Abstract
As machine learning has gradually become an important technology in the field of artificial intelligence, its development is also facing challenges in terms of privacy. This article aims to summarize the attack methods and defense strategies for machine learning models in recent years. Attack methods include embedding inversion attack, attribute inference attack, membership inference attack and model extraction attack, etc. Defense measures include but are not limited to homomorphic encryption, adversarial training, differential privacy, secure multi-party computation, etc., focusing on the analysis of privacy protection issues in machine learning, and providing certain references and references for related research.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Akhtar, N., Mian, A.: Threat of adversarial attacks on deep learning in computer vision: a survey. IEEE Access 6, 14410–14430 (2018)
Amodei, D., Olah, C., Steinhardt, J., Christiano, P., Schulman, J., Mané, D.: Concrete problems in ai safety (2016). arXiv:1606.06565
Arumugam, K., Naved, M., Shinde, P.P., Leiva-Chauca, O., Huaman-Osorio, A., Gonzales-Yanac, T.: Multiple disease prediction using machine learning algorithms. Mater. Today Proc. 80, 3682–3685 (2023)
Bae, H., Jang, J., Jung, D., Jang, H., Ha, H., Lee, H., Yoon, S.: Security and privacy issues in deep learning (2018). arXiv:1807.11655
Barreno, M., Nelson, B., Joseph, A.D., Tygar, J.D.: The security of machine learning. Mach. Learn. 81, 121–148 (2010)
Braun, L., Huppert, M., Khayata, N., Schneider, T., Tkachenko, O.: Fuse–flexible file format and intermediate representation for secure multi-party computation. Cryptology ePrint Archive (2023)
Doan, T.V.T., Messai, M.L., Gavin, G., Darmont, J.: A survey on implementations of homomorphic encryption schemes. J. Supercomput. 1–42 (2023)
Fan, C., Jia, P., Lin, M., Wei, L., Guo, P., Zhao, X., Liu, X.: Cloud-assisted private set intersection via multi-key fully homomorphic encryption. Mathematics 11(8), 1784 (2023)
Feldman, V., McMillan, A., Talwar, K.: Stronger privacy amplification by shuffling for rényi and approximate differential privacy. In: Proceedings of the 2023 Annual ACM-SIAM Symposium on Discrete Algorithms (SODA), pp. 4966–4981. SIAM (2023)
Flores Fernández, A., Sánchez Morales, E., Botsch, M., Facchi, C., García Higuera, A.: Generation of correction data for autonomous driving by means of machine learning and on-board diagnostics. Sensors 23(1), 159 (2023)
Gao, C., Yu, J.: Securerc: a system for privacy-preserving relation classification using secure multi-party computation. Comput. Secur. 128, 103, 142 (2023)
Gong, X., Wang, Q., Chen, Y., Yang, W., Jiang, X.: Model extraction attacks and defenses on cloud-based machine learning models. IEEE Commun. Mag. 58(12), 83–89 (2020)
Haug, C.J., Drazen, J.M.: Artificial intelligence and machine learning in clinical medicine, 2023. N. Engl. J. Med. 388(13), 1201–1208 (2023)
Hayet, I., Yao, Z., Luo, B.: Invernet: An inversion attack framework to infer fine-tuning datasets through word embeddings. In: Findings of the Association for Computational Linguistics: EMNLP 2022, pp. 5009–5018 (2022)
Hu, H., Salcic, Z., Sun, L., Dobbie, G., Yu, P.S., Zhang, X.: Membership inference attacks on machine learning: a survey. ACM Comput. Surv. (CSUR) 54(11s), 1–37 (2022)
Jagielski, M., Carlini, N., Berthelot, D., Kurakin, A., Papernot, N.: High accuracy and high fidelity extraction of neural networks. In: Proceedings of the 29th USENIX Conference on Security Symposium, pp. 1345–1362 (2020)
Jain, N., Pal, S.K., Upadhyay, D.K.: Implementation and analysis of homomorphic encryption schemes. Int. J. Cryptogr. Inf. Secur. (IJCIS) 2(2), 27–44 (2012)
Ji, S., Du, T., Li, J., Shen, C., Li, B.: Security and privacy of machine learning models: a survey. Ruan Jian Xue Bao/J. Softw. 32(1), 41–67 (2021)
Jia, J., Gong, N.Z.: Attriguard: A practical defense against attribute inference attacks via adversarial machine learning. In: 27th \(\{\)USENIX\(\}\) security symposium (\(\{\)USENIX\(\}\) security 18), pp. 513–529 (2018)
Kamal, A.A.A.M., Iwamura, K.: Privacy preserving multi-party multiplication of polynomials based on (k, n) threshold secret sharing. ICT Express (2023)
Li, F., Chen, T., Zhu, S.: A (t, n) threshold quantum secret sharing scheme with fairness. Int. J. Theor. Phys. 62(6), 119 (2023)
Li, M., Tian, Z., Du, X., Yuan, X., Shan, C., Guizani, M.: Power normalized cepstral robust features of deep neural networks in a cloud computing data privacy protection scheme. Neurocomputing 518, 165–173 (2023)
Li, Y., Wang, R., Li, Y., Zhang, M., Long, C.: Wind power forecasting considering data privacy protection: A federated deep reinforcement learning approach. Appl. Energy 329, 120, 291 (2023)
Lin, T.H., Lee, Y.S., Chang, F.C., Chang, J.M., Wu, P.Y.: Protecting sensitive attributes by adversarial training through class-overlapping techniques. IEEE Trans. Inf. Forensics Secur. (2023)
Liu, J., Lau, C.P., Chellappa, R.: Diffprotect: generate adversarial examples with diffusion models for facial privacy protection (2023). arXiv:2305.13625
Liu, X., Tu, X.F., Luo, D., Xu, G., Xiong, N.N., Chen, X.B.: Secure multi-party computation of graphs’ intersection and union under the malicious model. Electronics 12(2), 258 (2023)
Liu, Y., Feng, Q., Peng, C., Luo, M., He, D.: Asymmetric secure multi-party signing protocol for the identity-based signature scheme in the IEEE p1363 standard for public key cryptography. In: Emerging Information Security and Applications: Third International Conference, EISA 2022, Wuhan, China, October 29–30, 2022, Proceedings, pp. 1–20. Springer (2023)
Liu, Y., Wen, R., He, X., Salem, A., Zhang, Z., Backes, M., De Cristofaro, E., Fritz, M., Zhang, Y.: \(\{\)ML-Doctor\(\}\): Holistic risk assessment of inference attacks against machine learning models. In: 31st USENIX Security Symposium (USENIX Security 22), pp. 4525–4542 (2022)
Luo, X., Chen, Z., Tao, M., Yang, F.: Encrypted semantic communication using adversarial training for privacy preserving. IEEE Commun. Lett. (2023)
Mahesh, B.: Machine learning algorithms-a review. Int. J. Sci. Res. (IJSR). [Internet] 9, 381–386 (2020)
Moerland, T.M., Broekens, J., Plaat, A., Jonker, C.M., et al.: Model-based reinforcement learning: a survey. Found. Trends® Mach. Learn. 16(1), 1–118 (2023)
Ning, X., Tian, W., He, F., Bai, X., Sun, L., Li, W.: Hyper-sausage coverage function neuron model and learning algorithm for image classification. Pattern Recognit. 136, 109, 216 (2023)
Nouman, M., Qasim, U., Nasir, H., Almasoud, A., Imran, M., Javaid, N.: Malicious node detection using machine learning and distributed data storage using blockchain in wsns. IEEE Access (2023)
Papernot, N., McDaniel, P., Sinha, A., Wellman, M.: Towards the science of security and privacy in machine learning (2016). arXiv:1611.03814
Papernot, N., McDaniel, P., Sinha, A., Wellman, M.P.: Sok: security and privacy in machine learning. In: 2018 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 399–414. IEEE (2018)
Pawase, A.D., Mandage, V.T., Panchal, S.S., Patil, S.Y., Deokar, P.: A shop recommendation system to empower retailers using machine learning
Rashid, K., Saeed, Y., Ali, A., Jamil, F., Alkanhel, R., Muthanna, A.: An adaptive real-time malicious node detection framework using machine learning in vehicular ad-hoc networks (vanets). Sensors 23(5), 2594 (2023)
Salem, A., Zhang, Y., Humbert, M., Berrang, P., Fritz, M., Backes, M.: Ml-leaks: model and data independent membership inference attacks and defenses on machine learning models (2018). arXiv:1806.01246
Salih, A., Zeebaree, S.T., Ameen, S., Alkhyyat, A., Shukur, H.M.: A survey on the role of artificial intelligence, machine learning and deep learning for cybersecurity attack detection. In: 2021 7th International Engineering Conference “Research & Innovation amid Global Pandemic” (IEC), pp. 61–66. IEEE (2021)
Sen, J.: Homomorphic encryption-theory and application. In: Theory and Practice of Cryptography and Network Security Protocols and Technologies, vol. 31 (2013)
Sharifani, K., Amini, M.: Machine learning and deep learning: a review of methods and applications. World Inf. Technol. Eng. J. 10(07), 3897–3904 (2023)
Song, C., Huang, R.: Secure convolution neural network inference based on homomorphic encryption. Appl. Sci. 13(10), 6117 (2023)
Sun, S., Huang, H., Peng, T., Shen, C., Wang, D.: A data privacy protection diagnosis framework for multiple machines vibration signals based on a swarm learning algorithm. IEEE Trans. Instrum. Meas. 72, 1–9 (2023)
Truex, S., Liu, L., Gursoy, M.E., Yu, L., Wei, W.: Towards demystifying membership inference attacks (2018). arXiv:1807.09173
Venkateswar, K.: Using Amazon Sagemaker to Operationalize Machine Learning. Santa Clara, CA. USENIX Association (2019)
Weng, Z., Qin, Z., Tao, X., Pan, C., Liu, G., Li, G.Y.: Deep learning enabled semantic communications with speech recognition and synthesis. IEEE Trans. Wirel. Commun. (2023)
Wu, J., Huang, Z., Hu, Z., Lv, C.: Toward human-in-the-loop ai: enhancing deep reinforcement learning via real-time human guidance for autonomous driving. Engineering 21, 75–91 (2023)
Xin, J., Lyu, X., Ma, J.: Natural backdoor attacks on speech recognition models. In: Machine Learning for Cyber Security: 4th International Conference, ML4CS 2022, Guangzhou, China, December 2–4, 2022, Proceedings, Part I, pp. 597–610. Springer (2023)
Xu, M., Yoon, S., Fuentes, A., Park, D.S.: A comprehensive survey of image augmentation techniques for deep learning. Pattern Recognit. 109347 (2023)
Xu, Q., He, X., Lyu, L., Qu, L., Haffari, G.: Beyond model extraction: imitation attack for black-box nlp apis. arXiv e-prints pp. arXiv–2108 (2021)
Ye, J., Maddi, A., Murakonda, S.K., Bindschaedler, V., Shokri, R.: Enhanced membership inference attacks against machine learning models. In: Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security, pp. 3093–3106 (2022)
Yi, T., Chen, X., Zhu, Y., Ge, W., Han, Z.: Review on the application of deep learning in network attack detection. J. Netw. Comput. Appl. 212, 103,580 (2023)
Yu, Y., Li, Z., Tu, Y., Yuan, Y., Li, Y., Pang, Z.: Blockchain-based distributed identity cryptography key management. In: 2023 15th International Conference on Computer Research and Development (ICCRD), pp. 236–240. IEEE (2023)
Zhang, J., Tian, H., Xiong, K., Tang, Y.L., Yang, L.: Fair multi-party private set intersection protocol based on cloud server. J. Comput. Appl. 0 (2023)
Zhao, B.Z.H., Agrawal, A., Coburn, C., Asghar, H.J., Bhaskar, R., Kaafar, M.A., Webb, D., Dickinson, P.: On the (in) feasibility of attribute inference attacks on machine learning models. In: 2021 IEEE European Symposium on Security and Privacy (EuroS &P), pp. 232–251. IEEE (2021)
Zheng, R., Qu, L., Cui, B., Shi, Y., Yin, H.: Automl for deep recommender systems: a survey. ACM Trans. Inf. Syst. (2023)
Acknowledgement
The Opening Project of Intelligent Policing Key Laboratory of Sichuan Province, No. ZNJW2023KFMS004.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Liu, W., Han, X., He, M. (2024). Privacy Attacks and Defenses in Machine Learning: A Survey. In: Zhang, Y., Qi, L., Liu, Q., Yin, G., Liu, X. (eds) Proceedings of the 13th International Conference on Computer Engineering and Networks. CENet 2023. Lecture Notes in Electrical Engineering, vol 1127. Springer, Singapore. https://doi.org/10.1007/978-981-99-9247-8_41
Download citation
DOI: https://doi.org/10.1007/978-981-99-9247-8_41
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-9246-1
Online ISBN: 978-981-99-9247-8
eBook Packages: EngineeringEngineering (R0)