Current browse context:
cs.LG
Change to browse by:
References & Citations
Computer Science > Machine Learning
Title: Plug & Play Attacks: Towards Robust and Flexible Model Inversion Attacks
(Submitted on 28 Jan 2022 (v1), last revised 9 Jun 2022 (this version, v4))
Abstract: Model inversion attacks (MIAs) aim to create synthetic images that reflect the class-wise characteristics from a target classifier's private training data by exploiting the model's learned knowledge. Previous research has developed generative MIAs that use generative adversarial networks (GANs) as image priors tailored to a specific target model. This makes the attacks time- and resource-consuming, inflexible, and susceptible to distributional shifts between datasets. To overcome these drawbacks, we present Plug & Play Attacks, which relax the dependency between the target model and image prior, and enable the use of a single GAN to attack a wide range of targets, requiring only minor adjustments to the attack. Moreover, we show that powerful MIAs are possible even with publicly available pre-trained GANs and under strong distributional shifts, for which previous approaches fail to produce meaningful results. Our extensive evaluation confirms the improved robustness and flexibility of Plug & Play Attacks and their ability to create high-quality images revealing sensitive class characteristics.
Submission history
From: Lukas Struppek [view email][v1] Fri, 28 Jan 2022 15:25:50 GMT (60546kb,D)
[v2] Wed, 2 Feb 2022 15:21:17 GMT (30275kb,D)
[v3] Tue, 7 Jun 2022 16:15:28 GMT (10719kb,D)
[v4] Thu, 9 Jun 2022 08:48:08 GMT (10719kb,D)
Link back to: arXiv, form interface, contact.