PPO-MI: Efficient Black-Box Model Inversion via Proximal Policy Optimization
Xinpeng Shou
TL;DR
PPO-MI introduces a reinforcement learning framework using Proximal Policy Optimization for efficient black-box model inversion, enabling reconstruction of private data with fewer queries and less prior knowledge.
Contribution
It presents a novel RL-based approach that formulates model inversion as a Markov Decision Process, improving query efficiency and robustness in black-box settings.
Findings
Outperforms existing methods in accuracy and efficiency
Requires less prior knowledge for successful attacks
Demonstrates robustness across different models and datasets
Abstract
Model inversion attacks pose a significant privacy risk by attempting to reconstruct private training data from trained models. Most of the existing methods either depend on gradient estimation or require white-box access to model parameters, which limits their applicability in practical scenarios. In this paper, we propose PPO-MI, a novel reinforcement learning-based framework for black-box model inversion attacks. Our approach formulates the inversion task as a Markov Decision Process, where an agent navigates the latent space of a generative model to reconstruct private training samples using only model predictions. By employing Proximal Policy Optimization (PPO) with a momentum-based state transition mechanism, along with a reward function balancing prediction accuracy and exploration, PPO-MI ensures efficient latent space exploration and high query efficiency. We conduct extensive…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsSpeech Recognition and Synthesis · Machine Learning and Algorithms