From: Threats, attacks and defenses to federated learning: issues, taxonomy and perspectives
Attack Types | Goal | Attack Methods | Defense Strategies |
---|---|---|---|
Evasion | Making the model misclassification on adversary examples | Based on optimization; Based on gradient; Based on decision-making and so on | Empirical defense; Certified defense |
Model Inversion | Obtaining privacy information of the original data | Attribute inference; Property inference | Model structure defense; Information obfuscation; Query control; Differential privacy |
Membership Inference | Testing whether a specific point was part of the training dataset | Shadow model; Boundary attack | |
Model Extraction | Obtaining relevant information about the target model | Model parameter; Hyperparameter |