Skip to main content

Table 4 Evasion and privacy inference attacks in the model predicting phase

From: Threats, attacks and defenses to federated learning: issues, taxonomy and perspectives

Attack Types

Goal

Attack Methods

Defense Strategies

Evasion

Making the model misclassification on adversary examples

Based on optimization; Based on gradient; Based on decision-making and so on

Empirical defense; Certified defense

Model Inversion

Obtaining privacy information of the original data

Attribute inference; Property inference

Model structure defense; Information obfuscation; Query control; Differential privacy

Membership Inference

Testing whether a specific point was part of the training dataset

Shadow model; Boundary attack

Model Extraction

Obtaining relevant information about the target model

Model parameter; Hyperparameter