信息网络安全 ›› 2018, Vol. 18 ›› Issue (9): 10-18.doi: 10.3969/j.issn.1671-1122.2018.09.002

• • 上一篇    下一篇

机器学习系统面临的安全攻击及其防御技术研究

于颖超1, 丁琳1, 陈左宁2   

  1. 1.江南计算技术研究所,江苏无锡 214083
    2. 数学工程与先进计算国家重点实验室,江苏无锡 214083
  • 收稿日期:2018-07-17 出版日期:2018-09-30 发布日期:2020-05-11
  • 作者简介:

    作者简介:于颖超(1983—),女,河南,工程师,博士研究生,主要研究方向为信息安全、安全操作系统、机器学习安全等; 丁琳(1982—),女,江苏,工程师,硕士,主要研究方向为国产安全平台、信息安全等;陈左宁(1957—),女,北京,研究员,硕士,主要研究方向为信息安全、计算机体系结构等。

  • 基金资助:
    国家高技术研究发展计划(863计划)[2018YFB1003600]

Research on Attacks and Defenses towards Machine Learning Systems

Yingchao YU1, Lin DING1, Zuoning CHEN2   

  1. 1. Jiangnan Institute of Computing Technology, Wuxi Jiangsu 214083, China
    2. State Key Laboratory of Mathematical Engineering and Advanced Computing, Wuxi Jiangsu 214083, China
  • Received:2018-07-17 Online:2018-09-30 Published:2020-05-11

摘要:

研究表明,几乎机器学习系统管道的各个阶段都有可能遭遇数据污染攻击、对学习算法及依赖库的攻击、逃逸攻击、模型窃取及模型推理攻击等。这些攻击不仅会影响机器学习系统的学习过程,而且还可能影响模型的性能或使系统在特定输入下出现攻击者想要模型出现的错误,从而影响模型的精度。因此,理解机器学习算法和系统的安全性,并探索它们的安全改进方法越来越成为计算机安全和机器学习交叉领域的一个研究方向。文章首先定义了机器学习系统管道,然后对管道上各点可能遭受的攻击及潜在的解决方案进行了研究,最后对全文进行了总结并对下一步的研究方向进行了展望。

关键词: 机器学习, 数据污染, 逃逸攻击, 模型推理

Abstract:

Recent research shows that almost all stages of machine learning system pipeline may encounter data contamination attack, attack on learning algorithm and dependency library, escape attack, model theft and model reasoning attack. These attacks not only affect the learning process of the machine learning system, but also may affect the performance of the model or make the model appear the errors which attackers want the model to appear under specific input, thus affecting the accuracy of the model. So, understanding the security of machine learning algorithms and systems, and exploring their security improvements, has increasingly become a research direction in cross field of computer security and machine learning. This paper firstly defines the machine learning system pipeline, and then studies the possible attacks and potential solutions on the pipeline. Finally, this paper summarizes the full text and prospects the future research directions.

Key words: machine learning, data contamination, escape attack, model reasoning

中图分类号: