Exploring Privacy Vulnerabilities in Deep Learning by Reconstructing Training Samples

Tian, Zhiyi

Exploring Privacy Vulnerabilities in Deep Learning by Reconstructing Training Samples

Tian, Zhiyi

Permalink

Publication Type:: Thesis
Issue Date:: 2024

Open Access

Copyright Clearance Process

Recently Added
In Progress
Open Access

This item is open access.

Adobe PDF

Download thesisAdobe PDF (3.18 MB)

View statistics

Full metadata record

Field	Value	Language
dc.contributor.author	Tian, Zhiyi
dc.date.accessioned	2025-03-28T03:42:35Z
dc.date.available	2025-03-28T03:42:35Z
dc.date.issued	2024
dc.identifier.uri	http://hdl.handle.net/10453/186268
dc.description	University of Technology Sydney. Faculty of Engineering and Information Technology.	en_US.UTF-8
dc.description.abstract	Deep learning models, while immensely powerful and capable of revolutionizing various fields, have a critical shortcoming: they are not inherently designed with privacy and security considerations. This oversight results in vulnerabilities that can affect the entire lifecycle of these models, from the initial training phase to their deployment and use in real-world applications. In recent years, a variety of sophisticated attacks have been developed specifically to exploit these vulnerabilities. During the training phase, adversaries can launch attacks such as poisoning attacks causing the model to make incorrect predictions or to operate in unintended ways. This thesis aims to study the knowledge acquired by existing deep learning models from the perspective of vulnerability analysis of these models. The goal is to enhance our understanding of deep learning models, with the ultimate aim of better leveraging deep learning methods. Specifically, this thesis is conducted from two perspectives: vulnerability analysis and deep learning applications. In our study of optimization-based model inversion, the this focuses on how to utilize the forward and backward propagation information of a model to reconstruct the category knowledge learned by the model. Specifically, we combine the adversarial examples generation methods to reconstruct the training data of the victim model. Through this research, we explore the privacy information of the training data contained in the model's forward and backward propagation. Building upon the insights garnered from vulnerability analysis, this thesis investigates semantic communication to explore privacy risks present in real deep learning applications in the future. In this thesis, we conducted some preliminary fundamental research to help us understand the challenges present in semantic communication. We examine how the knowledge acquired by deep learning models can be better utilized and scrutinized. This research lays the foundation for enhancing the privacy protection capabilities of semantic communication in the future. In summary, this thesis explores privacy vulnerabilities in deep learning models. It investigates model inversion attacks to understand the knowledge learned by these models and identify potential risks. The research reveals biases in the information learned by models and enhance our understanding of knowledge learned by deep learning models. Additionally, it introduces asynchronous multi-task semantic communication to enhance communication efficiency as preliminary foundational research. These findings highlight the importance of developing robust defense mechanisms and suggest avenues for future research to improve the privacy of deep learning applications.	en_US.UTF-8
dc.format	Thesis (PhD)
dc.language.iso	en_US	en_US.UTF-8
dc.relation	https://opus.lib.uts.edu.au/bitstream/10453/186268/1/thesis.pdf
dc.rights	info:eu-repo/semantics/openAccess
dc.rights	The author owns the copyright in this thesis including all reproduction and reuse rights for the work. The work may not be altered without the permission of the copyright owner. Attribution is essential when quoting or paraphrasing from this thesis.
dc.rights	© 2024 Zhiyi Tian
dc.rights	au.edu.uts.lib/cph
dc.title	Exploring Privacy Vulnerabilities in Deep Learning by Reconstructing Training Samples	en_US.UTF-8
dc.type	Thesis
utslib.copyright.status	open_access	*

Abstract:

Deep learning models, while immensely powerful and capable of revolutionizing various fields, have a critical shortcoming: they are not inherently designed with privacy and security considerations. This oversight results in vulnerabilities that can affect the entire lifecycle of these models, from the initial training phase to their deployment and use in real-world applications. In recent years, a variety of sophisticated attacks have been developed specifically to exploit these vulnerabilities. During the training phase, adversaries can launch attacks such as poisoning attacks causing the model to make incorrect predictions or to operate in unintended ways. This thesis aims to study the knowledge acquired by existing deep learning models from the perspective of vulnerability analysis of these models. The goal is to enhance our understanding of deep learning models, with the ultimate aim of better leveraging deep learning methods. Specifically, this thesis is conducted from two perspectives: vulnerability analysis and deep learning applications. In our study of optimization-based model inversion, the this focuses on how to utilize the forward and backward propagation information of a model to reconstruct the category knowledge learned by the model. Specifically, we combine the adversarial examples generation methods to reconstruct the training data of the victim model. Through this research, we explore the privacy information of the training data contained in the model's forward and backward propagation. Building upon the insights garnered from vulnerability analysis, this thesis investigates semantic communication to explore privacy risks present in real deep learning applications in the future. In this thesis, we conducted some preliminary fundamental research to help us understand the challenges present in semantic communication. We examine how the knowledge acquired by deep learning models can be better utilized and scrutinized. This research lays the foundation for enhancing the privacy protection capabilities of semantic communication in the future. In summary, this thesis explores privacy vulnerabilities in deep learning models. It investigates model inversion attacks to understand the knowledge learned by these models and identify potential risks. The research reveals biases in the information learned by models and enhance our understanding of knowledge learned by deep learning models. Additionally, it introduces asynchronous multi-task semantic communication to enhance communication efficiency as preliminary foundational research. These findings highlight the importance of developing robust defense mechanisms and suggest avenues for future research to improve the privacy of deep learning applications.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/186268