New Emerged Security and Privacy of Pre-trained Model: a Survey and Outlook

TL;DR

This survey systematically reviews emerging security and privacy challenges of pre-trained models, proposing a taxonomy of attack and defense methods based on model accessibility, and highlights future research directions.

Contribution

It provides the first comprehensive taxonomy of attacks and defenses for pre-trained models, categorizing them into No-Change, Input-Change, and Model-Change approaches.

Findings

Categorizes security issues of pre-trained models based on attack and defense accessibility.

Analyzes strengths and limitations of existing security and privacy methods.

Identifies new research opportunities in model security and privacy.

Abstract

Thanks to the explosive growth of data and the development of computational resources, it is possible to build pre-trained models that can achieve outstanding performance on various tasks, such as neural language processing, computer vision, and more. Despite their powerful capabilities, pre-trained models have also sparked attention to the emerging security challenges associated with their real-world applications. Security and privacy issues, such as leaking privacy information and generating harmful responses, have seriously undermined users' confidence in these powerful models. Concerns are growing as model performance improves dramatically. Researchers are eager to explore the unique security and privacy issues that have emerged, their distinguishing factors, and how to defend against them. However, the current literature lacks a clear taxonomy of emerging attacks and defenses for pre-trained models, which hinders a high-level and comprehensive understanding of these questions. To fill the gap, we conduct a systematical survey on the security risks of pre-trained models, proposing a taxonomy of attack and defense methods based on the accessibility of pre-trained models' input and weights in various security test scenarios. This taxonomy categorizes attacks and defenses into No-Change, Input-Change, and Model-Change approaches. With the taxonomy analysis, we capture the unique security and privacy issues of pre-trained models, categorizing and summarizing existing security issues based on their characteristics. In addition, we offer a timely and comprehensive review of each category's strengths and limitations. Our survey concludes by highlighting potential new research opportunities in the security and privacy of pre-trained models.