高级检索

    分布式深度学习隐私与安全攻击研究进展与挑战

    Research and Challenge of Distributed Deep Learning Privacy and Security Attack

    • 摘要: 不同于集中式深度学习模式,分布式深度学习摆脱了模型训练过程中数据必须中心化的限制,实现了数据的本地操作,允许各方参与者在不交换数据的情况下进行协作,显著降低了用户隐私泄露风险,从技术层面可以打破数据孤岛,显著提升深度学习的效果,能够广泛应用于智慧医疗、智慧金融、智慧零售和智慧交通等领域.但生成对抗式网络攻击、成员推理攻击和后门攻击等典型攻击揭露了分布式深度学习依然存在严重隐私漏洞和安全威胁.首先对比分析了联合学习、联邦学习和分割学习3种主流的分布式深度学习模式特征及其存在的核心问题.其次,从隐私攻击角度,全面阐述了分布式深度学习所面临的各类隐私攻击,并归纳和分析了现有隐私攻击防御手段.同时,从安全攻击角度,深入剖析了数据投毒攻击、对抗样本攻击和后门攻击3种安全攻击方法的攻击过程和内在安全威胁,并从敌手能力、防御原理和防御效果等方面对现有安全攻击防御技术进行了度量.最后,从隐私与安全攻击角度,对分布式深度学习未来的研究方向进行了讨论和展望.

       

      Abstract: Different from the centralized deep learning mode, distributed deep learning gets rid of the limitation that the data must be centralized during the model training process, which realizes the local operation of the data, and allows all participants to collaborate without exchanging data. It significantly reduces the risk of user privacy leakage, breaks the data island from the technical level, and improves the efficiency of deep learning. Distributed deep learning can be widely used in smart medical care, smart finance, smart retail and smart transportation. However, typical attacks such as generative adversarial network attacks, membership inference attacks and backdoor attacks, have revealed that distributed deep learning still has serious privacy vulnerabilities and security threats. This paper first compares and analyzes the characteristics of the three distributed deep learning modes and their core problems, including collaborative learning, federated learning and split learning. Secondly, from the perspective of privacy attacks, it comprehensively expounds various types of privacy attacks faced by distributed deep learning, and summarizes the existing privacy attack defense methods. At the same time, from the perspective of security attacks, the paper analyzes the attack process and inherent security threats of the three security attacks: data poisoning attacks, adversarial sample attacks, and backdoor attacks, and analyzes the existing security attack defense technology from the perspectives of defense principles, adversary capabilities, and defense effects. Finally, from the perspective of privacy and security attacks, the future research directions of distributed deep learning are discussed and prospected.

       

    /

    返回文章
    返回