applsci-logo

Journal Browser

Journal Browser

Security and Privacy in Machine Learning and Artificial Intelligence (AI)

A special issue of Applied Sciences (ISSN 2076-3417). This special issue belongs to the section "Computing and Artificial Intelligence".

Deadline for manuscript submissions: closed (30 October 2024) | Viewed by 14134

Special Issue Editors

School of Cyber Engineering, Xidian University, Xi’an 710126, China
Interests: artificial intelligence security and privacy; cryptography, cloud computing security

E-Mail Website
Guest Editor
State Key Laboratory of Public Big Data and the College of Computer Science and Technology, Guizhou University, Guiyang 550025, China
Interests: blockchain; data privacy; information security; AI security

E-Mail Website
Guest Editor
College of Computer Science and Technology, Qufu Normal University, Qufu 273165, China
Interests: information security theory; secure multi-party computing protocols; blockchain and smart contract applications

E-Mail Website
Guest Editor
School of Computing and Mathematic Sciences, University of Leicester, Leicester LE1 7RH, UK
Interests: machine learning; artificial intelligence; computer vision; human-computer interface
Special Issues, Collections and Topics in MDPI journals

Special Issue Information

Dear Colleagues,

In the past decade, the world has witnessed a booming development in the field of Machine Learning (ML) and Artificial Intelligence (AI). Under this trend, ML&AI techniques have been increasingly deployed for automated decisions in many critical applications, such as autonomous vehicles, personalized recommendations, cybersecurity, health care, and many more. However, the use of ML&AI in security- and privacy-sensitive domains, where adversaries may attempt to mislead or evade intelligent mechanisms, creates new frontiers for security research. On the one hand, ML&AI technologies, especially deep learning, have been repeatedly proven to suffer from trust and interpretability challenges in the face of various attacks, such as adversarial attacks, poisoning attacks, backdoor attacks, member inference, member reconstruction, etc. Therefore, new ML&AI theories and methods are required to ensure security and data privacy. On the other hand, to overcome the efficiency and application limitation of simple data encryption solutions, new security, and privacy technologies are necessary to exploit, such as federated learning, homomorphic encryption, differential privacy, secure multiparty computation, and many more. Moreover, with the promulgation of security and privacy legislation, such as the General Data Protection Regulation (GDPR), more restrictions are required for data owners, enterprises, and organizations in collecting, using, sharing, and managing Internet data. Therefore, how to ensure the security and privacy of the systems enabled by ML&AI techniques is becoming urgent and challenging.

This Special Issue is expected to publish high-quality and original papers presenting novel algorithms, protocols, or systems that enhance the security and privacy protections of the emerging ML&AI paradigm. Potential topics include, but are not limited to, the following research areas:

ML&AI Theoretical topics:

  • ML&AI interpretability
  • adversarial learning
  • differential privacy for ML&AI
  • cryptography for ML&AI

Application topics:

  • evasion attacks and defenses
  • poisoning attack and defenses
  • model inversion attacks and defenses
  • AI backdoors attacks and defenses
  • membership inference/reconstruction attacks and defenses
  • digital watermarking for ML&AI models
  • privacy-preserving data mining
  • privacy-preserving data publishing
  • ML&AI model processing platforms
  • ML&AI-based social networks security and privacy
  • ML&AI-based secure and privacy-preserving blockchain
  • secure and privacy-preserving outsourced ML&AI
  • security and privacy of federated machine learning
  • AI-based detection techniques, e.g., intrusion detection, anomaly detection, fraud detection, malicious codes, network anomalous behaviors, etc.

Other topics:

  • ML&AI fairness
  • ML&AI trust
  • ML&AI ethics

Dr. Tao Jiang
Dr. Yuling Chen
Prof. Dr. Yilei Wang
Prof. Dr. Huiyu (Joe) Zhou
Guest Editors

Manuscript Submission Information

Manuscripts should be submitted online at www.mdpi.com by registering and logging in to this website. Once you are registered, click here to go to the submission form. Manuscripts can be submitted until the deadline. All submissions that pass pre-check are peer-reviewed. Accepted papers will be published continuously in the journal (as soon as accepted) and will be listed together on the special issue website. Research articles, review articles as well as short communications are invited. For planned papers, a title and short abstract (about 100 words) can be sent to the Editorial Office for announcement on this website.

Submitted manuscripts should not have been published previously, nor be under consideration for publication elsewhere (except conference proceedings papers). All manuscripts are thoroughly refereed through a single-blind peer-review process. A guide for authors and other relevant information for submission of manuscripts is available on the Instructions for Authors page. Applied Sciences is an international peer-reviewed open access semimonthly journal published by MDPI.

Please visit the Instructions for Authors page before submitting a manuscript. The Article Processing Charge (APC) for publication in this open access journal is 2400 CHF (Swiss Francs). Submitted papers should be well formatted and use good English. Authors may use MDPI's English editing service prior to publication or during author revisions.

Keywords

  • machine learning and artificial intelligence
  • security and privacy
  • cryptography
  • attack and defense
  • theory and application

Benefits of Publishing in a Special Issue

  • Ease of navigation: Grouping papers by topic helps scholars navigate broad scope journals more efficiently.
  • Greater discoverability: Special Issues support the reach and impact of scientific research. Articles in Special Issues are more discoverable and cited more frequently.
  • Expansion of research network: Special Issues facilitate connections among authors, fostering scientific collaborations.
  • External promotion: Articles in Special Issues are often promoted through the journal's social media, increasing their visibility.
  • e-Book format: Special Issues with more than 10 articles can be published as dedicated e-books, ensuring wide and rapid dissemination.

Further information on MDPI's Special Issue polices can be found here.

Published Papers (8 papers)

Order results
Result details
Select all
Export citation of selected articles as:

Research

19 pages, 615 KiB  
Article
Targeted Training Data Extraction—Neighborhood Comparison-Based Membership Inference Attacks in Large Language Models
by Huan Xu, Zhanhao Zhang, Xiaodong Yu, Yingbo Wu, Zhiyong Zha, Bo Xu, Wenfeng Xu, Menglan Hu and Kai Peng
Appl. Sci. 2024, 14(16), 7118; https://doi.org/10.3390/app14167118 - 14 Aug 2024
Viewed by 1213
Abstract
A large language model refers to a deep learning model characterized by extensive parameters and pretraining on a large-scale corpus, utilized for processing natural language text and generating high-quality text output. The increasing deployment of large language models has brought significant attention to [...] Read more.
A large language model refers to a deep learning model characterized by extensive parameters and pretraining on a large-scale corpus, utilized for processing natural language text and generating high-quality text output. The increasing deployment of large language models has brought significant attention to their associated privacy and security issues. Recent experiments have demonstrated that training data can be extracted from these models due to their memory effect. Initially, research on large language model training data extraction focused primarily on non-targeted methods. However, following the introduction of targeted training data extraction by Carlini et al., prefix-based extraction methods to generate suffixes have garnered considerable interest, although current extraction precision remains low. This paper focuses on the targeted extraction of training data, employing various methods to enhance the precision and speed of the extraction process. Building on the work of Yu et al., we conduct a comprehensive analysis of the impact of different suffix generation methods on the precision of suffix generation. Additionally, we examine the quality and diversity of text generated by various suffix generation strategies. The study also applies membership inference attacks based on neighborhood comparison to the extraction of training data in large language models, conducting thorough evaluations and comparisons. The effectiveness of membership inference attacks in extracting training data from large language models is assessed, and the performance of different membership inference attacks is compared. Hyperparameter tuning is performed on multiple parameters to enhance the extraction of training data. Experimental results indicate that the proposed method significantly improves extraction precision compared to previous approaches. Full article
Show Figures

Figure 1

17 pages, 1420 KiB  
Article
Evaluating the Impact of Mobility on Differentially Private Federated Learning
by Eun-ji Kim and Eun-Kyu Lee
Appl. Sci. 2024, 14(12), 5245; https://doi.org/10.3390/app14125245 - 17 Jun 2024
Viewed by 545
Abstract
This paper investigates differential privacy in federated learning. This topic has been actively examined in conventional network environments, but few studies have investigated it in the Internet of Vehicles, especially considering various mobility patterns. In particular, this work aims to measure and enumerate [...] Read more.
This paper investigates differential privacy in federated learning. This topic has been actively examined in conventional network environments, but few studies have investigated it in the Internet of Vehicles, especially considering various mobility patterns. In particular, this work aims to measure and enumerate the trade-off between accuracy of performance and the level of data protection and evaluate how mobility patterns affect it. To this end, this paper proposes a method considering three factors: learning models, vehicle mobility, and a privacy algorithm. By taking into account mobility patterns, local differential privacy is enhanced with an adaptive clipping method and applied to a mobility-based federated learning model. Experiments run the model on vehicular networks with two different mobility scenarios representing a non-accident traffic situation and traffic events, respectively. Results show that our privacy-enhanced federated learning models degrade accuracy performance by 2.96–3.26% on average, which is compared to the performance drop (42.97% on average) in conventional federated learning models. Full article
Show Figures

Figure 1

17 pages, 6410 KiB  
Article
A Graph Neural Network Approach with Improved Levenberg–Marquardt for Electrical Impedance Tomography
by Ruwen Zhao, Chuanpei Xu, Zhibin Zhu and Wei Mo
Appl. Sci. 2024, 14(2), 595; https://doi.org/10.3390/app14020595 - 10 Jan 2024
Cited by 1 | Viewed by 1311
Abstract
Electrical impedance tomography (EIT) is a non-invasive imaging method that allows for the acquisition of resistivity distribution information within an object without the use of radiation. EIT is widely used in various fields, such as medical imaging, industrial imaging, geological exploration, etc. Presently, [...] Read more.
Electrical impedance tomography (EIT) is a non-invasive imaging method that allows for the acquisition of resistivity distribution information within an object without the use of radiation. EIT is widely used in various fields, such as medical imaging, industrial imaging, geological exploration, etc. Presently, most electrical impedance imaging methods are restricted to uniform domains, such as pixelated pictures. These algorithms rely on model learning-based image reconstruction techniques, which often necessitate interpolation and embedding if the fundamental imaging model is solved on a non-uniform grid. EIT technology still confronts several obstacles today, such as insufficient prior information, severe pathological conditions, numerous imaging artifacts, etc. In this paper, we propose a new electrical impedance tomography algorithm based on the graph convolutional neural network model. Our algorithm transforms the finite-element model (FEM) grid data from the ill-posed problem of EIT into a network graph within the graph convolutional neural network model. Subsequently, the parameters in the non-linear inverse problem of the EIT process are updated by using the improved Levenberg—Marquardt (ILM) method. This method generates an image that reflects the electrical impedance. The experimental results demonstrate the robust generalizability of our proposed algorithm, showcasing its effectiveness across different domain shapes, grids, and non-distributed data. Full article
Show Figures

Figure 1

10 pages, 341 KiB  
Article
Machine Unlearning by Reversing the Continual Learning
by Yongjing Zhang, Zhaobo Lu, Feng Zhang, Hao Wang and Shaojing Li
Appl. Sci. 2023, 13(16), 9341; https://doi.org/10.3390/app13169341 - 17 Aug 2023
Cited by 1 | Viewed by 2997
Abstract
Recent legislations, such as the European General Data Protection Regulation (GDPR), require user data holders to guarantee the individual’s right to be forgotten. This means that user data holders must completely delete user data upon request. However, in the field of machine learning, [...] Read more.
Recent legislations, such as the European General Data Protection Regulation (GDPR), require user data holders to guarantee the individual’s right to be forgotten. This means that user data holders must completely delete user data upon request. However, in the field of machine learning, it is not possible to simply remove these data from the back-end database wherein the training dataset is stored, because the machine learning model still retains this data information. Retraining the model using a dataset with these data removed can overcome this problem; however, this can lead to expensive computational overheads. In order to remedy this shortcoming, we propose two effective methods to help model owners or data holders remove private data from a trained model. The first method uses an elastic weight consolidation (EWC) constraint term and a modified loss function to neutralize the data to be removed. The second method approximates the posterior distribution of the model as a Gaussian distribution, and the model after unlearning is computed by decreasingly matching the moment (DMM) of the posterior distribution of the neural network trained on all data and the data to be removed. Finally, we conducted experiments on three standard datasets using backdoor attacks as the evaluation metric. The results show that both methods are effective in removing backdoor triggers in deep learning models. Specifically, EWC can reduce the success rate of backdoor attacks to 0. IMM can ensure that the model prediction accuracy is higher than 80% and keep the success rate of backdoor attacks below 10%. Full article
Show Figures

Figure 1

20 pages, 1931 KiB  
Article
Analysis of Cyber-Intelligence Frameworks for AI Data Processing
by Alberto Sánchez del Monte and Luis Hernández-Álvarez
Appl. Sci. 2023, 13(16), 9328; https://doi.org/10.3390/app13169328 - 17 Aug 2023
Viewed by 1948
Abstract
This paper deals with the concept of cyber intelligence and its components as a fundamental tool for the protection of information today. After that, the main cyber-intelligence frameworks that are currently applied worldwide (Diamond Model, Cyberkill Chain, and Mitre Att&ck) are described to [...] Read more.
This paper deals with the concept of cyber intelligence and its components as a fundamental tool for the protection of information today. After that, the main cyber-intelligence frameworks that are currently applied worldwide (Diamond Model, Cyberkill Chain, and Mitre Att&ck) are described to subsequently analyse them through their practical application in a real critical cyber incident, as well as analyse the strengths and weaknesses of each one of them according to the comparison of seventeen variables of interest. From this analysis and considering the two actions mentioned, it is concluded that Mitre Att&ck is the most suitable framework due to its flexibility, permanent updating, and the existence of a powerful database. Finally, an explanation is given for how Mitre Att&ck can be integrated with the research and application of artificial intelligence in the achievement of the objectives set and the development of tools that can serve as support for the detection of the patterns and authorship of cyberattacks. Full article
Show Figures

Figure 1

17 pages, 2232 KiB  
Article
Lattice-Based Group Signature with Message Recovery for Federal Learning
by Yongli Tang, Deng Pan, Panke Qin and Liping Lv
Appl. Sci. 2023, 13(15), 9007; https://doi.org/10.3390/app13159007 - 6 Aug 2023
Viewed by 1235
Abstract
Federal learning and privacy protection are inseparable. The participants in federated learning need to be the targets of privacy protection. On the other hand, federated learning can also be used as a tool for privacy attacks. Group signature is regarded as an effective [...] Read more.
Federal learning and privacy protection are inseparable. The participants in federated learning need to be the targets of privacy protection. On the other hand, federated learning can also be used as a tool for privacy attacks. Group signature is regarded as an effective tool for preserving user privacy. Additionally, message recovery is a useful cryptographic primitive that ensures message recovery during the verification phase. In federated learning, message recovery can reduce the transmission of parameters and help protect parameter privacy. In this paper, we propose a lattice-based group signature with message recovery (GS-MR). We then prove that the GS-MR scheme has full anonymity and traceability under the random oracle model, and we reduce anonymity and traceability to the hardness assumptions of ring learning with errors (RLWE) and ring short integer solution (RSIS), respectively. Furthermore, we conduct some experiments to evaluate the sizes of key and signature, and make a performance comparison between three lattice-based group signature schemes and the GS-MR scheme. The results show that the message–signature size of GS-MR is reduced by an average of 39.17% for less than 2000 members. Full article
Show Figures

Figure 1

16 pages, 986 KiB  
Article
ReliaMatch: Semi-Supervised Classification with Reliable Match
by Tao Jiang, Luyao Chen, Wanqing Chen, Wenjuan Meng and Peihan Qi
Appl. Sci. 2023, 13(15), 8856; https://doi.org/10.3390/app13158856 - 31 Jul 2023
Cited by 3 | Viewed by 1562
Abstract
Deep learning has been widely used in various tasks such as computer vision, natural language processing, predictive analysis, and recommendation systems in the past decade. However, practical scenarios often lack labeled data, posing challenges for traditional supervised methods. Semi-supervised classification methods address this [...] Read more.
Deep learning has been widely used in various tasks such as computer vision, natural language processing, predictive analysis, and recommendation systems in the past decade. However, practical scenarios often lack labeled data, posing challenges for traditional supervised methods. Semi-supervised classification methods address this by leveraging both labeled and unlabeled data to enhance model performance, but they face challenges in effectively utilizing unlabeled data and distinguishing reliable information from unreliable sources. This paper introduced ReliaMatch, a semi-supervised classification method that addresses these challenges by using a confidence threshold. It incorporates a curriculum learning stage, feature filtering, and pseudo-label filtering to improve classification accuracy and reliability. The feature filtering module eliminates ambiguous semantic features by comparing labeled and unlabeled data in the feature space. The pseudo-label filtering module removes unreliable pseudo-labels with low confidence, enhancing algorithm reliability. ReliaMatch employs a curriculum learning training mode, gradually increasing training dataset difficulty by combining selected samples and pseudo-labels with labeled data. This supervised approach enhances classification performance. Experimental results show that ReliaMatch effectively overcomes challenges associated with the underutilization of unlabeled data and the introduction of error information, outperforming the pseudo-label strategy in semi-supervised classification. Full article
Show Figures

Figure 1

17 pages, 497 KiB  
Article
MDIFL: Robust Federated Learning Based on Malicious Detection and Incentives
by Ruolan Wu, Yuling Chen, Chaoyue Tan and Yun Luo
Appl. Sci. 2023, 13(5), 2793; https://doi.org/10.3390/app13052793 - 21 Feb 2023
Cited by 2 | Viewed by 2051
Abstract
Federated Learning (FL) is an emerging distributed framework that enables clients to conduct distributed learning and globally share models without requiring data to leave the local. In the FL process, participants are required to contribute data resources and computing resources for model training. [...] Read more.
Federated Learning (FL) is an emerging distributed framework that enables clients to conduct distributed learning and globally share models without requiring data to leave the local. In the FL process, participants are required to contribute data resources and computing resources for model training. However, the traditional FL lacks security guarantees and is vulnerable to attacks and damages by malicious adversaries. In addition, the existing incentive methods lack fairness to participants. Therefore, accurately identifying and preventing malicious nodes from doing evil, while effectively selecting and incentivizing participants, plays a vital role in improving the security and performance of FL. In this paper, we propose a Robust Federated Learning Based on Malicious Detection and Incentives (MDIFL). Specifically, MDIFL first uses a gradient similarity to calculate reputation, thereby maintaining the reputation of participants and identifying malicious opponents, and then designs an effective incentive mechanism based on contract theory to achieve collaborative fairness. Extensive experimental results demonstrate that the proposed MDIFL can not only preferentially select and effectively motivate high-quality participants, but also correctly identify malicious adversaries, achieve fairness, and improve model performance. Full article
Show Figures

Figure 1

Back to TopTop