English
Related papers

Related papers: Dissecting Distribution Inference

200 papers
Formalizing and Estimating Distribution Inference Risks

Distribution inference, sometimes called property inference, infers statistical properties about a training set from access to a model trained on that data. Distribution inference attacks can pose serious risks when models are trained on…

Machine Learning · Computer Science 2022-07-06 Anshuman Suri , David Evans
Are Attribute Inference Attacks Just Imputation?

Models can expose sensitive information about their training data. In an attribute inference attack, an adversary has partial knowledge of some training records and access to a model trained on those records, and infers the unknown values…

Cryptography and Security · Computer Science 2022-09-07 Bargav Jayaraman , David Evans
Distribution inference risks: Identifying and mitigating sources of leakage

A large body of work shows that machine learning (ML) models can leak sensitive or confidential information about their training data. Recently, leakage due to distribution inference (or property inference) attacks is gaining attention. In…

Cryptography and Security · Computer Science 2022-09-20 Valentin Hartmann , Léo Meynent , Maxime Peyrard , Dimitrios Dimitriadis , Shruti Tople , Robert West
The best defense is a good offense: Countering black box attacks by predicting slightly wrong labels

Black-Box attacks on machine learning models occur when an attacker, despite having no access to the inner workings of a model, can successfully craft an attack by means of model theft. The attacker will train an own substitute model that…

Machine Learning · Computer Science 2017-11-16 Yannic Kilcher , Thomas Hofmann
Inference Attacks Against Graph Generative Diffusion Models

Graph generative diffusion models have recently emerged as a powerful paradigm for generating complex graph structures, effectively capturing intricate dependencies and relationships within graph data. However, the privacy risks associated…

Machine Learning · Computer Science 2026-01-08 Xiuling Wang , Xin Huang , Guibo Luo , Jianliang Xu
Understanding the Robustness of Randomized Feature Defense Against Query-Based Adversarial Attacks

Recent works have shown that deep neural networks are vulnerable to adversarial examples that find samples close to the original image but can make the model misclassify. Even with access only to the model's output, an attacker can employ…

Machine Learning · Computer Science 2023-10-03 Quang H. Nguyen , Yingjie Lao , Tung Pham , Kok-Seng Wong , Khoa D. Doan
Scalable Membership Inference Attacks via Quantile Regression

Membership inference attacks are designed to determine, using black box access to trained models, whether a particular example was used in training or not. Membership inference can be formalized as a hypothesis testing problem. The most…

Machine Learning · Computer Science 2023-07-10 Martin Bertran , Shuai Tang , Michael Kearns , Jamie Morgenstern , Aaron Roth , Zhiwei Steven Wu
Universal Distributional Decision-based Black-box Adversarial Attack with Reinforcement Learning

The vulnerability of the high-performance machine learning models implies a security risk in applications with real-world consequences. Research on adversarial attacks is beneficial in guiding the development of machine learning models on…

Machine Learning · Computer Science 2022-11-16 Yiran Huang , Yexu Zhou , Michael Hefenbrock , Till Riedel , Likun Fang , Michael Beigl
Formalizing Distribution Inference Risks

Property inference attacks reveal statistical properties about a training set but are difficult to distinguish from the primary purposes of statistical machine learning, which is to produce models that capture statistical properties about a…

Machine Learning · Computer Science 2021-09-28 Anshuman Suri , David Evans
Towards Demystifying Membership Inference Attacks

Membership inference attacks seek to infer membership of individual training instances of a model to which an adversary has black-box access through a machine learning-as-a-service API. In providing an in-depth characterization of…

Cryptography and Security · Computer Science 2019-02-04 Stacey Truex , Ling Liu , Mehmet Emre Gursoy , Lei Yu , Wenqi Wei
DiffDefense: Defending against Adversarial Attacks via Diffusion Models

This paper presents a novel reconstruction method that leverages Diffusion Models to protect machine learning classifiers against adversarial attacks, all without requiring any modifications to the classifiers themselves. The susceptibility…

Machine Learning · Computer Science 2023-09-08 Hondamunige Prasanna Silva , Lorenzo Seidenari , Alberto Del Bimbo
NATTACK: Learning the Distributions of Adversarial Examples for an Improved Black-Box Attack on Deep Neural Networks

Powerful adversarial attack methods are vital for understanding how to construct robust deep neural networks (DNNs) and for thoroughly testing defense techniques. In this paper, we propose a black-box adversarial attack algorithm that can…

Machine Learning · Computer Science 2019-12-11 Yandong Li , Lijun Li , Liqiang Wang , Tong Zhang , Boqing Gong
Delving into Data: Effectively Substitute Training for Black-box Attack

Deep models have shown their vulnerability when processing adversarial samples. As for the black-box attack, without access to the architecture and weights of the attacked model, training a substitute model for adversarial attacks has…

Computer Vision and Pattern Recognition · Computer Science 2021-04-27 Wenxuan Wang , Bangjie Yin , Taiping Yao , Li Zhang , Yanwei Fu , Shouhong Ding , Jilin Li , Feiyue Huang , Xiangyang Xue
Membership Inference Attacks by Exploiting Loss Trajectory

Machine learning models are vulnerable to membership inference attacks in which an adversary aims to predict whether or not a particular sample was contained in the target model's training dataset. Existing attack methods have commonly…

Cryptography and Security · Computer Science 2022-09-01 Yiyong Liu , Zhengyu Zhao , Michael Backes , Yang Zhang
Explore the vulnerability of black-box models via diffusion models

Recent advancements in diffusion models have enabled high-fidelity and photorealistic image generation across diverse applications. However, these models also present security and privacy risks, including copyright violations, sensitive…

Computer Vision and Pattern Recognition · Computer Science 2025-06-10 Jiacheng Shi , Yanfu Zhang , Huajie Shao , Ashley Gao
Query Efficient Cross-Dataset Transferable Black-Box Attack on Action Recognition

Black-box adversarial attacks present a realistic threat to action recognition systems. Existing black-box attacks follow either a query-based approach where an attack is optimized by querying the target model, or a transfer-based approach…

Computer Vision and Pattern Recognition · Computer Science 2022-11-24 Rohit Gupta , Naveed Akhtar , Gaurav Kumar Nayak , Ajmal Mian , Mubarak Shah
Black-box Model Inversion Attribute Inference Attacks on Classification Models

Increasing use of ML technologies in privacy-sensitive domains such as medical diagnoses, lifestyle predictions, and business decisions highlights the need to better understand if these ML technologies are introducing leakages of sensitive…

Cryptography and Security · Computer Science 2020-12-08 Shagufta Mehnaz , Ninghui Li , Elisa Bertino
Decision-Based Adversarial Attacks: Reliable Attacks Against Black-Box Machine Learning Models

Many machine learning algorithms are vulnerable to almost imperceptible perturbations of their inputs. So far it was unclear how much risk adversarial perturbations carry for the safety of real-world machine learning applications because…

Machine Learning · Statistics 2018-02-19 Wieland Brendel , Jonas Rauber , Matthias Bethge
A Distortion Based Approach for Protecting Inferences

Eavesdropping attacks in inference systems aim to learn not the raw data, but the system inferences to predict and manipulate system actions. We argue that conventional information security measures can be ambiguous on the adversary's…

Information Theory · Computer Science 2017-05-09 Chi-Yo Tsai , Gaurav Kumar Agarwal , Christina Fragouli , Suhas Diggavi
Subspace Attack: Exploiting Promising Subspaces for Query-Efficient Black-box Attacks

Unlike the white-box counterparts that are widely studied and readily accessible, adversarial examples in black-box settings are generally more Herculean on account of the difficulty of estimating gradients. Many methods achieve the task by…

Computer Vision and Pattern Recognition · Computer Science 2019-06-12 Ziang Yan , Yiwen Guo , Changshui Zhang
‹ Prev 1 2 3 10 Next ›