人工智能模型数据泄露的攻击与防御研究综述

人工智能和深度学习算法正在高速发展，这些新兴技术在音视频识别、自然语言处理等领域已经得到了广泛应用。然而，近年来研究者发现，当前主流的人工智能模型中存在着诸多安全隐患，并且这些隐患会限制人工智能技术的进一步发展。因此，研究了人工智能模型中的数据安全与隐私保护问题。对于数据与隐私泄露问题，主要研究了基于模型输出的数据泄露问题和基于模型更新的数据泄露问题。在基于模型输出的数据泄露问题中，主要探讨了模型窃取攻击、模型逆向攻击、成员推断攻击的原理和研究现状；在基于模型更新的数据泄露问题中，探讨了在分布式训练过程中，攻击者如何窃取隐私数据的相关研究。对于数据与隐私保护问题，主要研究了常用的3类防御方法，即模型结构防御，信息混淆防御，查询控制防御。综上，围绕人工智能深度学习模型的数据安全与隐私保护领域中最前沿的研究成果，探讨了人工智能深度学习模型的数据窃取和防御技术的理论基础、重要成果以及相关应用。

Survey of artificial intelligence data security and privacy protection

Artificial intelligence and deep learning algorithms are developing rapidly.These emerging techniques have been widely used in audio and video recognition, natural language processing and other fields.However, in recent years, researchers have found that there are many security risks in the current mainstream artificial intelligence model, and these problems will limit the development of AI.Therefore, the data security and privacy protection was studied in AI.For data and privacy leakage, the model output based and model update based problem of data leakage were studied.In the model output based problem of data leakage, the principles and research status of model extraction attack, model inversion attack and membership inference attack were discussed.In the model update based problem of data leakage, how attackers steal private data in the process of distributed training was discussed.For data and privacy protection, three kinds of defense methods, namely model structure defense, information confusion defense and query control defense were studied.In summarize, the theoretical foundations, classic algorithms of data inference attack techniques were introduced.A few research efforts on the defense techniques were described in order to provoke further research efforts in this critical area.