Data-Free Model-Related Attacks: Unleashing the Potential of Generative AI

TL;DR

This paper explores how generative AI can be exploited for data-free, black-box attacks on deep learning models, revealing significant security risks and demonstrating attack effectiveness comparable to traditional white-box methods.

Contribution

It introduces novel data-free, black-box attack techniques using generative AI for model extraction, membership inference, and model inversion, highlighting new security vulnerabilities.

Findings

Adversaries can perform effective model attacks without training data.

Black-box attacks achieve performance similar to white-box methods.

Generative AI significantly expands attack capabilities on deep learning models.

Abstract

Generative AI technology has become increasingly integrated into our daily lives, offering powerful capabilities to enhance productivity. However, these same capabilities can be exploited by adversaries for malicious purposes. While existing research on adversarial applications of generative AI predominantly focuses on cyberattacks, less attention has been given to attacks targeting deep learning models. In this paper, we introduce the use of generative AI for facilitating model-related attacks, including model extraction, membership inference, and model inversion. Our study reveals that adversaries can launch a variety of model-related attacks against both image and text models in a data-free and black-box manner, achieving comparable performance to baseline methods that have access to the target models' training data and parameters in a white-box manner. This research serves as an important early warning to the community about the potential risks associated with generative AI-powered attacks on deep learning models.