Pub Date : 2024-12-12DOI: 10.1109/TIFS.2024.3516549
Ziniu Liu;Han Yu;Kai Chen;Aiping Li
Large models require larger datasets. While people gain from using massive amounts of data to train large models, they must be concerned about privacy issues. To address this issue, we propose a novel approach for private generative modeling using the Sliced Wasserstein Distance (SWD) metric in a Differential Private (DP) manner. We propose Normalized Clipping, a parameter-free clipping technique that generates higher-quality images. We demonstrate the advantages of Normalized Clipping over the traditional clipping method in parameter tuning and model performance through experiments. Moreover, experimental results indicate that our model outperforms previous methods in differentially private image generation tasks.
{"title":"Privacy-Preserving Generative Modeling With Sliced Wasserstein Distance","authors":"Ziniu Liu;Han Yu;Kai Chen;Aiping Li","doi":"10.1109/TIFS.2024.3516549","DOIUrl":"10.1109/TIFS.2024.3516549","url":null,"abstract":"Large models require larger datasets. While people gain from using massive amounts of data to train large models, they must be concerned about privacy issues. To address this issue, we propose a novel approach for private generative modeling using the Sliced Wasserstein Distance (SWD) metric in a Differential Private (DP) manner. We propose Normalized Clipping, a parameter-free clipping technique that generates higher-quality images. We demonstrate the advantages of Normalized Clipping over the traditional clipping method in parameter tuning and model performance through experiments. Moreover, experimental results indicate that our model outperforms previous methods in differentially private image generation tasks.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"1011-1022"},"PeriodicalIF":6.3,"publicationDate":"2024-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142815916","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Adversarial training (AT) is widely considered the state-of-the-art technique for improving the robustness of deep neural networks (DNNs) against adversarial examples (AEs). Nevertheless, recent studies have revealed that adversarially trained models are prone to unfairness problems. Recent works in this field usually apply class-wise regularization methods to enhance the fairness of AT. However, this paper discovers that these paradigms can be sub-optimal in improving robust fairness. Specifically, we empirically observe that the AEs that are already robust (referred to as “easy AEs” in this paper) are useless and even harmful in improving robust fairness. To this end, we propose the hard adversarial example mining (HAM) technique which concentrates on mining hard AEs while discarding the easy AEs in AT. Specifically, HAM identifies the easy AEs and hard AEs with a fast adversarial attack method. By discarding the easy AEs and reweighting the hard AEs, the robust fairness of the model can be efficiently and effectively improved. Extensive experimental results on four image classification datasets demonstrate the improvement of HAM in robust fairness and training efficiency compared to several state-of-the-art fair adversarial training methods. Our code is available at �https://github.com/yyl-github-1896/HAM�.
{"title":"Hard Adversarial Example Mining for Improving Robust Fairness","authors":"Chenhao Lin;Xiang Ji;Yulong Yang;Qian Li;Zhengyu Zhao;Zhe Peng;Run Wang;Liming Fang;Chao Shen","doi":"10.1109/TIFS.2024.3516554","DOIUrl":"10.1109/TIFS.2024.3516554","url":null,"abstract":"Adversarial training (AT) is widely considered the state-of-the-art technique for improving the robustness of deep neural networks (DNNs) against adversarial examples (AEs). Nevertheless, recent studies have revealed that adversarially trained models are prone to unfairness problems. Recent works in this field usually apply class-wise regularization methods to enhance the fairness of AT. However, this paper discovers that these paradigms can be sub-optimal in improving robust fairness. Specifically, we empirically observe that the AEs that are already robust (referred to as “easy AEs” in this paper) are useless and even harmful in improving robust fairness. To this end, we propose the hard adversarial example mining (HAM) technique which concentrates on mining hard AEs while discarding the easy AEs in AT. Specifically, HAM identifies the easy AEs and hard AEs with a fast adversarial attack method. By discarding the easy AEs and reweighting the hard AEs, the robust fairness of the model can be efficiently and effectively improved. Extensive experimental results on four image classification datasets demonstrate the improvement of HAM in robust fairness and training efficiency compared to several state-of-the-art fair adversarial training methods. Our code is available at \u0000<uri>https://github.com/yyl-github-1896/HAM</uri>\u0000.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"350-363"},"PeriodicalIF":6.3,"publicationDate":"2024-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142815900","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Due to the successful development of deep image generation technology, visual data forgery detection would play a more important role in social and economic security. Existing forgery detection methods suffer from unsatisfactory generalization ability to determine the authenticity in the unseen domain. In this paper, we propose a novel Attention Consistency Refined masked frequency forgery representation model toward a generalizing face forgery detection algorithm (ACMF). Most forgery technologies always bring in high-frequency aware cues, which make it easy to distinguish source authenticity but difficult to generalize to unseen artifact types. The masked frequency forgery representation module is designed to explore robust forgery cues by randomly discarding high-frequency information. In addition, we find that the forgery saliency map inconsistency through the detection network could affect the generalizability. Thus, the forgery attention consistency is introduced to force detectors to focus on similar attention regions for better generalization ability. Experiment results on several public face forgery datasets (FaceForensic++, DFD, Celeb-DF, WDF and DFDC datasets) demonstrate the superior performance of the proposed method compared with the state-of-the-art methods. The source code and models are publicly available at �https://github.com/chenboluo/ACMF�.
{"title":"Attention Consistency Refined Masked Frequency Forgery Representation for Generalizing Face Forgery Detection","authors":"Decheng Liu;Tao Chen;Chunlei Peng;Nannan Wang;Ruimin Hu;Xinbo Gao","doi":"10.1109/TIFS.2024.3516561","DOIUrl":"10.1109/TIFS.2024.3516561","url":null,"abstract":"Due to the successful development of deep image generation technology, visual data forgery detection would play a more important role in social and economic security. Existing forgery detection methods suffer from unsatisfactory generalization ability to determine the authenticity in the unseen domain. In this paper, we propose a novel Attention Consistency Refined masked frequency forgery representation model toward a generalizing face forgery detection algorithm (ACMF). Most forgery technologies always bring in high-frequency aware cues, which make it easy to distinguish source authenticity but difficult to generalize to unseen artifact types. The masked frequency forgery representation module is designed to explore robust forgery cues by randomly discarding high-frequency information. In addition, we find that the forgery saliency map inconsistency through the detection network could affect the generalizability. Thus, the forgery attention consistency is introduced to force detectors to focus on similar attention regions for better generalization ability. Experiment results on several public face forgery datasets (FaceForensic++, DFD, Celeb-DF, WDF and DFDC datasets) demonstrate the superior performance of the proposed method compared with the state-of-the-art methods. The source code and models are publicly available at \u0000<uri>https://github.com/chenboluo/ACMF</uri>\u0000.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"504-515"},"PeriodicalIF":6.3,"publicationDate":"2024-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142815903","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-12-12DOI: 10.1109/TIFS.2024.3516585
Shahnewaz Karim Sakib;George T. Amariucai;Yong Guan
This paper analyzes the problem of estimating information leakage when the complete statistics of the privacy mechanism are not known, and the only available information consists of several input-output pairs obtained through interaction with the system or through some side channel. Several metrics, such as subjective leakage, objective leakage, and confidence boost, were introduced before for this purpose, but by design only work in a Bayesian framework. However, it is known that Bayesian inference can quickly become intractable if the domains of the involved variables are large. In this paper, we focus on this exact problem and propose a novel approach to perform an estimation of the leakage measures when the true knowledge of the privacy mechanism is beyond the reach of the user for a non-Bayesian framework using machine learning. Initially, we adapt the definition of leakage metrics to a non-Bayesian framework and derive their statistical bounds, and afterward, we evaluate the performance of those metrics via various experiments using Neural Networks, Random Forest Classifiers, and Support Vector Machines. We have also evaluated their performance on an image dataset to demonstrate the versatility of the metrics. Finally, we provide a comparative analysis between our proposed metrics and the metrics of the Bayesian framework.
{"title":"Information Leakage Measures for Imperfect Statistical Information: Application to Non-Bayesian Framework","authors":"Shahnewaz Karim Sakib;George T. Amariucai;Yong Guan","doi":"10.1109/TIFS.2024.3516585","DOIUrl":"10.1109/TIFS.2024.3516585","url":null,"abstract":"This paper analyzes the problem of estimating information leakage when the complete statistics of the privacy mechanism are not known, and the only available information consists of several input-output pairs obtained through interaction with the system or through some side channel. Several metrics, such as subjective leakage, objective leakage, and confidence boost, were introduced before for this purpose, but by design only work in a Bayesian framework. However, it is known that Bayesian inference can quickly become intractable if the domains of the involved variables are large. In this paper, we focus on this exact problem and propose a novel approach to perform an estimation of the leakage measures when the true knowledge of the privacy mechanism is beyond the reach of the user for a non-Bayesian framework using machine learning. Initially, we adapt the definition of leakage metrics to a non-Bayesian framework and derive their statistical bounds, and afterward, we evaluate the performance of those metrics via various experiments using Neural Networks, Random Forest Classifiers, and Support Vector Machines. We have also evaluated their performance on an image dataset to demonstrate the versatility of the metrics. Finally, we provide a comparative analysis between our proposed metrics and the metrics of the Bayesian framework.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"1065-1080"},"PeriodicalIF":6.3,"publicationDate":"2024-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142815834","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
In contrast to prevalent Federated Learning (FL) privacy inference techniques such as generative adversarial networks attacks, membership inference attacks, property inference attacks, and model inversion attacks, we devise an innovative privacy threat: the Data Distribution Decompose Attack on FL, termed �Decaf�. This attack enables an honest-but-curious FL server to meticulously profile the proportion of each class owned by the victim FL user, divulging sensitive information like local market item distribution and business competitiveness. The crux of �Decaf� lies in the profound observation that the magnitude of local model gradient changes closely mirrors the underlying data distribution, including the proportion of each class. �Decaf� addresses two crucial challenges: accurately identify the missing/null class(es) given by any victim user as a premise and then quantify the precise relationship between gradient changes and each remaining non-null class. Notably, �Decaf� operates stealthily, rendering it entirely passive and undetectable to victim users regarding the infringement of their data distribution privacy. Experimental validation on five benchmark datasets (MNIST, FASHION-MNIST, CIFAR-10, FER-2013, and SkinCancer) employing diverse model architectures, including customized convolutional networks, standardized VGG16, and ResNet18, demonstrates �Decaf�’s efficacy. Results indicate its ability to accurately decompose local user data distribution, regardless of whether it is IID or non-IID distributed. Specifically, the dissimilarity measured using �$L_{infty }$ � distance between the distribution decomposed by �Decaf� and ground truth is consistently below 5% when no null classes exist. Moreover, �Decaf� achieves 100% accuracy in determining any victim user’s null classes, validated through formal proof.
与流行的联邦学习(FL)隐私推理技术(如生成对抗网络攻击、成员推理攻击、属性推理攻击和模型反转攻击)相比,我们设计了一种创新的隐私威胁:针对FL的数据分布分解攻击,称为Decaf。这种攻击使诚实但好奇的FL服务器能够细致地描述受害者FL用户拥有的每个类的比例,泄露敏感信息,如当地市场商品分布和业务竞争力。Decaf的关键在于深刻的观察,即局部模型梯度变化的大小密切反映了底层数据分布,包括每个类别的比例。Decaf解决了两个关键的挑战:准确识别任何受害者用户给出的缺失/空类(es)作为前提,然后量化梯度变化与每个剩余非空类之间的精确关系。值得注意的是,Decaf是秘密运作的,使其完全被动,无法检测到受害者用户对其数据分发隐私的侵犯。在5个基准数据集(MNIST、FASHION-MNIST、CIFAR-10、fe -2013和皮肤癌)上进行实验验证,采用不同的模型架构,包括定制卷积网络、标准化VGG16和ResNet18,证明了Decaf的有效性。结果表明,无论本地用户数据分布是IID分布还是非IID分布,该算法都能够准确分解本地用户数据分布。具体来说,使用$L_{infty }$测量的不相似度,由Decaf分解的分布与ground truth之间的距离始终低于5% when no null classes exist. Moreover, Decaf achieves 100% accuracy in determining any victim user’s null classes, validated through formal proof.
{"title":"Decaf: Data Distribution Decompose Attack Against Federated Learning","authors":"Zhiyang Dai;Yansong Gao;Chunyi Zhou;Anmin Fu;Zhi Zhang;Minhui Xue;Yifeng Zheng;Yuqing Zhang","doi":"10.1109/TIFS.2024.3516545","DOIUrl":"10.1109/TIFS.2024.3516545","url":null,"abstract":"In contrast to prevalent Federated Learning (FL) privacy inference techniques such as generative adversarial networks attacks, membership inference attacks, property inference attacks, and model inversion attacks, we devise an innovative privacy threat: the Data Distribution Decompose Attack on FL, termed \u0000<monospace>Decaf</monospace>\u0000. This attack enables an honest-but-curious FL server to meticulously profile the proportion of each class owned by the victim FL user, divulging sensitive information like local market item distribution and business competitiveness. The crux of \u0000<monospace>Decaf</monospace>\u0000 lies in the profound observation that the magnitude of local model gradient changes closely mirrors the underlying data distribution, including the proportion of each class. \u0000<monospace>Decaf</monospace>\u0000 addresses two crucial challenges: accurately identify the missing/null class(es) given by any victim user as a premise and then quantify the precise relationship between gradient changes and each remaining non-null class. Notably, \u0000<monospace>Decaf</monospace>\u0000 operates stealthily, rendering it entirely passive and undetectable to victim users regarding the infringement of their data distribution privacy. Experimental validation on five benchmark datasets (MNIST, FASHION-MNIST, CIFAR-10, FER-2013, and SkinCancer) employing diverse model architectures, including customized convolutional networks, standardized VGG16, and ResNet18, demonstrates \u0000<monospace>Decaf</monospace>\u0000’s efficacy. Results indicate its ability to accurately decompose local user data distribution, regardless of whether it is IID or non-IID distributed. Specifically, the dissimilarity measured using \u0000<inline-formula> <tex-math>$L_{infty }$ </tex-math></inline-formula>\u0000 distance between the distribution decomposed by \u0000<monospace>Decaf</monospace>\u0000 and ground truth is consistently below 5% when no null classes exist. Moreover, \u0000<monospace>Decaf</monospace>\u0000 achieves 100% accuracy in determining any victim user’s null classes, validated through formal proof.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"405-420"},"PeriodicalIF":6.3,"publicationDate":"2024-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142815913","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-12-12DOI: 10.1109/TIFS.2024.3516540
Jia Sun;Yanfeng Li;Luyifu Chen;Houjin Chen;Minjun Wang
Person re-identification (re-ID) is a research hotspot in the field of intelligent monitoring and security. Domain generalizable (DG) person re-identification transfers the trained model directly to the unseen target domain for testing, which is closer to the practical application than supervised or unsupervised person re-ID. Meta-learning strategy is an effective way to solve the DG problem, nevertheless, existing meta-learning-based DG re-ID methods mainly simulates the test process in a single aspect such as identity or style, while ignoring the completely different person identities and styles in the unseen target domain. As to this problem, we consider a double disentangling from two levels of training strategy and feature learning, and propose a novel dualistic disentangled meta-learning (D$^{mathbf {2}}$ ML) model. D$^{mathbf {2}}$ ML is composed of two disentangling stages, one is for learning strategy, which spreads one-stage meta-test into two-stage, including an identity meta-test stage and a style meta-test stage. The other is for feature representation, which decouples the shallow layer features into identity-related features and style-related features. Specifically, we first conduct identity meta-test stage on different person identities of the images, and then employ a feature-level style perturbation module (SPM) based on Fourier spectrum transformation to conduct the style meta-test stage on the image with diversified styles. With these two stages, abundant changes in the unseen domain can be simulated during the meta-test phase. Besides, to learn more identity-related features, a feature disentangling module (FDM) is inserted at each stage of meta-learning and a disentangled triplet loss is developed. Through constraining the relationship between identity-related features and style-related features, the generalization ability of the model can be further improved. Experimental results on four public datasets show that our D$^{mathbf {2}}$ ML model achieves superior generalization performance compared to the state-of-the-art methods.
{"title":"Dualistic Disentangled Meta-Learning Model for Generalizable Person Re-Identification","authors":"Jia Sun;Yanfeng Li;Luyifu Chen;Houjin Chen;Minjun Wang","doi":"10.1109/TIFS.2024.3516540","DOIUrl":"10.1109/TIFS.2024.3516540","url":null,"abstract":"Person re-identification (re-ID) is a research hotspot in the field of intelligent monitoring and security. Domain generalizable (DG) person re-identification transfers the trained model directly to the unseen target domain for testing, which is closer to the practical application than supervised or unsupervised person re-ID. Meta-learning strategy is an effective way to solve the DG problem, nevertheless, existing meta-learning-based DG re-ID methods mainly simulates the test process in a single aspect such as identity or style, while ignoring the completely different person identities and styles in the unseen target domain. As to this problem, we consider a double disentangling from two levels of training strategy and feature learning, and propose a novel dualistic disentangled meta-learning (D<inline-formula> <tex-math>$^{mathbf {2}}$ </tex-math></inline-formula>ML) model. D<inline-formula> <tex-math>$^{mathbf {2}}$ </tex-math></inline-formula>ML is composed of two disentangling stages, one is for learning strategy, which spreads one-stage meta-test into two-stage, including an identity meta-test stage and a style meta-test stage. The other is for feature representation, which decouples the shallow layer features into identity-related features and style-related features. Specifically, we first conduct identity meta-test stage on different person identities of the images, and then employ a feature-level style perturbation module (SPM) based on Fourier spectrum transformation to conduct the style meta-test stage on the image with diversified styles. With these two stages, abundant changes in the unseen domain can be simulated during the meta-test phase. Besides, to learn more identity-related features, a feature disentangling module (FDM) is inserted at each stage of meta-learning and a disentangled triplet loss is developed. Through constraining the relationship between identity-related features and style-related features, the generalization ability of the model can be further improved. Experimental results on four public datasets show that our D<inline-formula> <tex-math>$^{mathbf {2}}$ </tex-math></inline-formula>ML model achieves superior generalization performance compared to the state-of-the-art methods.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"1106-1118"},"PeriodicalIF":6.3,"publicationDate":"2024-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142815917","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-12-12DOI: 10.1109/tifs.2024.3516565
Yuhan Chai, Ximing Chen, Jing Qiu, Lei Du, Yanjun Xiao, Qiying Feng, Shouling Ji, Zhihong Tian
{"title":"MalFSCIL: A Few-Shot Class-Incremental Learning Approach for Malware Detection","authors":"Yuhan Chai, Ximing Chen, Jing Qiu, Lei Du, Yanjun Xiao, Qiying Feng, Shouling Ji, Zhihong Tian","doi":"10.1109/tifs.2024.3516565","DOIUrl":"https://doi.org/10.1109/tifs.2024.3516565","url":null,"abstract":"","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"234 1","pages":""},"PeriodicalIF":6.8,"publicationDate":"2024-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142815906","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-12-12DOI: 10.1109/TIFS.2024.3516575
Yuhong Xue;Zhutian Yang;Zhilu Wu;Hu Wang;Guan Gui
Physical Layer Authentication (PLA) emerges as a promising security solution, offering efficient identity verification for the Internet of Things (IoT). The advent of 5G/6G technologies has ushered in an era of extensive device connectivity, diverse networks, and complex application scenarios within IoT ecosystems. These advancements necessitate PLA systems that are highly secure, robust, capable of online processing, and adaptable to unknown channel conditions. In this paper, we introduce a novel two-stage PLA framework that synergizes channel prediction with power-delay attributes, ensuring superior performance in mobile and time-varying channel environments. Specifically, our approach employs Sparse Variational Gaussian Processes (SVGP) to accurately model and track real-time channel variations, leveraging historical data for online predictions without incurring significant computational or storage overhead. The second stage of our framework enhances the robustness of the authentication process by incorporating power-delay features, which are inherently resistant to temporal fluctuations, thereby eliminating the need for additional feature extraction in noisy settings. Moreover, our authentication scheme is designed to be distribution-agnostic, utilizing Kernel Density Estimation (KDE) for non-parametric threshold determination in hypothesis testing. Theoretical analysis underpins the generalization capabilities of our proposed method. Simulation results in mobile scenarios reveal that our two-stage PLA framework reduces complexity and significantly improves identity authentication performance, particularly in scenarios with low signal-to-noise ratios.
{"title":"Online Two-Stage Channel-Based Lightweight Authentication Method for Time-Varying Scenarios","authors":"Yuhong Xue;Zhutian Yang;Zhilu Wu;Hu Wang;Guan Gui","doi":"10.1109/TIFS.2024.3516575","DOIUrl":"10.1109/TIFS.2024.3516575","url":null,"abstract":"Physical Layer Authentication (PLA) emerges as a promising security solution, offering efficient identity verification for the Internet of Things (IoT). The advent of 5G/6G technologies has ushered in an era of extensive device connectivity, diverse networks, and complex application scenarios within IoT ecosystems. These advancements necessitate PLA systems that are highly secure, robust, capable of online processing, and adaptable to unknown channel conditions. In this paper, we introduce a novel two-stage PLA framework that synergizes channel prediction with power-delay attributes, ensuring superior performance in mobile and time-varying channel environments. Specifically, our approach employs Sparse Variational Gaussian Processes (SVGP) to accurately model and track real-time channel variations, leveraging historical data for online predictions without incurring significant computational or storage overhead. The second stage of our framework enhances the robustness of the authentication process by incorporating power-delay features, which are inherently resistant to temporal fluctuations, thereby eliminating the need for additional feature extraction in noisy settings. Moreover, our authentication scheme is designed to be distribution-agnostic, utilizing Kernel Density Estimation (KDE) for non-parametric threshold determination in hypothesis testing. Theoretical analysis underpins the generalization capabilities of our proposed method. Simulation results in mobile scenarios reveal that our two-stage PLA framework reduces complexity and significantly improves identity authentication performance, particularly in scenarios with low signal-to-noise ratios.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"781-795"},"PeriodicalIF":6.3,"publicationDate":"2024-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142815918","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Pub Date : 2024-12-12DOI: 10.1109/TIFS.2024.3516566
Xiongjun Guan;Zhiyu Pan;Jianjiang Feng;Jie Zhou
Currently, portable electronic devices are becoming more and more popular. For lightweight considerations, their fingerprint recognition modules usually use limited-size sensors. However, partial fingerprints have few matchable features, especially when there are differences in finger pressing posture or image quality, which makes partial fingerprint verification challenging. Most existing methods regard fingerprint position rectification and identity verification as independent tasks, ignoring the coupling relationship between them—relative pose estimation typically relies on paired features as anchors, and authentication accuracy tends to improve with more precise pose alignment. In this paper, we propose a novel framework for joint identity verification and pose alignment of partial fingerprint pairs, aiming to leverage their inherent correlation to improve each other. To achieve this, we present a multi-task CNN (Convolutional Neural Network)-Transformer hybrid network, and design a pre-training task to enhance the feature extraction capability. Experiments on multiple public datasets (NIST SD14, FVC2002 DB1_A & DB3_A, FVC2004 DB1_A & DB2_A, FVC2006 DB1_A) and an in-house dataset demonstrate that our method achieves state-of-the-art performance in both partial fingerprint verification and relative pose estimation, while being more efficient than previous methods. Code is available at: �https://github.com/XiongjunGuan/JIPNet�.
{"title":"Joint Identity Verification and Pose Alignment for Partial Fingerprints","authors":"Xiongjun Guan;Zhiyu Pan;Jianjiang Feng;Jie Zhou","doi":"10.1109/TIFS.2024.3516566","DOIUrl":"10.1109/TIFS.2024.3516566","url":null,"abstract":"Currently, portable electronic devices are becoming more and more popular. For lightweight considerations, their fingerprint recognition modules usually use limited-size sensors. However, partial fingerprints have few matchable features, especially when there are differences in finger pressing posture or image quality, which makes partial fingerprint verification challenging. Most existing methods regard fingerprint position rectification and identity verification as independent tasks, ignoring the coupling relationship between them—relative pose estimation typically relies on paired features as anchors, and authentication accuracy tends to improve with more precise pose alignment. In this paper, we propose a novel framework for joint identity verification and pose alignment of partial fingerprint pairs, aiming to leverage their inherent correlation to improve each other. To achieve this, we present a multi-task CNN (Convolutional Neural Network)-Transformer hybrid network, and design a pre-training task to enhance the feature extraction capability. Experiments on multiple public datasets (NIST SD14, FVC2002 DB1_A & DB3_A, FVC2004 DB1_A & DB2_A, FVC2006 DB1_A) and an in-house dataset demonstrate that our method achieves state-of-the-art performance in both partial fingerprint verification and relative pose estimation, while being more efficient than previous methods. Code is available at: \u0000<uri>https://github.com/XiongjunGuan/JIPNet</uri>\u0000.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"249-263"},"PeriodicalIF":6.3,"publicationDate":"2024-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142815908","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
Federated learning (FL) emerged as a paradigm designed to improve data privacy by enabling data to reside at its source, thus embedding privacy as a core consideration in FL architectures, whether centralized or decentralized. Contrasting with recent findings by Pasquini et al., which suggest that decentralized FL does not empirically offer any additional privacy or security benefits over centralized models, our study provides compelling evidence to the contrary. We demonstrate that decentralized FL, when deploying distributed optimization, provides enhanced privacy protection - both theoretically and empirically - compared to centralized approaches. The challenge of quantifying privacy loss through iterative processes has traditionally constrained the theoretical exploration of FL protocols. We overcome this by conducting a pioneering in-depth information-theoretical privacy analysis for both frameworks. Our analysis, considering both eavesdropping and passive adversary models, successfully establishes bounds on privacy leakage. In particular, we show information theoretically that the privacy loss in decentralized FL is upper bounded by the loss in centralized FL. Compared to the centralized case where local gradients of individual participants are directly revealed, a key distinction of optimization-based decentralized FL is that the relevant information includes differences of local gradients over successive iterations and the aggregated sum of different nodes’ gradients over the network. This information complicates the adversary’s attempt to infer private data. To bridge our theoretical insights with practical applications, we present detailed case studies involving logistic regression and deep neural networks. These examples demonstrate that while privacy leakage remains comparable in simpler models, complex models like deep neural networks exhibit lower privacy risks under decentralized FL. Extensive numerical tests further validate that decentralized FL is more resistant to privacy attacks, aligning with our theoretical findings.
{"title":"Provable Privacy Advantages of Decentralized Federated Learning via Distributed Optimization","authors":"Wenrui Yu;Qiongxiu Li;Milan Lopuhaä-Zwakenberg;Mads Græsbøll Christensen;Richard Heusdens","doi":"10.1109/TIFS.2024.3516564","DOIUrl":"10.1109/TIFS.2024.3516564","url":null,"abstract":"Federated learning (FL) emerged as a paradigm designed to improve data privacy by enabling data to reside at its source, thus embedding privacy as a core consideration in FL architectures, whether centralized or decentralized. Contrasting with recent findings by Pasquini et al., which suggest that decentralized FL does not empirically offer any additional privacy or security benefits over centralized models, our study provides compelling evidence to the contrary. We demonstrate that decentralized FL, when deploying distributed optimization, provides enhanced privacy protection - both theoretically and empirically - compared to centralized approaches. The challenge of quantifying privacy loss through iterative processes has traditionally constrained the theoretical exploration of FL protocols. We overcome this by conducting a pioneering in-depth information-theoretical privacy analysis for both frameworks. Our analysis, considering both eavesdropping and passive adversary models, successfully establishes bounds on privacy leakage. In particular, we show information theoretically that the privacy loss in decentralized FL is upper bounded by the loss in centralized FL. Compared to the centralized case where local gradients of individual participants are directly revealed, a key distinction of optimization-based decentralized FL is that the relevant information includes differences of local gradients over successive iterations and the aggregated sum of different nodes’ gradients over the network. This information complicates the adversary’s attempt to infer private data. To bridge our theoretical insights with practical applications, we present detailed case studies involving logistic regression and deep neural networks. These examples demonstrate that while privacy leakage remains comparable in simpler models, complex models like deep neural networks exhibit lower privacy risks under decentralized FL. Extensive numerical tests further validate that decentralized FL is more resistant to privacy attacks, aligning with our theoretical findings.","PeriodicalId":13492,"journal":{"name":"IEEE Transactions on Information Forensics and Security","volume":"20 ","pages":"822-838"},"PeriodicalIF":6.3,"publicationDate":"2024-12-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":null,"resultStr":null,"platform":"Semanticscholar","paperid":"142815899","PeriodicalName":null,"FirstCategoryId":null,"ListUrlMain":null,"RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":"","EPubDate":null,"PubModel":null,"JCR":null,"JCRName":null,"Score":null,"Total":0}
京公网安备 11010802042870号
京ICP备2023020795号-1
扫码关注我们
求助内容:
应助结果提醒方式: