| 摘 要: 机器学习方法常使用私有数据来训练模型以期获得更好的效果。然而,非授权用户可以通过模型输出来判断数据是否参与训练,破坏了数据隐私安全。对此,提出了基于深度优化网络的模型攻击方法,从攻击者的角度出发,分析攻击方法原理,有针对性地防御对模型的攻击,增强模型的隐秘性。所提方法自动对模型进行攻击,获得自优化的参数,提高攻击的准确度,充分挖掘模型中的安全缺陷,揭示模型的可改进之处,改善模型的安全性。在CIFAR-100数据集上进行了实验,得到AUC值为0.83,优于base方法。实验结果验证该方法能有效地提升攻击效果。 |
| 关键词: 机器学习;优化;隐私保护;模型攻击 |
|
中图分类号: TP309
文献标识码: A
|
|
| A Model Attack Method based on Self-optimizing Deep Network |
|
WU Ji, WANG Yuejuan, JING Dongsheng
|
(Suzhou Power Supply Branch, State Grid Jiangsu Electric Power Co., Ltd., Suzhou 215004, China)
13862159678@163.com; 215691852@qq.com; jds19810119@163.com
|
| Abstract: Machine learning often uses private data to train model so as to get better performance. However, unauthorized users can input data into the model and determine whether certain data are used for training by the output of the model, which threatens data privacy and security. In order to solve this problem, this paper proposes an attack method based on deep optimizing network, which analyzes the attack method principle from the attacker's point of view, and then defends against the attack on the model in a targeted manner so as to enhance the secrecy of the model. The proposed method attacks the model automatically, obtains self-optimizing parameters, improves the attack accuracy, fully exploits security defects in the model, reveals the improvement of the model, and improves the model security. Experiments have been carried out on CIFAR-100 data set, and the AUC (Area Under the Curve) value is 0.83, which is better than the base method. Experimental results show that the proposed method can effectively improve the attack effect. |
| Keywords: machine learning; optimization; privacy protection; model attack |
