English
Related papers

Related papers: Label-only Model Inversion Attack: The Attack that…

200 papers

Machine learning models deployed as a service (MLaaS) are susceptible to model stealing attacks, where an adversary attempts to steal the model within a restricted access framework. While existing attacks demonstrate near-perfect…

Cryptography and Security · Computer Science 2022-04-26 Sunandini Sanyal , Sravanti Addepalli , R. Venkatesh Babu

In this evolving era of machine learning security, membership inference attacks have emerged as a potent threat to the confidentiality of sensitive data. In this attack, adversaries aim to determine whether a particular point was used…

Machine Learning · Computer Science 2024-06-21 Abhishek Sinha , Himanshi Tibrewal , Mansi Gupta , Nikhar Waghela , Shivank Garg

Model memorization has implications for both the generalization capacity of machine learning models and the privacy of their training data. This paper investigates label memorization in binary classification models through two novel passive…

Machine Learning · Computer Science 2025-03-18 Mohammad Wahiduzzaman Khan , Sheng Chen , Ilya Mironov , Leizhen Zhang , Rabib Noor

Many machine learning systems rely on data collected in the wild from untrusted sources, exposing the learning algorithms to data poisoning. Attackers can inject malicious data in the training dataset to subvert the learning process,…

Machine Learning · Statistics 2018-10-04 Andrea Paudice , Luis Muñoz-González , Emil C. Lupu

Machine learning models are vulnerable to membership inference attacks in which an adversary aims to predict whether or not a particular sample was contained in the target model's training dataset. Existing attack methods have commonly…

Cryptography and Security · Computer Science 2022-09-01 Yiyong Liu , Zhengyu Zhao , Michael Backes , Yang Zhang

Model Inversion (MI) attacks aim at leveraging the output information of target models to reconstruct privacy-sensitive training data, raising critical concerns regarding the privacy vulnerabilities of Deep Neural Networks (DNNs).…

Computer Vision and Pattern Recognition · Computer Science 2025-03-11 Yixiang Qiu , Hongyao Yu , Hao Fang , Tianqu Zhuang , Wenbo Yu , Bin Chen , Xuan Wang , Shu-Tao Xia , Ke Xu

Despite machine learning models being widely used today, the relationship between a model and its training dataset is not well understood. We explore correlation inference attacks, whether and when a model leaks information about the…

Machine Learning · Computer Science 2024-07-19 Ana-Maria Creţu , Florent Guépin , Yves-Alexandre de Montjoye

Machine unlearning has become a promising solution for fulfilling the "right to be forgotten", under which individuals can request the deletion of their data from machine learning models. However, existing studies of machine unlearning…

Cryptography and Security · Computer Science 2024-04-05 Hongsheng Hu , Shuo Wang , Tian Dong , Minhui Xue

Machine learning classifiers rely on loss functions for performance evaluation, often on a private (hidden) dataset. In a recent line of research, label inference was introduced as the problem of reconstructing the ground truth labels of…

Machine Learning · Computer Science 2021-11-02 Abhinav Aggarwal , Shiva Prasad Kasiviswanathan , Zekun Xu , Oluwaseyi Feyisetan , Nathanael Teissier

Property inference attacks against machine learning (ML) models aim to infer properties of the training data that are unrelated to the primary task of the model, and have so far been formulated as binary decision problems, i.e., whether or…

Machine Learning · Computer Science 2022-11-09 Raksha Ramakrishna , György Dán

Machine unlearning is motivated by desire for data autonomy: a person can request to have their data's influence removed from deployed models, and those models should be updated as if they were retrained without the person's data. We show…

Machine Learning · Computer Science 2024-05-31 Martin Bertran , Shuai Tang , Michael Kearns , Jamie Morgenstern , Aaron Roth , Zhiwei Steven Wu

Information leakage is becoming a critical problem as various information becomes publicly available by mistake, and machine learning models train on that data to provide services. As a result, one's private information could easily be…

Machine Learning · Computer Science 2022-12-02 Geon Heo , Steven Euijong Whang

In this paper we consider the setting where machine learning models are retrained on updated datasets in order to incorporate the most up-to-date information or reflect distribution shifts. We investigate whether one can infer information…

Machine Learning · Computer Science 2024-01-04 Tian Hui , Farhad Farokhi , Olga Ohrimenko

Model inversion attacks (MIAs) aim to reconstruct private images from a target classifier's training set, thereby raising privacy concerns in AI applications. Previous GAN-based MIAs tend to suffer from inferior generative fidelity due to…

Computer Vision and Pattern Recognition · Computer Science 2024-11-22 Ouxiang Li , Yanbin Hao , Zhicai Wang , Bin Zhu , Shuo Wang , Zaixi Zhang , Fuli Feng

These days, deep learning models have achieved great success in multiple fields, from autonomous driving to medical diagnosis. These models have expanded the abilities of artificial intelligence by offering great solutions to complex…

Cryptography and Security · Computer Science 2023-11-27 Gopichandh Golla

In this paper, we study a simple and generic framework to tackle the problem of learning model parameters when a fraction of the training samples are corrupted. We first make a simple observation: in a variety of such settings, the…

Machine Learning · Computer Science 2019-02-20 Yanyao Shen , Sujay Sanghavi

Model Inversion (MI) attacks aim to recover the private training data from the target model, which has raised security concerns about the deployment of DNNs in practice. Recent advances in generative adversarial models have rendered them…

Computer Vision and Pattern Recognition · Computer Science 2023-09-04 Gege Qi , YueFeng Chen , Xiaofeng Mao , Binyuan Hui , Xiaodan Li , Rong Zhang , Hui Xue

Recent works have demonstrated that deep learning models are vulnerable to backdoor poisoning attacks, where these attacks instill spurious correlations to external trigger patterns or objects (e.g., stickers, sunglasses, etc.). We find…

Computer Vision and Pattern Recognition · Computer Science 2022-07-25 Tong Wu , Tianhao Wang , Vikash Sehwag , Saeed Mahloujifar , Prateek Mittal

The rise of deep learning technique has raised new privacy concerns about the training data and test data. In this work, we investigate the model inversion problem in the adversarial settings, where the adversary aims at inferring…

Cryptography and Security · Computer Science 2019-02-25 Ziqi Yang , Ee-Chien Chang , Zhenkai Liang

Backdoor attacks insert malicious data into a training set so that, during inference time, it misclassifies inputs that have been patched with a backdoor trigger as the malware specified label. For backdoor attacks to bypass human…

Cryptography and Security · Computer Science 2022-04-18 Yi Zeng , Minzhou Pan , Hoang Anh Just , Lingjuan Lyu , Meikang Qiu , Ruoxi Jia