From Black-box to Label-only: a Plug-and-Play Attack Network for Model Inversion
Huan Bao (Jinan University), Kaimin Wei (Jinan University), Yao Chen (Jinan University), Hanting Hou (Jinan University), Jinpeng Chen (Beijing University of Post and Telecommunication), Yongdong WU (Jinan University)
Huan Bao (Jinan University), Kaimin Wei (Jinan University), Yao Chen (Jinan University), Hanting Hou (Jinan University), Jinpeng Chen (Beijing University of Post and Telecommunication), Yongdong WU (Jinan University)
The 35th British Machine Vision Conference
Abstract
Model inversion (MI) attacks can reconstruct the private training data of deep neural networks. Nevertheless, existing black-box MI attacks significantly depend on the soft labels obtained from the classifier of the target model, which restricts their practicality. In this paper, we present a generic Plug \& Play Attack Network (PnPAN) for MI, which is the first general framework to transform black-box MI attacks into hard-label-only ones. The fundamental idea of this framework is to assess the existing latent code exclusively using hard labels and employ a pre-trained reverse network. This might make it possible to reconstruct the classifier of the target model with just hard labels. Extensive experimental results demonstrate our approach's performance superiority compared with the state-of-the-art label-only attack and its broad applicability.Citation
@inproceedings{Bao_2024_BMVC,
author = {Huan Bao and Kaimin Wei and Yao Chen and Hanting Hou and Jinpeng Chen and Yongdong WU},
title = {From Black-box to Label-only: a Plug-and-Play Attack Network for Model Inversion},
booktitle = {35th British Machine Vision Conference 2024, {BMVC} 2024, Glasgow, UK, November 25-28, 2024},
publisher = {BMVA},
year = {2024},
url = {https://papers.bmvc2024.org/0205.pdf}
}
Copyright © 2024
The British Machine Vision Conference is organised by