English

Plug & Play Attacks: Towards Robust and Flexible Model Inversion Attacks

Machine Learning 2022-06-10 v4 Artificial Intelligence Computer Vision and Pattern Recognition

Abstract

Model inversion attacks (MIAs) aim to create synthetic images that reflect the class-wise characteristics from a target classifier's private training data by exploiting the model's learned knowledge. Previous research has developed generative MIAs that use generative adversarial networks (GANs) as image priors tailored to a specific target model. This makes the attacks time- and resource-consuming, inflexible, and susceptible to distributional shifts between datasets. To overcome these drawbacks, we present Plug & Play Attacks, which relax the dependency between the target model and image prior, and enable the use of a single GAN to attack a wide range of targets, requiring only minor adjustments to the attack. Moreover, we show that powerful MIAs are possible even with publicly available pre-trained GANs and under strong distributional shifts, for which previous approaches fail to produce meaningful results. Our extensive evaluation confirms the improved robustness and flexibility of Plug & Play Attacks and their ability to create high-quality images revealing sensitive class characteristics.

Keywords

Cite

@article{arxiv.2201.12179,
  title  = {Plug & Play Attacks: Towards Robust and Flexible Model Inversion Attacks},
  author = {Lukas Struppek and Dominik Hintersdorf and Antonio De Almeida Correia and Antonia Adler and Kristian Kersting},
  journal= {arXiv preprint arXiv:2201.12179},
  year   = {2022}
}

Comments

Accepted by ICML 2022

R2 v1 2026-06-24T09:07:32.206Z