Adversarial Neural Network Inversion via Auxiliary Knowledge Alignment
Ziqi Yang, Ee-Chien Chang, Zhenkai Liang
TL;DR
This paper presents a novel adversarial neural network inversion method that leverages auxiliary knowledge and partial predictions to accurately reconstruct training data, raising privacy concerns in deep learning models.
Contribution
It introduces a new inversion technique using auxiliary knowledge and truncation-based alignment, effective even with limited model access and partial predictions.
Findings
Effective inversion with only partial predictions
Outperforms previous inversion approaches
Works across various datasets and model architectures
Abstract
The rise of deep learning technique has raised new privacy concerns about the training data and test data. In this work, we investigate the model inversion problem in the adversarial settings, where the adversary aims at inferring information about the target model's training data and test data from the model's prediction values. We develop a solution to train a second neural network that acts as the inverse of the target model to perform the inversion. The inversion model can be trained with black-box accesses to the target model. We propose two main techniques towards training the inversion model in the adversarial settings. First, we leverage the adversary's background knowledge to compose an auxiliary set to train the inversion model, which does not require access to the original training data. Second, we design a truncation-based technique to align the inversion model to enable…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Privacy-Preserving Technologies in Data · Domain Adaptation and Few-Shot Learning