Metaverse is trending to create a digital circumstance that can transfer the
real world to an online platform supported by large quantities of real-time
interactions. Pre-trained Artificial Intelligence (AI) models are demonstrating
their increasing capability in aiding the metaverse to achieve an excellent
response with negligible delay, and nowadays, many large models are
collaboratively trained by various participants in a manner named collaborative
deep learning (CDL). However, several security weaknesses can threaten the
safety of the CDL training process, which might result in fatal attacks to
either the pre-trained large model or the local sensitive data sets possessed
by an individual entity. In CDL, malicious participants can hide within the
major innocent and silently uploads deceptive parameters to degenerate the
model performance, or they can abuse the downloaded parameters to construct a
Generative Adversarial Network (GAN) to acquire the private information of
others illegally. To compensate for these vulnerabilities, this paper proposes
an adversary detection-deactivation method, which can limit and isolate the
access of potential malicious participants, quarantine and disable the
GAN-attack or harmful backpropagation of received threatening gradients. A
detailed protection analysis has been conducted on a Multiview CDL case, and
results show that the protocol can effectively prevent harmful access by
heuristic manner analysis and can protect the existing model by swiftly
checking received gradients using only one low-cost branch with an embedded
firewall.

本文提出了一种对抗性检测与停用方法来限制和隔离潜在的恶意参与者的访问，隔离和禁用生成对抗网络（GAN）攻击或受到威胁梯度的有害反向传播，通过启用嵌入式防火墙的低成本分支来迅速检查接收到的梯度，从而有效地防止有害访问并保护现有模型。

面向元宇宙的强鲁棒对抗检测与去活化方法

A Robust Adversary Detection-Deactivation Method for Metaverse-oriented  Collaborative Deep Learning

Deep Learning has recently become hugely popular in machine learning,
providing significant improvements in classification accuracy in the presence
of highly-structured and large databases.
Researchers have also considered privacy implications of deep learning.
Models are typically trained in a centralized manner with all the data being
processed by the same training algorithm. If the data is a collection of users'
private data, including habits, personal pictures, geographical positions,
interests, and more, the centralized server will have access to sensitive
information that could potentially be mishandled. To tackle this problem,
collaborative deep learning models have recently been proposed where parties
locally train their deep learning structures and only share a subset of the
parameters in the attempt to keep their respective training sets private.
Parameters can also be obfuscated via differential privacy (DP) to make
information extraction even more challenging, as proposed by Shokri and
Shmatikov at CCS'15.
Unfortunately, we show that any privacy-preserving collaborative deep
learning is susceptible to a powerful attack that we devise in this paper. In
particular, we show that a distributed, federated, or decentralized deep
learning approach is fundamentally broken and does not protect the training
sets of honest participants. The attack we developed exploits the real-time
nature of the learning process that allows the adversary to train a Generative
Adversarial Network (GAN) that generates prototypical samples of the targeted
training set that was meant to be private (the samples generated by the GAN are
intended to come from the same distribution as the training data).
Interestingly, we show that record-level DP applied to the shared parameters of
the model, as suggested in previous work, is ineffective (i.e., record-level DP
is not designed to address our attack).

本文研究了协作深度学习的隐私问题以及差分隐私技术的应用，结果发现目前的方法都无法保护参与者的训练数据隐私，因为我们提出了一种基于生成对抗网络的攻击方法。