Knowledge-Enriched Distributional Model Inversion Attacks

Chen, Si; Kahla, Mostafa; Jia, Ruoxi; Qi, Guo-Jun

doi:10.1109/iccv48922.2021.01587

Cited by 54 publications

(56 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Comparison with Previous MIA Approaches. We start by comparing our Plug & Play Attacks (PPA) against the most recent work on MIAs by Zhang et al [43] (GMA), Chen et al [3] (KED), and Wang et al [39] (VMI). We carefully selected the hyperparameters by testing various configurations and hyperparameters of each attack.…”

Section: Methodsmentioning

confidence: 99%

“…Chen et al [3] built upon this approach and improved the GAN's training process by including soft-labels produced by the target model. To recover the distribution for a target class rather than a single data point, the authors proposed to learn the mean and standard deviation of the latent distribution for each target class modeled by the generator.…”

Section: Model Inversion In Deep Learningmentioning

confidence: 99%

“…We compare our approach with the work of Zhang et al [43] (GMI), Chen et al [3] (KED), and Wang et al [39] (VMI). KED and VMI both need to be adjusted specifically for a single target model.…”

Section: B5 Comparison With Previous Mia Approachesmentioning

confidence: 99%

“…Previous MIAs, which we describe in Sec. 2, avoided distributional shifts and relied on GANs trained on the same data distribution as the target model [43,3,39], used additional input information such as blurred pictures of a person [43], and tailored the attack and its image prior to specific target models [3,39], restricting the reuse and flexibility of the attacks. Also, all approaches focused on low-resolution images, limiting the quality of extracted features.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Plug & Play Attacks: Towards Robust and Flexible Model Inversion Attacks

Struppek¹,

Hintersdorf²,

Correia³

et al. 2022

Preprint

View full text Add to dashboard Cite

Model inversion attacks (MIAs) aim to create synthetic images that reflect the class-wise characteristics from a target classifier's training data by exploiting the model's learned knowledge. Previous research has developed generative MIAs using generative adversarial networks (GANs) as image priors that are tailored to a specific target model. This makes the attacks time-and resource-consuming, inflexible, and susceptible to distributional shifts between datasets. To overcome these drawbacks, we present Plug & Play Attacks that loosen the dependency between the target model and image prior and enable the use of a single trained GAN to attack a broad range of targets with only minor attack adjustments needed. Moreover, we show that powerful MIAs are possible even with publicly available pre-trained GANs and under strong distributional shifts, whereas previous approaches fail to produce meaningful results. Our extensive evaluation confirms the improved robustness and flexibility of Plug & Play Attacks and their ability to create highquality images revealing sensitive class characteristics.

show abstract

Section: Methodsmentioning

confidence: 99%

Section: Model Inversion In Deep Learningmentioning

confidence: 99%

Section: B5 Comparison With Previous Mia Approachesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Plug & Play Attacks: Towards Robust and Flexible Model Inversion Attacks

Struppek¹,

Hintersdorf²,

Correia³

et al. 2022

Preprint

View full text Add to dashboard Cite

show abstract

“…A growing body of work has successfully demonstrated that it is possible to extract meaningful, potentially privacyviolating, information from DNNs. Novel attacks such as property-inference [4], model inversion [26], or membership inference [79] have shown that it is possible to extract additional properties from a model and correlate them to a specific subset of data contributors [4,29], reconstruct training data by simply querying the DNN [15,26,27,36,89], and determine the presence of a given input data in the training set used for a DNN [76,77,79], emphasising the need for privacy-preserving ML (PPML) mechanisms.…”

Section: Privacy Concerns With Deep Learningmentioning

confidence: 99%

FedComm: Federated Learning as a Medium for Covert Communication

Hitaj

Pagnotta

Hitaj

et al. 2022

Preprint

View full text Add to dashboard Cite

Proposed as a solution to mitigate the privacy implications related to the adoption of deep learning solutions, Federated Learning (FL) enables large numbers of participants to successfully train deep neural networks without having to reveal the actual private training data. To date, a substantial amount of research has investigated the security and privacy properties of FL, resulting in a plethora of innovative attack and defense strategies.This paper thoroughly investigates the communication capabilities of an FL scheme. In particular, we show that a party involved in the FL learning process, can use FL as a covert communication medium to send an arbitrary message.We introduce FedComm, a novel covert-communication technique that enables robust sharing and transfer of targeted payloads within the FL framework. Our extensive theoretical and empirical evaluations show that FedComm provides a stealthy communication channel, with minimal disruptions to the training process. Our experiments show that FedComm, allowed us to successfully deliver 100% of a payload in the order of kilobits before the FL procedure converges. Our evaluation also shows that FedComm is independent of the application domain and the neural network architecture used by the underlying FL scheme.

show abstract

Data Stealing Attack on Medical Images: Is It Safe to Export Networks from Data Lakes?

Ayache

Delingette

2022

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Knowledge-Enriched Distributional Model Inversion Attacks

Cited by 54 publications

References 16 publications

Plug & Play Attacks: Towards Robust and Flexible Model Inversion Attacks

Plug & Play Attacks: Towards Robust and Flexible Model Inversion Attacks

FedComm: Federated Learning as a Medium for Covert Communication

Data Stealing Attack on Medical Images: Is It Safe to Export Networks from Data Lakes?

Contact Info

Product

Resources

About