Black-Box Based Limited Query Membership Inference Attack

被引:4
作者
Zhang, Yu [1 ]
Zhou, Huaping [1 ]
Wang, Pengyan [1 ]
Yang, Gaoming [1 ]
机构
[1] Anhui Univ Sci & Technol, Sch Comp Sci & Engn, Huainan 232001, Peoples R China
关键词
Data models; Training; Adaptation models; Training data; Predictive models; Generative adversarial networks; Machine learning; Membership inference attack; generative adversarial network; black-box attack; information leak;
D O I
10.1109/ACCESS.2022.3175824
中图分类号
TP [自动化技术、计算机技术];
学科分类号
0812 ;
摘要
Conventional membership inference attacks usually require a large number of queries of the target model when training shadow models, and this task becomes extremely difficult when the number of queries is limited. Aiming at the problem of insufficient training data for shadow models due to the limited number of queries, we propose a membership inference attack method based on generative adversarial networks (GAN). First, we use generative adversarial networks to augment the samples obtained by a small number of queries to expand the training data of the model; Secondly, we use the improved CNN to obtain shadow models that have a higher degree of fitting on different target model structures; Finally, we evaluate the accuracy of the proposed algorithm on XgBoost, Logistic, and neural network models using public datasets MNIST and CIFAR10 in a black-box setting, and the results show that our model has an average attack accuracy of 62% and 83%, respectively. It can be seen that, compared with the existing research methods, our model can obtain better attack effects under the condition of significantly reducing the number of queries, which shows the feasibility of our proposed method in membership inference attacks.
引用
收藏
页码:55459 / 55468
页数:10
相关论文
共 50 条
[41]   Categorical Inference Poisoning: Verifiable Defense Against Black-Box DNN Model Stealing Without Constraining Surrogate Data and Query Times [J].
Zhang, Haitian ;
Hua, Guang ;
Wang, Xinya ;
Jiang, Hao ;
Yang, Wen .
IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY, 2023, 18 :1473-1486
[42]   Black-Box Attack-Based Security Evaluation Framework for Credit Card Fraud Detection Models [J].
Xiao, Jin ;
Tian, Yuhang ;
Jia, Yanlin ;
Jiang, Xiaoyi ;
Yu, Lean ;
Wang, Shouyang .
INFORMS JOURNAL ON COMPUTING, 2023, 35 (05) :986-1001
[43]   A Black-Box Adversarial Attack via Deep Reinforcement Learning on the Feature Space [J].
Li, Lyue ;
Rezapour, Amir ;
Tzeng, Wen-Guey .
2021 IEEE CONFERENCE ON DEPENDABLE AND SECURE COMPUTING (DSC), 2021,
[44]   An Invisible Black-Box Backdoor Attack Through Frequency Domain [J].
Wang, Tong ;
Yao, Yuan ;
Xu, Feng ;
An, Shengwei ;
Tong, Hanghang ;
Wang, Ting .
COMPUTER VISION, ECCV 2022, PT XIII, 2022, 13673 :396-413
[45]   Substitute Meta-Learning for Black-Box Adversarial Attack [J].
Hu, Cong ;
Xu, Hao-Qi ;
Wu, Xiao-Jun .
IEEE SIGNAL PROCESSING LETTERS, 2022, 29 :2472-2476
[46]   Black-box Adversarial Attack on License Plate Recognition System [J].
Chen J.-Y. ;
Shen S.-J. ;
Su M.-M. ;
Zheng H.-B. ;
Xiong H. .
Zidonghua Xuebao/Acta Automatica Sinica, 2021, 47 (01) :121-135
[47]   A CMA-ES-Based Adversarial Attack Against Black-Box Object Detectors [J].
Lyu Haoran ;
Tan Yu'an ;
Xue Yuan ;
Wang Yajie ;
Xue Jingfeng .
CHINESE JOURNAL OF ELECTRONICS, 2021, 30 (03) :406-412
[48]   SSQLi: A Black-Box Adversarial Attack Method for SQL Injection Based on Reinforcement Learning [J].
Guan, Yuting ;
He, Junjiang ;
Li, Tao ;
Zhao, Hui ;
Ma, Baoqiang .
FUTURE INTERNET, 2023, 15 (04)
[49]   PhantomSound: Black-Box, Query-Efficient Audio Adversarial Attack via Split-Second Phoneme Injection [J].
Guo, Hanqing ;
Wang, Guangjing ;
Wang, Yuanda ;
Chen, Bocheng ;
Yan, Qiben ;
Xiao, Li .
PROCEEDINGS OF THE 26TH INTERNATIONAL SYMPOSIUM ON RESEARCH IN ATTACKS, INTRUSIONS AND DEFENSES, RAID 2023, 2023, :366-380
[50]   A CMA-ES-Based Adversarial Attack on Black-Box Deep Neural Networks [J].
Kuang, Xiaohui ;
Liu, Hongyi ;
Wang, Ye ;
Zhang, Qikun ;
Zhang, Quanxin ;
Zheng, Jun .
IEEE ACCESS, 2019, 7 :172938-172947