Targeted Image Reconstruction by Sampling Pre-trained Diffusion Model
Jiageng Zheng
TL;DR
This paper explores how pre-trained diffusion models can be exploited to perform targeted image reconstruction attacks, revealing potential privacy risks associated with such models.
Contribution
It introduces methods for generating specific data points of a target class without prior knowledge, demonstrating a novel attack vector on diffusion models.
Findings
Successful targeted image reconstruction using diffusion models
Revealed privacy vulnerabilities in pre-trained models
Demonstrated potential for model inversion attacks
Abstract
A trained neural network model contains information on the training data. Given such a model, malicious parties can leverage the "knowledge" in this model and design ways to print out any usable information (known as model inversion attack). Therefore, it is valuable to explore the ways to conduct a such attack and demonstrate its severity. In this work, we proposed ways to generate a data point of the target class without prior knowledge of the exact target distribution by using a pre-trained diffusion model.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsMathematical Biology Tumor Growth · Generative Adversarial Networks and Image Synthesis · Adversarial Robustness in Machine Learning
MethodsDiffusion