Reconstructing Training Data From Real World Models Trained with Transfer Learning

TL;DR

This paper introduces a novel data reconstruction method for high-resolution models trained with transfer learning, highlighting privacy risks and improving reconstruction quality in realistic scenarios.

Contribution

It adapts existing reconstruction techniques to high-resolution, transfer learning models and introduces a clustering-based method to identify accurate reconstructions without prior training set knowledge.

Findings

Effective reconstruction in realistic transfer learning settings

Identification of privacy risks related to data leakage

Improved reconstruction accuracy over previous methods

Abstract

Current methods for reconstructing training data from trained classifiers are restricted to very small models, limited training set sizes, and low-resolution images. Such restrictions hinder their applicability to real-world scenarios. In this paper, we present a novel approach enabling data reconstruction in realistic settings for models trained on high-resolution images. Our method adapts the reconstruction scheme of arXiv:2206.07758 to real-world scenarios -- specifically, targeting models trained via transfer learning over image embeddings of large pre-trained models like DINO-ViT and CLIP. Our work employs data reconstruction in the embedding space rather than in the image space, showcasing its applicability beyond visual data. Moreover, we introduce a novel clustering-based method to identify good reconstructions from thousands of candidates. This significantly improves on previous works that relied on knowledge of the training set to identify good reconstructed images. Our findings shed light on a potential privacy risk for data leakage from models trained using transfer learning.