multi-discriminator generative adversarial network [J]. Journal on Communications, 2022, 43(10): 167-176. |
[7] | Kai MEI, Haitao ZHAO, Xiaoran LIU, Jun LIU, Jun XIONG, Baoquan REN, Jibo WEI. Efficient model-and-data based channel estimation algorithm [J]. Journal on Communications, 2022, 43(1): 59-70. |
[8] | Changgen PENG, Ting GAO, Huilan LIU, Hongfa DING. PCA-based membership inference attack for machine learning models [J]. Journal on Communications, 2022, 43(1): 149-160. |
[9] | Yiteng WU, Wei LIU, Hongtao YU. Label flipping adversarial attack on graph neural network [J]. Journal on Communications, 2021, 42(9): 65-74. |
[10] | Futai ZOU, Yue TAN, Lin WANG, Yongkang JIANG. Botnet detection based on generative adversarial network [J]. Journal on Communications, 2021, 42(7): 95-106. |
[11] | Liu LIU, Jianhua ZHANG, Yuanyuan FAN, Li YU, Jiachi ZHANG. Survey of application of machine learning in wireless channel modeling [J]. Journal on Communications, 2021, 42(2): 134-153. |
[12] | Qixu LIU, Junnan WANG, Jie YIN, Yanhui CHEN, Jiaxi LIU. Application of adversarial machine learning in network intrusion detection [J]. Journal on Communications, 2021, 42(11): 1-12. |
[13] | Xu CHENG, Yingying WANG, Nianjie ZHANG, Zhangjie FU, Beijing CHEN, Guoying ZHAO. Multi-level loss object tracking adversarial attack method based on spatial perception [J]. Journal on Communications, 2021, 42(11): 242-254. |
[14] | Yusun FU,Genke YANG. Application of artificial intelligence in mobile communication:challenge and practice [J]. Journal on Communications, 2020, 41(9): 190-201. |
[15] | Yongjin HU,Yuanbo GUO,Jun MA,Han ZHANG,Xiuqing MAO. Method to generate cyber deception traffic based on adversarial sample [J]. Journal on Communications, 2020, 41(9): 59-70. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|