Model Inversion Attack
Model Inversion Attack
Short Description: Attacker uses model responses to recontruct training dataset.
CAT ID: CAT-2023-014
Layer: 7
Operational Scale: Operational
Level of Maturity: Proof of Concept
Category: Exploit
Subcategory:
Also Known As:
Description:
Brief Description:
Closely Related Concepts:
Mechanism:
Multipliers:
Detailed Description: Model Inversion Attacks utilize a model’s outputs as a means to reconstruct original training data sets or samples, potentially revealing sensitive information. A Model Inversion Attack requires awareness of model structure and outputs which the attacker uses to associate inputs and outputs. Through an iterative process, the attacker cumulatively reconstructs original input data. These attacks have the potential to reveal to sensitive training data[1].
INTERACTIONS [VETs]:
Examples:
Use Case Example(s):
Fredrikson et al[2] had adversarial access to an ML model, which they abused to reveal sensitive individual genomic information. This research team developed a new class of model inversion attack that both exploited confidence values and revealed predictions.
Example(s) From The Wild:
Comments:
References:
- ↑ https://saturncloud.io/glossary/model-inversion-attacks/
- ↑ Fredrikson, M., Jha, S., & Ristenpart, T. (2015, October). Model inversion attacks that exploit confidence information and basic countermeasures. In Proceedings of the 22nd ACM SIGSAC conference on computer and communications security (pp. 1322-1333).