Просматривается номер   2023-73-1
К читателю
О журнале
Публикационная этика
Авторам
Тематика
Правила рецензирования
English (United Kingdom)Russian (CIS)
Информационные технологии
N.E. Kalenov, I.N. Sobolevskaya, A.N. Sotnikov "Classes of objects and relations in the Common Digital Space of Scientific Knowledge"
I.A. Filozova, T.N. Zaikina, G.V. Shestakova, R.N. Semenov "Curation of bibliographic metadata of the institutional repository on the Invenio-JOIN2 platform"
E.I. Alexandrov, I.N. Alexandrov, D.V. Belyakov, N.A. Davydova, L.A. Kalmykova, M.A. Lyubimova, T.F. Sapozhnikova, T.S. Syresina, A.V. Yakovlev, P.V. Zrelov "Development of an Information-analytical System for the Support and Maintenance of Licenses at ML
M.V. Bulygin, D.E. Namiot, O.N. Pokusaev "On the analysis of individual data on transport usage"
И.И. Дейкин, В.В. Сюзев, Е. В.Смирнова, А.В. Пролетарский "Хранилище сымитированных типовых сигналов как основа разработки быстрых алгоритмов"
Интеллектуальный анализ данных
И.А. Попова Г.И. Ревунков, Ю.Е. Гапанюк "AutoML: исследование существующих программных реализаций и определение общей внутренней структуры решений"
M.S. Manakhova, V.A. Dudarev "Web Application with GUI for Data Analysis Automation"
Г.С. Брыкин "Проект System.AI: полностью управляемый стек машинного обучения и анализа данных для экосистемы .NET"
D.E. Namiot, E.A. Ilyushin, I.V.Chizov "On the Practical Generation of Counterfactual Examples"
Junzhe Song, D.E. Namiot "A Survey of Model Inversion Attacks and Countermeasures"
N.D. Moskin, K.A. Kulakov, A.A. Rogov, R.V. Abramov "Research the Stability of Decision Trees Using Distances on Graphs"
B.K. Amos, I.V. Smirnov, I.A. Aidrous, R.R. Asmyatullin, S.G. Glavina "Economic Cycle Prediction using Machine Learning – Russia Case Study"
V.A. Yunusov, A.F. Gilemzyanov, F.M. Gafarov, P.N. Ustin, A.R. Khalfieva "Quantitative large-scale study of school student’s academic performance peculiarities during distance education caused by COVID-19"
Методы и модели в естественных науках
Е.С. Постникова, О. Л. Рябухина, А.В. Тутуков, С.В. Верещагин, Н.В. Чупина, А. П. Демидов "Структура и эволюция рассеянных звездных скоплений: теория и наблюдения на основе данных Gaia"
V.Yu. Kim, I.M. Izmailova "Astronomical observation planner"
N.A. Vasilyeva, A.A. Vladimirov, T.A. Vasiliev "A logical model for integration of heterogeneous experimental data in soil research"
В.И. Будзко, В.И. Меденников "Условия результативного применения технологий искусственного интеллекта в агропромышленном комплексе ЕАЭС"
Компьютерный анализ текстов
Н.А. Колпаков, А.И. Молодченков, А.В. Лукин "Методы извлечения биомедицинской информации из патентов и научных публикаций (на примере химических соединений)"
A.P. Zavyalova, P.A. Martynyuk, R.S. Samarev "Sentence splitters benchmark"
N.D. Todosiev, V.I. Yankovskiy, Y.E. Gapanyuk, A.M. Andreev "The Conceptual Modeling System Based on Metagraph Approach"
Junzhe Song, D.E. Namiot "A Survey of Model Inversion Attacks and Countermeasures"
Abstract. 

This article provides a detailed overview of the so-called Model Inversion(MI) attacks. These attacks aim at Machine-Learning-as-a-Service (MLaaS) platforms, and the goal is to use some well-prepared adversarial samples to attack target models and gain sensitive information from ML models, such as items from the dataset on which ML model was trained or ML model's parameters. This kind of attack now becomes an enormous threat to ML models, therefore, it is necessary to research this attack, understand how it will affect ML models, and based on this knowledge, we can propose some strategies that may improve the robustness of ML models.

Keywords: 

adversarial machine learning, model inversion attack, deep-learning, cyber security.

Стр. 82-93.

DOI: 10.14357/20790279230110
 
 
References

1. Fredrikson, M., Jha, S., & Ristenpart, T. (2015, October). Model inversion attacks that exploit confidence information and basic countermeasures. In Proceedings of the 22nd ACM SIGSAC conference on computer and communications security (pp. 1322-1333).
2. Wu, X., Fredrikson, M., Jha, S., & Naughton, J.F. (2016, June). A methodology for formalizing model-inversion attacks. In 2016 IEEE 29th Computer Security Foundations Symposium (CSF) (pp. 355-370). IEEE.
3. Yeom, S., Giacomelli, I., Fredrikson, M., & Jha, S. (2018, July). Privacy risk in machine learning: Analyzing the connection to overfitting. In 2018 IEEE 31st Computer Security Foundations Symposium (CSF) (pp. 268-282). IEEE.
4. Basu, S., Izmailov, R., & Mesterharm, C. (2019). Membership model inversion attacks for deep networks. arXiv preprint arXiv:1910.04257.
5. Zhao, X., Zhang, W., Xiao, X., & Lim, B.Y. (2021). Exploiting Explanations for Model Inversion Attacks. arXiv preprint arXiv:2104.12669.
6. Zhang, Y., Jia, R., Pei, H., Wang, W., Li, B., & Song, D. (2020). The secret revealer: Generative model-inversion attacks against deep neural networks. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (pp. 253-261).
7. Chen, S., Kahla, M., Jia, R., & Qi, G.J. (2021). Knowledge-Enriched Distributional Model Inversion Attacks. In Proceedings of the IEEE/CVF International Conference on Computer Vision (pp. 16178-16187).
8. He, Z., Zhang, T., & Lee, R.B. (2019, December). Model inversion attacks against collaborative inference. In Proceedings of the 35th Annual Computer Security Applications Conference (pp. 148-162).
9. Wang, T., Zhang, Y., & Jia, R. (2020). Improving robustness to model inversion attacks via mutual information regularization. arXiv preprint arXiv: 2009.05241.
10. Titcombe, T., Hall, A. J., Papadopoulos, P., & Romanini, D. (2021). Practical Defences Against Model Inversion Attacks for Split Neural Networks. arXiv preprint arXiv:2104.05743.
11. Carlini, N., Tramer, F., Wallace, E., Jagielski, M., Herbert-Voss, A., Lee, K. & Raffel, C. (2021). Extracting training data from large language models. In 30th USENIX Security Symposium (USENIX Security 21) (pp. 2633-2650).
12. Yang, Z., Shao, B., Xuan, B., Chang, E. C., & Zhang, F. (2020). Defending model inversion and membership inference attacks via prediction purification. arXiv preprint arXiv:2005.03915.
13. Ateniese, G., Mancini, L. V., Spognardi, A., Villani, A., Vitali, D., & Felici, G. (2015). Hacking smart machines with smarter ones: How to extract meaningful data from machine learning classifiers. International Journal of Security and Networks, 10(3), 137-150.
14. Xu, R., Baracaldo, N., & Joshi, J. (2021). Privacy-Preserving Machine Learning: Methods, Challenges and Directions. arXiv preprint arXiv: 2108.04417.
15. Hidano, S., Murakami, T., Katsumata, S., Kiyomoto, S., & Hanaoka, G. (2017, August). Model inversion attacks for prediction systems: Without knowledge of non-sensitive attributes. In 2017 15th Annual Conference on Privacy, Security and Trust (PST) (pp. 115-11509). IEEE.
16. Wang, Y., Si, C., & Wu, X. (2015, June). Regression model fitting under differential privacy and model inversion attack. In Twenty-Fourth International Joint Conference on Artificial Intelligence.
17. Wang, K. C., Fu, Y., Li, K., Khisti, A. J., Zemel, R., & Makhzani, A. (2021, May). Variational Model Inversion Attacks. In Thirty-Fifth Conference on Neural Information Processing Systems.
18. Alves, T. A., França, F. M., & Kundu, S. (2019, May). MLPrivacyGuard: Defeating Confidence Information based Model Inversion Attacks on Machine Learning Systems. In Proceedings of the 2019 on Great Lakes Symposium on VLSI (pp. 411-415).
19. W. Hickey. FiveThirtyEight.com DataLab: How americans like their steak. http://fivethirtyeight.com/datalab/how-americans-like-their-steak/, May 2014.
20. J. Prince. Social science research on pornography. http://byuresearch.org/ssrp/downloads/GSShappiness.pdf.
21. Deng, L. (2012). The mnist database of handwritten digit images for machine learning research. IEEE Signal Processing Magazine, 29(6), 141–142.
22. H. Xiao, K. Rasul, and R. Vollgraf. Fashion-mnist: a novel image dataset for benchmarking machine learning algorithms. CoRR, abs/1708.07747, 2017.
23. Yann Lecun, Leon Bottou, Y Bengio, and Patrick Haffner. Gradient-based learning applied to document recognition. Proceedings of the IEEE, 86:2278 – 2324, 12 1998.
24. Xiaosong Wang, Yifan Peng, Le Lu, Zhiyong Lu, Mohammadhadi Bagheri, and Ronald M Summers. Chestx-ray8: Hospital-scale chest x-ray database and benchmarks on weakly-supervised classification and localization of common thoraxdiseases. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 2097–2106,2017.
25. Ziwei Liu, Ping Luo, Xiaogang Wang, and Xiaoou Tang. Deep learning face attributes in the wild. In Proceedings of the IEEE international conference on computer vision, pages 3730–3738, 2015.
26. Christer Loob, Pejman Rasti, Iiris Lusi, Julio CS Jacques, Xavier Baro, Sergio Escalera, Tomasz Sapinski, Dorota Kaminska, and Gholamreza Anbarjafari. Dominant and complementary multi-emotional facial expression recognition using c-support vector classification. In 2017 12th IEEE International Conference on Automatic Face \& Gesture Recognition (FG 2017), pages 833–838. IEEE, 2017.
27. Alex Krizhevsky, Vinod Nair, and Geoffrey Hinton. Cifar-10(canadian institute for advanced research).
28. H.-W. Ng, S. Winkler. A data-driven approach to cleaning large face datasets. Proc. IEEE International Conference on Image Processing (ICIP), Paris, France, Oct. 27-30, 2014.
29. Bache, K. & Lichman, M. (2013). UCI Machine Learning Repository (Technical report, University of California, Irvine, School of Information and Computer Sciences)
30. GroupLens Research, “MovieLens 1M Dataset,” http://grouplens.org/datasets/movielens/, 2003.
31. Quinlan, J.R. (1986) Induction of Decision Trees. Machine Learning, 1, 81-106. http://dx.doi. org/10.1007/BF00116251
32. Shwartz-Ziv, R., & Tishby, N. (2017). Opening the Black Box of Deep Neural Networks via Information. ArXiv, abs/1703.00810.
33. Alemi, Alexander A., et al. “Deep variational information bottleneck.” arXiv preprint arXiv: 1612.00410 (2016).
34. Vepakomma, P., Gupta, O., Dubey, A., & Raskar, R. (2019). Reducing leakage in distributed deep learning for sensitive health data.
35. Sharif Abuadbba, Kyuyeon Kim, Minki Kim, Chandra Thapa, Seyit A Camtepe, Yansong Gao, Hyoungshick Kim, and Surya Nepal. Can we use split learning on 1d cnn models for privacy preserving training? arXiv preprint arXiv:2003.12365, 2020.
36. Cynthia Dwork. Differential privacy: A survey of results. In International conference on theory and applications of models of computation, pp. 1–19. Springer, 2008.
37. Fatemehsadat Mireshghallah, Mohammadkazem Taram, Prakash Ramrakhyani, Ali Jalali, Dean Tullsen, and Hadi Esmaeilzadeh. Shredder: Learning noise distributions to protect inference privacy. In Proceedings of the Twenty-Fifth International Conference on Architectural Support for Programming Languages and Operating Systems, pp. 3–18, 2020.
38. Zhang, Jun & Zhang, Zhenjie & Xiao, Xiaokui & Yang, Yin & Winslett, Marianne. (2012). Functional Mechanism: Regression Analysis under Differential Privacy. Proc. VLDB Endowment. 5.
39. Namiot, D., Ilyushin, E., & Pilipenko, O. (2022). On Trusted AI Platforms. International Journal of Open Information Technologies, 10(7), 119-127 (in Russian).
40. Namiot, D., Ilyushin, E., & Chizhov, I. (2022). On a formal verification of machine learning systems. International Journal of Open Information Technologies, 10(5), 30-34.
 
     
2024-74-1
2023-73-4
2023-73-3
2023-73-2

© ФИЦ ИУ РАН 2008-2018. Создание сайта "РосИнтернет технологии".