Targeted Model Inversion: Distilling style encoded in predictions

Cited 0 time in webofscience Cited 0 time in scopus
  • Hit : 45
  • Download : 0
Previous model inversion (MI) research has demonstrated the feasibility of reconstructing images representative of specific classes, inadvertently revealing additional feature information. However, there are two remaining challenges for practical black-box MI: (1) minimizing the number of queries to the target model, and (2) reconstructing a high-quality input image tailored to an observed prediction vector. We introduce Targeted Model Inversion (TMI), a practical black-box MI attack. Our approach involves altering the mapping network in StyleGAN, which projects an observed prediction vector into a StyleGAN latent representation. Later, TMI leverages a surrogate model that is also derived from StyleGAN to guide instance-specific MI by optimizing the latent representation. These mapping and surrogate networks work together to conduct high-fidelity MI while significantly decreasing the number of necessary queries. Our experiments demonstrate that TMI outperforms state-of-the-art MI methods, demonstrating a new upper bound on the susceptibility to black-box MI attacks.
Publisher
ELSEVIER ADVANCED TECHNOLOGY
Issue Date
2024-09
Language
English
Article Type
Article
Citation

COMPUTERS SECURITY, v.144

ISSN
0167-4048
DOI
10.1016/j.cose.2024.103967
URI
http://hdl.handle.net/10203/322580
Appears in Collection
AI-Journal Papers(저널논문)CS-Journal Papers(저널논문)
Files in This Item
There are no files associated with this item.

qr_code

  • mendeley

    citeulike


rss_1.0 rss_2.0 atom_1.0