English
Related papers

Related papers: Label-only Model Inversion Attack: The Attack that…

200 papers

Model Inversion (MI), in which an adversary abuses access to a trained Machine Learning (ML) model attempting to infer sensitive information about its original training data, has attracted increasing research attention. During MI, the…

Machine Learning · Computer Science 2021-11-09 Qian Wang , Daniel Kurz

Deep learning models are known to be vulnerable to adversarial examples. A practical adversarial attack should require as little as possible knowledge of attacked models. Current substitute attacks need pre-trained models to generate…

Cryptography and Security · Computer Science 2020-04-01 Mingyi Zhou , Jing Wu , Yipeng Liu , Xiaolin Huang , Shuaicheng Liu , Xiang Zhang , Ce Zhu

Machine learning models are vulnerable to simple model stealing attacks if the adversary can obtain output labels for chosen inputs. To protect against these attacks, it has been proposed to limit the information provided to the adversary…

Machine Learning · Computer Science 2018-12-14 Taesung Lee , Benjamin Edwards , Ian Molloy , Dong Su

Machine learning has been applied to a broad range of applications and some of them are available online as application programming interfaces (APIs) with either free (trial) or paid subscriptions. In this paper, we study adversarial…

Machine Learning · Computer Science 2018-11-06 Yi Shi , Yalin E. Sagduyu , Kemal Davaslioglu , Jason H. Li

Most recent studies have shown several vulnerabilities to attacks with the potential to jeopardize the integrity of the model, opening in a few recent years a new window of opportunity in terms of cyber-security. The main interest of this…

Model extraction attacks are a kind of attacks where an adversary obtains a machine learning model whose performance is comparable with one of the victim model through queries and their results. This paper presents a novel model extraction…

Cryptography and Security · Computer Science 2021-10-01 Masataka Tasumi , Kazuki Iwahana , Naoto Yanai , Katsunari Shishido , Toshiya Shimizu , Yuji Higuchi , Ikuya Morikawa , Jun Yajima

Membership inference attacks are designed to determine, using black box access to trained models, whether a particular example was used in training or not. Membership inference can be formalized as a hypothesis testing problem. The most…

Machine Learning · Computer Science 2023-07-10 Martin Bertran , Shuai Tang , Michael Kearns , Jamie Morgenstern , Aaron Roth , Zhiwei Steven Wu

We focus on the problem of black-box adversarial attacks, where the aim is to generate adversarial examples for deep learning models solely based on information limited to output label~(hard label) to a queried data input. We propose a…

Machine Learning · Computer Science 2021-06-14 Satya Narayan Shukla , Anit Kumar Sahu , Devin Willmott , J. Zico Kolter

As a privacy-preserving method for implementing Vertical Federated Learning, Split Learning has been extensively researched. However, numerous studies have indicated that the privacy-preserving capability of Split Learning is insufficient.…

Machine Learning · Computer Science 2023-08-21 Haoze Qiu , Fei Zheng , Chaochao Chen , Xiaolin Zheng

Log-loss (also known as cross-entropy loss) metric is ubiquitously used across machine learning applications to assess the performance of classification algorithms. In this paper, we investigate the problem of inferring the labels of a…

Machine Learning · Computer Science 2021-06-15 Abhinav Aggarwal , Shiva Prasad Kasiviswanathan , Zekun Xu , Oluwaseyi Feyisetan , Nathanael Teissier

A significant number of machine learning models are vulnerable to model extraction attacks, which focus on stealing the models by using specially curated queries against the target model. This task is well accomplished by using part of the…

Cryptography and Security · Computer Science 2023-08-11 Harshit Shah , Aravindhan G , Pavan Kulkarni , Yuvaraj Govidarajulu , Manojkumar Parmar

Given the ubiquity of deep neural networks, it is important that these models do not reveal information about sensitive data that they have been trained on. In model inversion attacks, a malicious user attempts to recover the private…

Machine Learning · Computer Science 2022-01-27 Kuan-Chieh Wang , Yan Fu , Ke Li , Ashish Khisti , Richard Zemel , Alireza Makhzani

Audio-based machine learning systems frequently use public or third-party data, which might be inaccurate. This exposes deep neural network (DNN) models trained on such data to potential data poisoning attacks. In this type of assault,…

Cryptography and Security · Computer Science 2024-04-09 Orson Mengara

Model Inversion (MI) attacks pose a significant threat to the privacy of Deep Neural Networks by recovering training data distribution from well-trained models. While existing defenses often rely on regularization techniques to reduce…

Cryptography and Security · Computer Science 2024-11-26 Zhen-Ting Liu , Shang-Tse Chen

Privacy attacks on machine learning models aim to identify the data that is used to train such models. Such attacks, traditionally, are studied on static models that are trained once and are accessible by the adversary. Motivated to meet…

Machine Learning · Computer Science 2022-02-09 Ji Gao , Sanjam Garg , Mohammad Mahmoody , Prashant Nalini Vasudevan

Inference attacks against Machine Learning (ML) models allow adversaries to learn sensitive information about training data, model parameters, etc. While researchers have studied, in depth, several kinds of attacks, they have done so in…

Cryptography and Security · Computer Science 2021-10-07 Yugeng Liu , Rui Wen , Xinlei He , Ahmed Salem , Zhikun Zhang , Michael Backes , Emiliano De Cristofaro , Mario Fritz , Yang Zhang

A Model Inversion (MI) attack based on Generative Adversarial Networks (GAN) aims to recover the private training data from complex deep learning models by searching codes in the latent space. However, they merely search a deterministic…

Machine Learning · Computer Science 2024-04-23 Huan Bao , Kaimin Wei , Yongdong Wu , Jin Qian , Robert H. Deng

State-of-the-art machine learning models are vulnerable to data poisoning attacks whose purpose is to undermine the integrity of the model. However, the current literature on data poisoning attacks is mainly focused on ad hoc techniques…

Machine Learning · Computer Science 2021-02-12 Pooya Tavallali , Vahid Behzadan , Peyman Tavallali , Mukesh Singhal

Backdoor attacks represent a subtle yet effective class of cyberattacks targeting AI models, primarily due to their stealthy nature. The model behaves normally on clean data but exhibits malicious behavior only when the attacker embeds a…

Machine Learning · Computer Science 2025-09-29 Sujeevan Aseervatham , Achraf Kerzazi , Younès Bennani

Adversarial training was introduced as a way to improve the robustness of deep learning models to adversarial attacks. This training method improves robustness against adversarial attacks, but increases the models vulnerability to privacy…