Model Inversion Attack

Model inversion attacks exploit machine learning models to reconstruct sensitive training data, posing a significant privacy risk. Current research focuses on developing and benchmarking increasingly sophisticated attacks, often leveraging generative adversarial networks (GANs) and diffusion models, while simultaneously exploring diverse defense mechanisms such as data augmentation, differential privacy, and architectural modifications (e.g., sparse coding). This active area of research is crucial for ensuring the responsible development and deployment of machine learning systems, particularly in privacy-sensitive applications.

Papers

January 9, 2023

Introducing Model Inversion Attacks on Automatic Speaker Recognition
Karla Pizzi, Franziska Boenisch, Ugur Sahin, Konstantin Böttinger
Speaker Verification Model Inversion Attack Inversion Performance Speaker Recognition System Model Inversion Voice Command Intermediate Speech Representation

December 22, 2022

GAN-based Domain Inference Attack
Yuechun Gu, Keke Chen
Generative Adversarial Network Model Inversion Attack Model Attack Generative Adversarial Network Training Domain Inference Attack

September 22, 2022

Privacy Attacks Against Biometric Models with Fewer Samples: Incorporating the Output of Multiple Models
Sohaib Ahmad, Benjamin Fuller, Kaleel Mahmood
Structured Output Privacy Attack Model Inversion Attack Multiple Model Single Sample Fake Fingerprint Biometric Model

September 21, 2022

Text Revealer: Private Text Reconstruction via Model Inversion Attacks against Transformers
Ruisi Zhang, Seira Hidano, Farinaz Koushanfar
Transformer Megatron Decepticons Text Classification Transformer Based Large Language Model Model Inversion Attack Text Reconstruction

September 16, 2022

Model Inversion Attacks against Graph Neural Networks
Zaixi Zhang, Qi Liu, Zhenya Huang, Hao Wang, Chee-Kong Lee, Enhong Chen
Graph Neural Network Privacy Attack Model Inversion Attack Private Graph Neural Network

September 13, 2022

Concealing Sensitive Samples against Gradient Leakage in Federated Learning
Jing Wu, Munawar Hayat, Mingyi Zhou, Mehrtash Harandi
Sensitive Data Private Data Model Inversion Attack Gradient Information Gradient Leakage

September 7, 2022

On the utility and protection of optimization with differential privacy and classic regularization techniques
Eugenio Lomurno, Matteo matteucci
Differential Privacy Optimization Purpose Privacy Preserving Task Utility Model Inversion Attack Private Stochastic Regularization Method

August 3, 2022

How Much Privacy Does Federated Learning with Secure Aggregation Guarantee?
Ahmed Roushdy Elkordy, Jiang Zhang, Yahya H. Ezzeldin, Konstantinos Psounis, Salman Avestimehr
Secure Aggregation Model Inversion Attack Privacy Protection Privacy Preserving Machine Learning FedAvg Algorithm

June 11, 2022

Bilateral Dependency Optimization: Defending Against Model-inversion Attacks
Xiong Peng, Feng Liu, Jingfen Zhang, Long Lan, Junjie Ye, Tongliang Liu, Bo Han
Model Inversion Attack Model Inversion Hilbert Schmidt Independence Criterion

May 9, 2022

ResSFL: A Resistance Transfer Framework for Defending Model Inversion Attack in Split Federated Learning
Jingtao Li, Adnan Siraj Rakin, Xing Chen, Zhezhi He, Deliang Fan, Chaitali Chakrabarti
Model Inversion Attack Model Inversion Split Federated Learning

April 26, 2022

You Don't Know My Favorite Color: Preventing Dialogue Representations from Revealing Speakers' Private Personas
Haoran Li, Yangqiu Song, Lixin Fan
Chatbot Response Private Data Model Inversion Attack Color Object Speaker Information Dialogue Representation Social Chatbots

March 27, 2022

Adversarial Representation Sharing: A Quantitative and Secure Collaborative Learning Framework
Jikun Chen, Feng Qiang, Na Ruan
Deep Learning Model Representation Learning Model Inversion Attack Data Representation Secure Collaborative Learning Imperceptible Adversarial

March 25, 2022

Canary Extraction in Natural Language Understanding Models
Rahil Parikh, Christophe Dupuy, Rahul Gupta
Language Understanding Model Inversion Attack Natural Language Understanding Language Understanding Model Canary Exposure

March 13, 2022

March 3, 2022

Label-Only Model Inversion Attacks via Boundary Repulsion
Mostafa Kahla, Si Chen, Hoang Anh Just, Ruoxi Jia
Model Inversion Attack Private Training Blackbox Attack Label Only Model Inversion Attack Black Box Model Inversion Attack

March 1, 2022

Beyond Gradients: Exploiting Adversarial Priors in Model Inversion Attacks
Dmitrii Usynin, Daniel Rueckert, Georgios Kaissis
Model Inversion Attack Threat Model Model Inversion

January 28, 2022

Plug & Play Attacks: Towards Robust and Flexible Model Inversion Attacks
Lukas Struppek, Dominik Hintersdorf, Antonio De Almeida Correia, Antonia Adler, Kristian Kersting
Generative Adversarial Network Robust Version New Attack Model Inversion Attack Single GAN

January 26, 2022

Variational Model Inversion Attacks
Kuan-Chieh Wang, Yan Fu, Ke Li, Ashish Khisti, Richard Zemel, Alireza Makhzani
Deep Generative Model Model Inversion Attack Variational Objective Variational Family

Model Inversion Attack

Papers

Introducing Model Inversion Attacks on Automatic Speaker Recognition

GAN-based Domain Inference Attack

Privacy Attacks Against Biometric Models with Fewer Samples: Incorporating the Output of Multiple Models

Text Revealer: Private Text Reconstruction via Model Inversion Attacks against Transformers

Model Inversion Attacks against Graph Neural Networks

Concealing Sensitive Samples against Gradient Leakage in Federated Learning

On the utility and protection of optimization with differential privacy and classic regularization techniques

How Much Privacy Does Federated Learning with Secure Aggregation Guarantee?

Bilateral Dependency Optimization: Defending Against Model-inversion Attacks

ResSFL: A Resistance Transfer Framework for Defending Model Inversion Attack in Split Federated Learning

You Don't Know My Favorite Color: Preventing Dialogue Representations from Revealing Speakers' Private Personas

Adversarial Representation Sharing: A Quantitative and Secure Collaborative Learning Framework

Canary Extraction in Natural Language Understanding Models

One Parameter Defense -- Defending against Data Inference Attacks via Differential Privacy

Model Inversion Attack against Transfer Learning: Inverting a Model without Accessing It

Label-only Model Inversion Attack: The Attack that Requires the Least Information

Label-Only Model Inversion Attacks via Boundary Repulsion

Beyond Gradients: Exploiting Adversarial Priors in Model Inversion Attacks

Plug & Play Attacks: Towards Robust and Flexible Model Inversion Attacks

Variational Model Inversion Attacks