IEEE Trans Pattern Anal Mach Intell. 2023 Jul;45(7):9090-9108. doi: 10.1109/TPAMI.2022.3229593. Epub 2023 Jun 5.
Leakage of data from publicly available Machine Learning (ML) models is an area of growing significance since commercial and government applications of ML can draw on multiple sources of data, potentially including users' and clients' sensitive data. We provide a comprehensive survey of contemporary advances on several fronts, covering involuntary data leakage which is natural to ML models, potential malicious leakage which is caused by privacy attacks, and currently available defence mechanisms. We focus on inference-time leakage, as the most likely scenario for publicly available models. We first discuss what leakage is in the context of different data, tasks, and model architectures. We then propose a taxonomy across involuntary and malicious leakage, followed by description of currently available defences, assessment metrics, and applications. We conclude with outstanding challenges and open questions, outlining some promising directions for future research.
机器学习 (ML) 模型中数据泄露是一个日益重要的领域,因为 ML 的商业和政府应用程序可以利用多个数据源,其中可能包括用户和客户的敏感数据。我们全面调查了当代在几个方面的进展,涵盖了 ML 模型中自然存在的无意识数据泄露、由隐私攻击引起的潜在恶意泄露以及当前可用的防御机制。我们专注于推断时泄露,因为这是公开可用模型最有可能的情况。我们首先讨论了在不同数据、任务和模型架构上下文中的泄露是什么。然后,我们提出了一个跨无意识和恶意泄露的分类法,接着描述了当前可用的防御措施、评估指标和应用。最后,我们总结了尚未解决的挑战和问题,概述了未来研究的一些有前途的方向。
