English
Related papers

Related papers: Model Inversion Robustness: Can Transfer Learning …

200 papers
Improving Robustness to Model Inversion Attacks via Mutual Information Regularization

This paper studies defense mechanisms against model inversion (MI) attacks -- a type of privacy attacks aimed at inferring information about the training data distribution given the access to a target machine learning model. Existing…

Cryptography and Security · Computer Science 2020-09-23 Tianhao Wang , Yuheng Zhang , Ruoxi Jia
Knowledge-Enriched Distributional Model Inversion Attacks

Model inversion (MI) attacks are aimed at reconstructing training data from model parameters. Such attacks have triggered increasing concerns about privacy, especially given a growing number of online model repositories. However, existing…

Machine Learning · Computer Science 2021-08-20 Si Chen , Mostafa Kahla , Ruoxi Jia , Guo-Jun Qi
Privacy Leakage on DNNs: A Survey of Model Inversion Attacks and Defenses

Deep Neural Networks (DNNs) have revolutionized various domains with their exceptional performance across numerous applications. However, Model Inversion (MI) attacks, which disclose private information about the training dataset by abusing…

Computer Vision and Pattern Recognition · Computer Science 2024-09-12 Hao Fang , Yixiang Qiu , Hongyao Yu , Wenbo Yu , Jiawei Kong , Baoli Chong , Bin Chen , Xuan Wang , Shu-Tao Xia , Ke Xu
Model Inversion Attack via Dynamic Memory Learning

Model Inversion (MI) attacks aim to recover the private training data from the target model, which has raised security concerns about the deployment of DNNs in practice. Recent advances in generative adversarial models have rendered them…

Computer Vision and Pattern Recognition · Computer Science 2023-09-04 Gege Qi , YueFeng Chen , Xiaofeng Mao , Binyuan Hui , Xiaodan Li , Rong Zhang , Hui Xue
Re-thinking Model Inversion Attacks Against Deep Neural Networks

Model inversion (MI) attacks aim to infer and reconstruct private training data by abusing access to a model. MI attacks have raised concerns about the leaking of sensitive information (e.g. private face images used in training a face…

Machine Learning · Computer Science 2023-06-16 Ngoc-Bao Nguyen , Keshigeyan Chandrasegaran , Milad Abdollahzadeh , Ngai-Man Cheung
Trap-MID: Trapdoor-based Defense against Model Inversion Attacks

Model Inversion (MI) attacks pose a significant threat to the privacy of Deep Neural Networks by recovering training data distribution from well-trained models. While existing defenses often rely on regularization techniques to reduce…

Cryptography and Security · Computer Science 2024-11-26 Zhen-Ting Liu , Shang-Tse Chen
Deep Learning Model Inversion Attacks and Defenses: A Comprehensive Survey

The rapid adoption of deep learning in sensitive domains has brought tremendous benefits. However, this widespread adoption has also given rise to serious vulnerabilities, particularly model inversion (MI) attacks, posing a significant…

Cryptography and Security · Computer Science 2025-05-01 Wencheng Yang , Song Wang , Di Wu , Taotao Cai , Yanming Zhu , Shicheng Wei , Yiying Zhang , Xu Yang , Zhaohui Tang , Yan Li
Reconstructing Training Data from Diverse ML Models by Ensemble Inversion

Model Inversion (MI), in which an adversary abuses access to a trained Machine Learning (ML) model attempting to infer sensitive information about its original training data, has attracted increasing research attention. During MI, the…

Machine Learning · Computer Science 2021-11-09 Qian Wang , Daniel Kurz
Revisiting Model Inversion Evaluation: From Misleading Standards to Reliable Privacy Assessment

Model Inversion attacks aim to reconstruct information from private training data by exploiting access to a target model. Nearly all recent MI studies evaluate attack success using a standard framework that computes attack accuracy through…

Machine Learning · Computer Science 2026-05-15 Sy-Tuyen Ho , Koh Jun Hao , Ngoc-Bao Nguyen , Alexander Binder , Ngai-Man Cheung
MIBench: A Comprehensive Framework for Benchmarking Model Inversion Attack and Defense

Model Inversion (MI) attacks aim at leveraging the output information of target models to reconstruct privacy-sensitive training data, raising critical concerns regarding the privacy vulnerabilities of Deep Neural Networks (DNNs).…

Computer Vision and Pattern Recognition · Computer Science 2025-03-11 Yixiang Qiu , Hongyao Yu , Hao Fang , Tianqu Zhuang , Wenbo Yu , Bin Chen , Xuan Wang , Shu-Tao Xia , Ke Xu
Robust or Private? Adversarial Training Makes Models More Vulnerable to Privacy Attacks

Adversarial training was introduced as a way to improve the robustness of deep learning models to adversarial attacks. This training method improves robustness against adversarial attacks, but increases the models vulnerability to privacy…

Machine Learning · Computer Science 2019-06-18 Felipe A. Mejia , Paul Gamble , Zigfried Hampel-Arias , Michael Lomnitz , Nina Lopatina , Lucas Tindall , Maria Alejandra Barrios
Model Inversion Attacks Through Target-Specific Conditional Diffusion Models

Model inversion attacks (MIAs) aim to reconstruct private images from a target classifier's training set, thereby raising privacy concerns in AI applications. Previous GAN-based MIAs tend to suffer from inferior generative fidelity due to…

Computer Vision and Pattern Recognition · Computer Science 2024-11-22 Ouxiang Li , Yanbin Hao , Zhicai Wang , Bin Zhu , Shuo Wang , Zaixi Zhang , Fuli Feng
TMI! Finetuned Models Leak Private Information from their Pretraining Data

Transfer learning has become an increasingly popular technique in machine learning as a way to leverage a pretrained model trained for one task to assist with building a finetuned model for a related task. This paradigm has been especially…

Machine Learning · Computer Science 2024-10-18 John Abascal , Stanley Wu , Alina Oprea , Jonathan Ullman
MIST: Defending Against Membership Inference Attacks Through Membership-Invariant Subspace Training

In Member Inference (MI) attacks, the adversary try to determine whether an instance is used to train a machine learning (ML) model. MI attacks are a major privacy concern when using private data to train ML models. Most MI attacks in the…

Cryptography and Security · Computer Science 2024-05-30 Jiacheng Li , Ninghui Li , Bruno Ribeiro
Isolation and Induction: Training Robust Deep Neural Networks against Model Stealing Attacks

Despite the broad application of Machine Learning models as a Service (MLaaS), they are vulnerable to model stealing attacks. These attacks can replicate the model functionality by using the black-box query process without any prior…

Cryptography and Security · Computer Science 2023-08-04 Jun Guo , Aishan Liu , Xingyu Zheng , Siyuan Liang , Yisong Xiao , Yichao Wu , Xianglong Liu
Random Erasing vs. Model Inversion: A Promising Defense or a False Hope?

Model Inversion (MI) attacks pose a significant privacy threat by reconstructing private training data from machine learning models. While existing defenses primarily concentrate on model-centric approaches, the impact of data on MI…

Machine Learning · Computer Science 2025-08-07 Viet-Hung Tran , Ngoc-Bao Nguyen , Son T. Mai , Hans Vandierendonck , Ira Assent , Alex Kot , Ngai-Man Cheung
On the Vulnerability of Skip Connections to Model Inversion Attacks

Skip connections are fundamental architecture designs for modern deep neural networks (DNNs) such as CNNs and ViTs. While they help improve model performance significantly, we identify a vulnerability associated with skip connections to…

Computer Vision and Pattern Recognition · Computer Science 2024-09-04 Jun Hao Koh , Sy-Tuyen Ho , Ngoc-Bao Nguyen , Ngai-man Cheung
Do Vision-Language Models Leak What They Learn? Adaptive Token-Weighted Model Inversion Attacks

Model inversion (MI) attacks pose significant privacy risks by reconstructing private training data from trained neural networks. While prior studies have primarily examined unimodal deep networks, the vulnerability of vision-language…

Machine Learning · Computer Science 2026-03-03 Ngoc-Bao Nguyen , Sy-Tuyen Ho , Koh Jun Hao , Ngai-Man Cheung
Differentially Private and Adversarially Robust Machine Learning: An Empirical Evaluation

Malicious adversaries can attack machine learning models to infer sensitive information or damage the system by launching a series of evasion attacks. Although various work addresses privacy and security concerns, they focus on individual…

Machine Learning · Computer Science 2024-01-22 Janvi Thakkar , Giulio Zizzo , Sergio Maffeis
How to Combine Membership-Inference Attacks on Multiple Updated Models

A large body of research has shown that machine learning models are vulnerable to membership inference (MI) attacks that violate the privacy of the participants in the training data. Most MI research focuses on the case of a single…

Machine Learning · Computer Science 2022-05-16 Matthew Jagielski , Stanley Wu , Alina Oprea , Jonathan Ullman , Roxana Geambasu
‹ Prev 1 2 3 10 Next ›