Ximeng Liu,Lehui Xie,Yaopeng Wang,Jian Zou,Jinbo Xiong,Zuobin Ying,Athanasios V. Vasilakos

DOI: https://doi.org/10.1109/ACCESS.2020.3045078

IF: 3.9

2021-01-01

IEEE Access

Abstract:Deep Learning (DL) algorithms based on artificial neural networks have achieved remarkable success and are being extensively applied in a variety of application domains, ranging from image classification, automatic driving, natural language processing to medical diagnosis, credit risk assessment, intrusion detection. However, the privacy and security issues of DL have been revealed that the DL model can be stolen or reverse engineered, sensitive training data can be inferred, even a recognizable face image of the victim can be recovered. Besides, the recent works have found that the DL model is vulnerable to adversarial examples perturbed by imperceptible noised, which can lead the DL model to predict wrongly with high confidence. In this paper, we first briefly introduces the four types of attacks and privacy-preserving techniques in DL. We then review and summarize the attack and defense methods associated with DL privacy and security in recent years. To demonstrate that security threats really exist in the real world, we also reviewed the adversarial attacks under the physical condition. Finally, we discuss current challenges and open problems regarding privacy and security issues in DL.

Fei Dai,Guozhi Liu,Bi Huang,Xiaolong Xu,Chaochao Chen,Zhangbing Zhou,Xiaokang Zhou

DOI: https://doi.org/10.1109/ithings-greencom-cpscom-smartdata-cybermatics55523.2022.00070

2022-01-01

Abstract:Industrial Internet of Things (IIoT) systems can leverage deep learning (DL) models to provide intelligent applications. However, the training process of such DL models tends to leak privacy when the training data contain sensitive operational and management information. Most studies about privacy-preserving DL require a trusted data collector and thus are not suitable in an untrusted environment. In this paper, we propose a distributed privacy-preserving framework for DL with edge-cloud computing, where direct privacy leakage and indirect privacy leakage of training data are both considered. First, a pre-trained convolutional neural network (CNN) is partitioned into two parts for limiting direct privacy leakage of raw data, namely the feature module and the classification module. The feature module consisting of the lower layers of the CNN is deployed on an edge server, which is used to attract the feature of raw data. The feature data is fed to the classification module consisting of the higher layers of the CNN, which is deployed on the cloud server to compute image classification tasks. Second, a perturbation module between the feature module and the classification module is designed for limiting indirect privacy leakage during feature data transmission. The perturbation module uses local differential privacy (LDP) to produce noise in the feature data. Third, to further improve the accuracy, we retrain the classification module with the randomized feature data from edge servers. Experimental results show that the proposed framework achieves high accuracy under low privacy budgets.

Tianyang Wang,Ziqian Bi,Yichao Zhang,Ming Liu,Weiche Hsieh,Pohsun Feng,Lawrence K.Q. Yan,Yizhu Wen,Benji Peng,Junyu Liu,Keyu Chen,Sen Zhang,Ming Li,Chuanqi Jiang,Xinyuan Song,Junjie Yang,Bowen Jing,Jintao Ren,Junhao Song,Hong-Ming Tseng,Silin Chen,Yunze Wang,Chia Xin Liang,Jiawei Xu,Xuanhe Pan,Jinlang Wang,Qian Niu

2024-12-16

Abstract:Deep learning has transformed AI applications but faces critical security challenges, including adversarial attacks, data poisoning, model theft, and privacy leakage. This survey examines these vulnerabilities, detailing their mechanisms and impact on model integrity and confidentiality. Practical implementations, including adversarial examples, label flipping, and backdoor attacks, are explored alongside defenses such as adversarial training, differential privacy, and federated learning, highlighting their strengths and limitations. Advanced methods like contrastive and self-supervised learning are presented for enhancing robustness. The survey concludes with future directions, emphasizing automated defenses, zero-trust architectures, and the security challenges of large AI models. A balanced approach to performance and security is essential for developing reliable deep learning systems.

Cryptography and Security,Machine Learning,Software Engineering

Yingzhe He,Guozhu Meng,Kai Chen,Xingbo Hu,Jinwen He

DOI: https://doi.org/10.1109/tse.2020.3034721

IF: 7.4

2021-01-01

IEEE Transactions on Software Engineering

Abstract:Deep learning has gained tremendous success and great popularity in the past few years. However, deep learning systems are suffering several inherent weaknesses, which can threaten the security of learning models. Deep learning's wide use further magnifies the impact and consequences. To this end, lots of research has been conducted with the purpose of exhaustively identifying intrinsic weaknesses and subsequently proposing feasible mitigation. Yet few are clear about how these weaknesses are incurred and how effective these attack approaches are in assaulting deep learning. In order to unveil the security weaknesses and aid in the development of a robust deep learning system, we undertake an investigation on attacks towards deep learning, and analyze these attacks to conclude some findings in multiple views. In particular, we focus on four types of attacks associated with security threats of deep learning: model extraction attack, model inversion attack, poisoning attack and adversarial attack. For each type of attack, we construct its essential workflow as well as adversary capabilities and attack goals. Pivot metrics are devised for comparing the attack approaches, by which we perform quantitative and qualitative analyses. From the analysis, we have identified significant and indispensable factors in an attack vector, e.g., how to reduce queries to target models, what distance should be used for measuring perturbation. We shed light on 18 findings covering these approaches' merits and demerits, success probability, deployment complexity and prospects. Moreover, we discuss other potential security weaknesses and possible mitigation which can inspire relevant research in this area.

engineering, electrical & electronic,computer science, software engineering

Trung Ha,Tran Khanh Dang,Hieu Le,Tuan Anh Truong

DOI: https://doi.org/10.1007/s42979-020-00254-4

2020-08-06

SN Computer Science

Abstract:Nowadays, deep learning is becoming increasingly important in our daily life. The appearance of deep learning in many applications in life relates to prediction and classification such as self-driving, product recommendation, advertisements and healthcare. Therefore, if a deep learning model causes false predictions and misclassification, it can do great harm. This is basically a crucial issue in the deep learning model. In addition, deep learning models use large amounts of data in the training/learning phases, which contain sensitive information. Therefore, when deep learning models are used in real-world applications, it is required to protect the privacy information used in the model. In this article, we carry out a brief review of the threats and defenses methods on security issues for the deep learning models and the privacy of the data used in such models while maintaining their performance and accuracy. Finally, we discuss current challenges and future developments.

English Else

Jiliang Zhang,Chen Li,Jing Ye,Gang Qu

DOI: https://doi.org/10.1145/3386263.3407599

2020-01-01

Abstract:With the improvement of computing power and storage level, Machine Learning (ML), especially Deep Learning (DL), has shown its capabilities beyond humans in areas such as image recognition, speech processing, and content recommendation. However, the data collected to build ML models often contains sensitive information, and models may have high commercial value. Compared with the security problem of model prediction errors caused by malicious external influences, privacy threats have not attracted widespread attention, and they have characteristics that are difficult to define and detect. This article reviews recent research progress on ML privacy. First, the privacy threats on data and models in different scenarios are described in detail. Then, typical privacy protection methods are introduced. Finally, the limitations and future development trends of ML privacy research are discussed.

Gopichandh Golla

2023-11-23

Abstract:These days, deep learning models have achieved great success in multiple fields, from autonomous driving to medical diagnosis. These models have expanded the abilities of artificial intelligence by offering great solutions to complex problems that were very difficult to solve earlier. In spite of their unseen success in various, it has been identified, through research conducted, that deep learning models can be subjected to various attacks that compromise model security and data privacy of the Deep Neural Network models. Deep learning models can be subjected to various attacks at different stages of their lifecycle. During the testing phase, attackers can exploit vulnerabilities through different kinds of attacks such as Model Extraction Attacks, Model Inversion attacks, and Adversarial attacks. Model Extraction Attacks are aimed at reverse-engineering a trained deep learning model, with the primary objective of revealing its architecture and parameters. Model inversion attacks aim to compromise the privacy of the data used in the Deep learning model. These attacks are done to compromise the confidentiality of the model by going through the sensitive training data from the model's predictions. By analyzing the model's responses, attackers aim to reconstruct sensitive information. In this way, the model's data privacy is compromised. Adversarial attacks, mainly employed on computer vision models, are made to corrupt models into confidently making incorrect predictions through malicious testing data. These attacks subtly alter the input data, making it look normal but misleading deep learning models to make incorrect decisions. Such attacks can happen during both the model's evaluation and training phases. Data Poisoning Attacks add harmful data to the training set, disrupting the learning process and reducing the reliability of the deep learning mode.

Cryptography and Security,Artificial Intelligence

Anh-Tu Tran,The-Dung Luong,Van-Nam Huynh

DOI: https://doi.org/10.1016/j.neucom.2024.127345

IF: 6

2024-02-03

Neurocomputing

Abstract:Deep learning (DL) has been shown to be very effective for many application domains of machine learning (ML), including image classification, voice recognition, natural language processing, and bioinformatics. The success of DL techniques is directly related to the availability of large amounts of training data. However, in many cases, the data are sensitive to the users and should be protected to preserve the privacy. Privacy-preserving deep learning (PPDL) has thus become a very active research field to ensure the training process and use of DL models are productive without exposing or leaking information about the data. This paper aims to provide a comprehensive survey of PPDL. We concentrate on the risks that affect data privacy in DL and conduct a detailed investigation into the models that ensure privacy. Finally, we propose a set of evaluation criteria, detailing the advantages and disadvantages of the solutions. Based on the analyzed strengths and weaknesses, the paper has highlighted some important research problems and application cases that have not been studied and these point to certain open research directions.

computer science, artificial intelligence

Jamal Al-Karaki,Muhammad Al-Zafar Khan,Mostafa Mohamad,Dababrata Chowdhury

2024-09-15

Abstract:With the rise in the wholesale adoption of Deep Learning (DL) models in nearly all aspects of society, a unique set of challenges is imposed. Primarily centered around the architectures of these models, these risks pose a significant challenge, and addressing these challenges is key to their successful implementation and usage in the future. In this research, we present the security challenges associated with the current DL models deployed into production, as well as anticipate the challenges of future DL technologies based on the advancements in computing, AI, and hardware technologies. In addition, we propose risk mitigation techniques to inhibit these challenges and provide metrical evaluations to measure the effectiveness of these metrics.

Cryptography and Security,Artificial Intelligence

JI Shou-Ling,DU Tian-Yu,DENG Shui-Guang,CHENG Peng,SHI Jie,YANG Min,LI Bo

DOI: https://doi.org/10.11897/SP.J.1016.2022.00190

2022-01-01

Chinese Journal of Computers

Abstract:In the era of big data, breakthroughs in theories and technologies of deep learning have provided strong support for artificial intelligence at the data and the algorithm level, as well as have promoted the development of scale and industrialization of deep learning in a large number of tasks, such as image classification, object detection, semantic segmentation, natural language processing and speech recognition. However, though deep learning models have excellent performance in many real-world applications, they still suffer many security threats. For instance, it is now known that deep neural networks are fundamentally vulnerable to malicious manipulations, such as

Qiang Liu,Pan Li,Wentao Zhao,Wei Cai,Shui Yu,Victor C. M. Leung

DOI: https://doi.org/10.1109/access.2018.2805680

IF: 3.9

2018-01-01

IEEE Access

Abstract:Machine learning is one of the most prevailing techniques in computer science, and it has been widely applied in image processing, natural language processing, pattern recognition, cybersecurity, and other fields. Regardless of successful applications of machine learning algorithms in many scenarios, e.g., facial recognition, malware detection, automatic driving, and intrusion detection, these algorithms and corresponding training data are vulnerable to a variety of security threats, inducing a significant performance decrease. Hence, it is vital to call for further attention regarding security threats and corresponding defensive techniques of machine learning, which motivates a comprehensive survey in this paper. Until now, researchers from academia and industry have found out many security threats against a variety of learning algorithms, including naive Bayes, logistic regression, decision tree, support vector machine (SVM), principle component analysis, clustering, and prevailing deep neural networks. Thus, we revisit existing security threats and give a systematic survey on them from two aspects, the training phase and the testing/inferring phase. After that, we categorize current defensive techniques of machine learning into four groups: security assessment mechanisms, countermeasures in the training phase, those in the testing or inferring phase, data security, and privacy. Finally, we provide five notable trends in the research on security threats and defensive techniques of machine learning, which are worth doing in-depth studies in future.

Ye Sang,Yujin Huang,Shuo Huang,Helei Cui

DOI: https://doi.org/10.48550/arXiv.2305.03963

2023-05-11

Abstract:The increasing popularity of deep learning (DL) models and the advantages of computing, including low latency and bandwidth savings on smartphones, have led to the emergence of intelligent mobile applications, also known as DL apps, in recent years. However, this technological development has also given rise to several security concerns, including adversarial examples, model stealing, and data poisoning issues. Existing works on attacks and countermeasures for on-device DL models have primarily focused on the models themselves. However, scant attention has been paid to the impact of data processing disturbance on the model inference. This knowledge disparity highlights the need for additional research to fully comprehend and address security issues related to data processing for on-device models. In this paper, we introduce a data processing-based attacks against real-world DL apps. In particular, our attack could influence the performance and latency of the model without affecting the operation of a DL app. To demonstrate the effectiveness of our attack, we carry out an empirical study on 517 real-world DL apps collected from Google Play. Among 320 apps utilizing MLkit, we find that 81.56\% of them can be successfully attacked. The results emphasize the importance of DL app developers being aware of and taking actions to secure on-device models from the perspective of data processing.

Cryptography and Security,Artificial Intelligence,Computer Vision and Pattern Recognition

Pan LI,Wentao ZHAO,Qiang LIU,Jianjing CUI,Jianping YIN

DOI: https://doi.org/10.3778/j.issn.1673-9418.1708038

2018-01-01

Abstract:Machine learning has already become one of the most widely used techniques in the field of computer science,and it has been widely applied in image processing,natural language processing,network security and other fields.However,there has been many security threats that need to be overcome on current machine learning algorithms and training data set,which will affect the security of several practical applications,such as facial detection,malware detection and automatic driving,etc.According to the known security threats,which aim to a variety of machine learning algorithms,such as the support vector machine (SVM) classifier,clustering and deep neural networks,this paper introduces the issues that happen in the training,testing/inference phase of machine learning,which include privacy leaking and attacks of poisoning,evasion,impersonate and inversion based on the adversarial samples.Then,this paper sums up the machine learning adversary model as well as its safety assessment mechanism and concludes a certain number of countermeasures and privacy protection techniques on training and testing processes.Finally,this paper looks forward some correlative problems worthy of further discussion.

Muhammad Tayyab,Mohsen Marjani,N.Z. Jhanjhi,Ibrahim Abaker Targio Hashem,Raja Sher Afgun Usmani,Faizan Qamar

DOI: https://doi.org/10.1016/j.cose.2023.103297

2023-05-20

Abstract:Machine Learning (ML) algorithms are used to train the machines to perform various complicated tasks that begin to modify and improve with experiences. It has become widely used for automated decisions. In particular, the applications which have a profound impact on society that rely on Deep Learning (DL) for autonomous decisions, such as Patient Health Record (PHR), Unmanned Aerial Vehicles (UAVs), etc. Such impacts have a vital concern about the potential vulnerabilities introduced by DL. Traditional attackers have powerful motives that can alter and modify DL algorithms to subvert the outcomes. In poisoning attacks, an attacker can consciously change training dataset, which is used to operate the outcomes of decision-based model. While in privacy and evasion attacks, an adversary can also misclassify new datasets to infer private information. Therefore, in this paper, we have provided a review of security and privacy issues of DL algorithms and analyzed their applications and challenges based on state-of-the-art literature. We have classified attacks, devised a taxonomy, and comprehensive analysis of defense techniques for the most common attacks such as poisoning, evasion, model extraction, and model inversion. We have also presented various privacy preserving techniques to ensure the privacy of dataset. We have proposed a secure cryptographic framework for dataset based on hash functions and Homomorphic Encryption (HE) scheme. Finally, we have provided recent research challenges and future studies concerning security and privacy issues. We believed that the highlighted limitations and weaknesses provide possible research questions and open matters for designing efficient future DL algorithms.

computer science, information systems

Junyang Qiu,Jun Zhang,Wei Luo,Lei Pan,Surya Nepal,Yang Xiang

DOI: https://doi.org/10.1145/3417978

IF: 16.6

2021-11-30

ACM Computing Surveys

Abstract:Deep Learning (DL) is a disruptive technology that has changed the landscape of cyber security research. Deep learning models have many advantages over traditional Machine Learning (ML) models, particularly when there is a large amount of data available. Android malware detection or classification qualifies as a big data problem because of the fast booming number of Android malware, the obfuscation of Android malware, and the potential protection of huge values of data assets stored on the Android devices. It seems a natural choice to apply DL on Android malware detection. However, there exist challenges for researchers and practitioners, such as choice of DL architecture, feature extraction and processing, performance evaluation, and even gathering adequate data of high quality. In this survey, we aim to address the challenges by systematically reviewing the latest progress in DL-based Android malware detection and classification. We organize the literature according to the DL architecture, including FCN, CNN, RNN, DBN, AE, and hybrid models. The goal is to reveal the research frontier, with the focus on representing code semantics for Android malware detection. We also discuss the challenges in this emerging field and provide our view of future research opportunities and directions.

computer science, theory & methods

Xiaoyu Zhang,Chao Chen,Yi Xie,Xiaofeng Chen,Jun Zhang,Yang Xiang

DOI: https://doi.org/10.48550/arXiv.2105.06300

2021-05-13

Abstract:Deep Neural Network (DNN), one of the most powerful machine learning algorithms, is increasingly leveraged to overcome the bottleneck of effectively exploring and analyzing massive data to boost advanced scientific development. It is not a surprise that cloud computing providers offer the cloud-based DNN as an out-of-the-box service. Though there are some benefits from the cloud-based DNN, the interaction mechanism among two or multiple entities in the cloud inevitably induces new privacy risks. This survey presents the most recent findings of privacy attacks and defenses appeared in cloud-based neural network services. We systematically and thoroughly review privacy attacks and defenses in the pipeline of cloud-based DNN service, i.e., data manipulation, training, and prediction. In particular, a new theory, called cloud-based ML privacy game, is extracted from the recently published literature to provide a deep understanding of state-of-the-art research. Finally, the challenges and future work are presented to help researchers to continue to push forward the competitions between privacy attackers and defenders.

Cryptography and Security,Artificial Intelligence

Ahmed Shafee,Tasneem A. Awaad

DOI: https://doi.org/10.1016/j.sysarc.2020.101940

IF: 5.836

2021-03-01

Journal of Systems Architecture

Abstract:<p>Recently, deep learning is considered an important concept that is used in a lot of important applications, which require accurate models, such as image classification, identification of audio, intrusion detection, and face recognition. However, building a good deep learning model needs a huge amount of data that is not easily provided, especially in the applications that need sensitive information. Accordingly, researchers propose multiple methodologies for sharing the model rather than sharing the dataset itself. Nevertheless, it has been proven that the shared models still could leak a lot of sensitive information about the private data. In this work, we introduce a survey about the attacks that could be launched against the shared models and the countermeasures that could be taken to preserve the privacy of the sensitive data that is used for the training process.</p>

computer science, software engineering, hardware & architecture

Muhammad Imran Tariq,Nisar Ahmed Memon,Shakeel Ahmed,Shahzadi Tayyaba,Muhammad Tahir Mushtaq,Natash Ali Mian,Muhammad Imran,Muhammad W. Ashraf

DOI: https://doi.org/10.1155/2020/6535834

2020-04-07

Mobile Information Systems

Abstract:In recent past years, Deep Learning presented an excellent performance in different areas like image recognition, pattern matching, and even in cybersecurity. The Deep Learning has numerous advantages including fast solving complex problems, huge automation, maximum application of unstructured data, ability to give high quality of results, reduction of high costs, no need for data labeling, and identification of complex interactions, but it also has limitations like opaqueness, computationally intensive, need for abundant data, and more complex algorithms. In our daily life, we used many applications that use Deep Learning models to make decisions based on predictions, and if Deep Learning models became the cause of misprediction due to internal/external malicious effects, it may create difficulties in our real life. Furthermore, the Deep Learning training models often have sensitive information of the users and those models should not be vulnerable and expose security and privacy. The algorithms of Deep Learning and machine learning are still vulnerable to different types of security threats and risks. Therefore, it is necessary to call the attention of the industry in respect of security threats and related countermeasures techniques for Deep Learning, which motivated the authors to perform a comprehensive survey of Deep Learning security and privacy security challenges and countermeasures in this paper. We also discussed the open challenges and current issues.

computer science, information systems,telecommunications

Eva Rodriguez,Beatriz Otero,Norma Gutierrez,Ramon Canal

DOI: https://doi.org/10.1109/comst.2021.3086296

2021-01-01

Abstract:The widespread use of mobile devices, as well as the increasing popularity of mobile services has raised serious cybersecurity challenges. In the last years, the number of cyberattacks has grown dramatically, as well as their complexity. Traditional cybersecurity systems have failed to detect complex attacks, unknown malware, and they do not guarantee the preservation of user privacy. Consequently, cybersecurity systems have embraced Deep Learning (DL) models as they provide efficient detection of novel attacks and better accuracy. This paper presents a comprehensive survey of recent cybersecurity works that use DL in mobile and wireless networks. It covers all cybersecurity aspects: infrastructure threads and attacks, software attacks and privacy preservation. First, we provide a detailed overview of DL techniques applied, or with potential applications, to cybersecurity. Then, we review cybersecurity works based on DL. For each cybersecurity threat or attack, we discuss the challenges for using DL methods. For each contribution, we review the implementation details and the performance of the solution. In a nutshell, this paper constitutes the first survey that provides a complete review of the DL methods for cybersecurity. Given the analysis performed, we identify the most effective DL methods for the different threats and attacks.

computer science, information systems,telecommunications

Xiaoyu Zhang,Chao Chen,Yi Xie,Xiaofeng Chen,Jun Zhang,Yang Xiang

DOI: https://doi.org/10.1016/j.csi.2022.103672

2023-01-01

Abstract:Deep Neural Network (DNN), one of the most powerful machine learning algorithms, is increasingly leveraged to overcome the bottleneck of effectively exploring and analyzing massive data to boost advanced scientific development. It is not a surprise that cloud computing providers offer the cloud-based DNN as an out-of-the-box service. Though there are some benefits from the cloud-based DNN, the interaction mechanism among two or multiple entities in the cloud inevitably induces new privacy risks. This survey presents the most recent findings of privacy attacks and defenses appeared in cloud-based neural network services. We systematically and thoroughly review privacy attacks and defenses in the pipeline of cloud-based DNN service, i.e., data manipulation, training, and prediction. In particular, a new theory, called cloud-based ML privacy game, is extracted from the recently published literature to provide a deep understanding of state-of-the-art research. Finally, the challenges and future work are presented to help researchers to continue to push forward the competitions between privacy attackers and defenders.

computer science, software engineering, hardware & architecture