Due to the advances of sensing and storage technologies, a tremendous amount of data becomes available and, it supports the phenomenal growth of artificial intelligence (AI) techniques especially, deep learning (DL), in various application domains. While the data sources become valuable assets for enabling the success of autonomous decision-making, they also lead to critical vulnerabilities in privacy and security. For example, data leakage can be exploited via querying and eavesdropping in the exploratory phase for black-box attacks against DL-based autonomous decision-making systems. To address this issue, in this work, we propose a novel data encryption method, called AdvEncryption, by exploiting the principle of adversarial attacks. Different from existing encryption technologies, the AdvEncryption method is not developed to prevent attackers from exploiting the dataset. Instead, our proposed method aims to trap the attackers in a misleading feature distillation of the data. To achieve this goal, our AdvEncryption method consists of two essential components: 1) an adversarial attack-inspired encryption mechanism to encrypt the data with stealthy adversarial perturbation, and 2) a decryption mechanism that minimizes the impact of the perturbations on the effectiveness of autonomous decision making. In the performance evaluation section, we evaluate the performance of our proposed AdvEncryption method through case studies considering different scenarios.
翻译:由于遥感和储存技术的进步,大量的数据可以提供,而且它支持人工智能(AI)技术的惊人增长,特别是在各种应用领域的深层次学习(DL),数据源成为使自主决策取得成功的宝贵资产,但也导致隐私和安全方面的关键脆弱性。例如,在对基于DL的自主决策系统进行黑箱攻击的探索阶段,可以通过查询和偷听来利用数据泄漏。为了解决这个问题,我们在此工作中提议采用一种新的数据加密方法,称为AdvEncrepry,利用对抗性攻击原则。与现有的加密技术不同,AdvEncreption方法没有开发来防止攻击者利用数据集。相反,我们提议的方法旨在将攻击者困在一种误导性特征的蒸馏数据中。为了实现这一目标,我们的AdvEncreprytion方法由两个基本组成部分组成:(1) 一种对抗性攻击性催化加密机制,用以将数据加密为隐性对性对性反性攻击性攻击性攻击性攻击性攻击性攻击,利用对抗性攻击性攻击性攻击性攻击性攻击原则。与现有的加密方法不同,在进行反向性攻击性攻击性攻击性攻击性攻击性攻击性攻击性攻击性攻击性攻击性攻击性攻击性攻击性攻击性评价时,我们决定的影响方面考虑。