Adversarial Attacks Against Deep Generative Models on Data: A Survey

Hui Sun,Tianqing Zhu,Zhiqiu Zhang,Dawei Jin.Ping Xiong,Wanlei Zhou
DOI: https://doi.org/10.1109/TKDE.2021.3130903
2021-12-01
Abstract:Deep generative models have gained much attention given their ability to generate data for applications as varied as healthcare to financial technology to surveillance, and many more - the most popular models being generative adversarial networks and variational auto-encoders. Yet, as with all machine learning models, ever is the concern over security breaches and privacy leaks and deep generative models are no exception. These models have advanced so rapidly in recent years that work on their security is still in its infancy. In an attempt to audit the current and future threats against these models, and to provide a roadmap for defense preparations in the short term, we prepared this comprehensive and specialized survey on the security and privacy preservation of GANs and VAEs. Our focus is on the inner connection between attacks and model architectures and, more specifically, on five components of deep generative models: the training data, the latent code, the generators/decoders of GANs/ VAEs, the discriminators/encoders of GANs/ VAEs, and the generated data. For each model, component and attack, we review the current research progress and identify the key challenges. The paper concludes with a discussion of possible future attacks and research directions in the field.
Cryptography and Security
What problem does this paper attempt to address?
The problem that this paper attempts to solve is related to the security and privacy protection issues of deep generative models (such as Generative Adversarial Networks (GANs) and Variational Auto - Encoders (VAEs)). Specifically, the paper aims to examine the current and future threats against these models and provide a roadmap for short - term defense preparations. The paper focuses on the intrinsic connection between attacks and model architectures, especially on the five components of deep generative models: training data, latent code, the generator/decoder of GANs/VAEs, the discriminator/encoder of GANs/VAEs, and the generated data. For each model component and attack type, the paper reviews the current research progress and identifies key challenges. In addition, the paper also discusses possible future attack directions and research areas. In short, the main purposes of the paper are: 1. **Evaluate current threats**: Analyze various attacks against deep generative models, including membership inference attacks, evasion attacks, model extraction attacks, etc. 2. **Provide defense strategies**: Provide methods and suggestions for defending against these attacks. 3. **Look forward to future research**: Point out the future research directions and possible attack means in this field. Through these goals, the paper hopes to provide researchers and practitioners with a comprehensive perspective to better understand and address the security and privacy challenges faced by deep generative models.