This report summarizes all the MIA experiments (Membership Inference Attacks)
of the Embedding Attack Project, including threat models, experimental setup,
experimental results, findings and discussion. Current results cover the
evaluation of two main MIA strategies (loss-based and embedding-based MIAs) on
6 AI models ranging from Computer Vision to Language Modelling. There are two
ongoing experiments on MIA defense and neighborhood-comparison embedding
attacks. These are ongoing projects.
The current work on MIA and PIA can be summarized into six conclusions: (1)
Amount of overfitting is directly proportional to model's vulnerability; (2)
early embedding layers in the model are less susceptible to privacy leaks; (3)
Deeper model layers contain more membership information; (4) Models are more
vulnerable to MIA if both embeddings and corresponding training labels are
compromised; (5) it is possible to use pseudo-labels to increase the MIA
success; and (6) although MIA and PIA success rates are proportional, reducing
the MIA does not necessarily reduce the PIA.

Embedding Attack Project 的 MIA 实验结果总结，包括威胁模型、实验设置、实验结果、发现和讨论。当前结果涵盖了对 6 个 AI 模型的两种主要 MIA 策略（基于损失和基于嵌入）的评估，涵盖了从计算机视觉到语言建模的范围。六个结论总结了关于 MIA 和 PIA 的当前研究成果。

嵌入攻击项目（工作报告）

Embedding Attack Project (Work Report)

In recent years, semantic communication has been a popular research topic for
its superiority in communication efficiency. As semantic communication relies
on deep learning to extract meaning from raw messages, it is vulnerable to
attacks targeting deep learning models. In this paper, we introduce the model
inversion eavesdropping attack (MIEA) to reveal the risk of privacy leaks in
the semantic communication system. In MIEA, the attacker first eavesdrops the
signal being transmitted by the semantic communication system and then performs
model inversion attack to reconstruct the raw message, where both the white-box
and black-box settings are considered. Evaluation results show that MIEA can
successfully reconstruct the raw message with good quality under different
channel conditions. We then propose a defense method based on random
permutation and substitution to defend against MIEA in order to achieve secure
semantic communication. Our experimental results demonstrate the effectiveness
of the proposed defense method in preventing MIEA.

介绍了语义通信系统中模型倒置窃听攻击（MIEA）的风险，并提出了一种基于随机排列和替换的防御方法，以实现安全的语义通信。