From 173d8be180767f8631c41a6a47a4f90948ba33d8 Mon Sep 17 00:00:00 2001 From: Suha Sabi Hussain Date: Mon, 15 Mar 2021 14:41:26 -0400 Subject: [PATCH 01/28] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 2ff5434..5a9af16 100644 --- a/README.md +++ b/README.md @@ -131,6 +131,7 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**MIDAS: Model Inversion Defenses Using an Approximate Memory System**](https://ieeexplore.ieee.org/abstract/document/9358254) (Xu et al., 2021) - [**KART: Privacy Leakage Framework of Language Models Pre-trained with Clinical Records**](https://arxiv.org/abs/2101.00036) (Nakamura et al., 2020) - [**Derivation of Constraints from Machine Learning Models and Applications to Security and Privacy**](https://hal.archives-ouvertes.fr/hal-03091740/) (Falaschi et al., 2021) +- [**On the (In)Feasibility of Attribute Inference Attacks on Machine Learning Models**](https://arxiv.org/abs/2103.07101) (Zhao et al., 2021) ## Property inference From 51f242ec2fc9285a2cf3b02c9c95c59920844208 Mon Sep 17 00:00:00 2001 From: Suha Sabi Hussain Date: Mon, 15 Mar 2021 14:50:06 -0400 Subject: [PATCH 02/28] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 5a9af16..9636dbd 100644 --- a/README.md +++ b/README.md @@ -197,3 +197,4 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**Robust Membership Encoding: Inference Attacks and CopyrightProtection for Deep Learning**](https://arxiv.org/pdf/1909.12982.pdf) (Song and Shokri, 2020) - [**Quantifying Privacy Leakage in Graph Embedding**](https://arxiv.org/abs/2010.00906) (Duddu et al., 2020) - [**Quantifying and Mitigating Privacy Risks of Contrastive Learning**](https://arxiv.org/abs/2102.04140) (He and Zhang, 2021) +- [**Coded Machine Unlearning**](https://arxiv.org/abs/2012.15721) (Aldaghri et al., 2020) From fab6260304aa66dc38bcd6d2a18fc205bff8f0de Mon Sep 17 00:00:00 2001 From: MariaRigaki Date: Fri, 26 Mar 2021 10:34:33 +0100 Subject: [PATCH 03/28] Added an extraction paper with code --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 8761fdc..690f6a9 100644 --- a/README.md +++ b/README.md @@ -185,6 +185,7 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**Model Extraction and Defenses on Generative Adversarial Networks**](https://arxiv.org/abs/2101.02069) (Hu and Pang, 2021) - [**Protecting Decision Boundary of Machine Learning Model With Differentially Private Perturbation**](https://ieeexplore.ieee.org/abstract/document/9286504) (Zheng et al., 2021) - [**Special-Purpose Model Extraction Attacks: Stealing Coarse Model with Fewer Queries**](https://ieeexplore.ieee.org/abstract/document/9343086?casa_token=Fn4CtwOZsbQAAAAA:4n3tZGcwFochwREqn4fRWcmA9YeLRxikwB1LN8t2ui1NbRPHSHjTuoqHrSfP1vxXfecw0kobBQ) (Okada et al., 2021) +- [**Model Extraction and Adversarial Transferability, Your BERT is Vulnerable!**](https://arxiv.org/abs/2103.10013) (He et al., 2021) ([code](https://github.com/xlhex/extract_and_transfer)) # Other From 8a9fec89225caa0974313950f52ef0a97f3f13b8 Mon Sep 17 00:00:00 2001 From: Suha Sabi Hussain Date: Thu, 15 Apr 2021 15:31:50 -0400 Subject: [PATCH 04/28] Add split NN inversion paper --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 690f6a9..97a698c 100644 --- a/README.md +++ b/README.md @@ -133,6 +133,7 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**KART: Privacy Leakage Framework of Language Models Pre-trained with Clinical Records**](https://arxiv.org/abs/2101.00036) (Nakamura et al., 2020) - [**Derivation of Constraints from Machine Learning Models and Applications to Security and Privacy**](https://hal.archives-ouvertes.fr/hal-03091740/) (Falaschi et al., 2021) - [**On the (In)Feasibility of Attribute Inference Attacks on Machine Learning Models**](https://arxiv.org/abs/2103.07101) (Zhao et al., 2021) +- [**Practical Defences Against Model Inversion Attacks for Split Neural Networks**](https://arxiv.org/abs/2104.05743) (Titcombe et al., 2021) ## Property inference From 68669f9091d8db62ba49028d567c34059ec9de53 Mon Sep 17 00:00:00 2001 From: Suha Sabi Hussain Date: Sat, 17 Apr 2021 07:11:05 -0400 Subject: [PATCH 05/28] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 97a698c..753bc97 100644 --- a/README.md +++ b/README.md @@ -187,6 +187,7 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**Protecting Decision Boundary of Machine Learning Model With Differentially Private Perturbation**](https://ieeexplore.ieee.org/abstract/document/9286504) (Zheng et al., 2021) - [**Special-Purpose Model Extraction Attacks: Stealing Coarse Model with Fewer Queries**](https://ieeexplore.ieee.org/abstract/document/9343086?casa_token=Fn4CtwOZsbQAAAAA:4n3tZGcwFochwREqn4fRWcmA9YeLRxikwB1LN8t2ui1NbRPHSHjTuoqHrSfP1vxXfecw0kobBQ) (Okada et al., 2021) - [**Model Extraction and Adversarial Transferability, Your BERT is Vulnerable!**](https://arxiv.org/abs/2103.10013) (He et al., 2021) ([code](https://github.com/xlhex/extract_and_transfer)) +- [**Thief, Beware of What Get You There: Towards Understanding Model Extraction Attack**](https://arxiv.org/abs/2104.05921) (Zhang et al., 2021) # Other From c487a642d928ba0ca1ba8d17095d14a1165436d5 Mon Sep 17 00:00:00 2001 From: Suha Sabi Hussain Date: Sat, 17 Apr 2021 07:13:22 -0400 Subject: [PATCH 06/28] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 753bc97..45a6074 100644 --- a/README.md +++ b/README.md @@ -84,6 +84,7 @@ This repository contains a curated list of papers related to privacy attacks aga - [**Node-Level Membership Inference Attacks Against Graph Neural Networks**](https://arxiv.org/abs/2102.05429) (He et al., 2021) - [**Practical Blind Membership Inference Attack via Differential Comparisons**](https://arxiv.org/abs/2101.01341) (Hui et al., 2021) - [**ADePT: Auto-encoder based Differentially Private Text Transformation**](https://arxiv.org/abs/2102.01502) (Krishna et al., 2021) +- [**The Influence of Dropout on Membership Inference in Differentially Private Models**](https://arxiv.org/abs/2103.09008) (Galinkin, 2021) ## Reconstruction From 5ae97c33df93853d733ff5580fa15c20a112e95c Mon Sep 17 00:00:00 2001 From: Suha Sabi Hussain Date: Mon, 3 May 2021 11:54:04 -0400 Subject: [PATCH 07/28] Add privacy paper --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 45a6074..2564cce 100644 --- a/README.md +++ b/README.md @@ -203,3 +203,4 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**Quantifying Privacy Leakage in Graph Embedding**](https://arxiv.org/abs/2010.00906) (Duddu et al., 2020) - [**Quantifying and Mitigating Privacy Risks of Contrastive Learning**](https://arxiv.org/abs/2102.04140) (He and Zhang, 2021) - [**Coded Machine Unlearning**](https://arxiv.org/abs/2012.15721) (Aldaghri et al., 2020) +- [**Unlearnable Examples: Making Personal Data Unexploitable**](https://arxiv.org/abs/2101.04898) (Huang et al., 2021) From 1821a1c33690315463c3c1a94e72bb1541131a4e Mon Sep 17 00:00:00 2001 From: Suha Sabi Hussain Date: Mon, 3 May 2021 19:13:20 -0400 Subject: [PATCH 08/28] add paper --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 2564cce..259ed9d 100644 --- a/README.md +++ b/README.md @@ -135,6 +135,7 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**Derivation of Constraints from Machine Learning Models and Applications to Security and Privacy**](https://hal.archives-ouvertes.fr/hal-03091740/) (Falaschi et al., 2021) - [**On the (In)Feasibility of Attribute Inference Attacks on Machine Learning Models**](https://arxiv.org/abs/2103.07101) (Zhao et al., 2021) - [**Practical Defences Against Model Inversion Attacks for Split Neural Networks**](https://arxiv.org/abs/2104.05743) (Titcombe et al., 2021) +- [**R-GAP: Recursive Gradient Attack on Privacy**](https://arxiv.org/abs/2010.07733) (Zhu and Blaschko, 2021) ## Property inference From 9dc685703cd6d6c65da299299167fcc51f845652 Mon Sep 17 00:00:00 2001 From: Suha Sabi Hussain Date: Mon, 3 May 2021 19:39:55 -0400 Subject: [PATCH 09/28] Update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 259ed9d..bfacba2 100644 --- a/README.md +++ b/README.md @@ -190,6 +190,8 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**Special-Purpose Model Extraction Attacks: Stealing Coarse Model with Fewer Queries**](https://ieeexplore.ieee.org/abstract/document/9343086?casa_token=Fn4CtwOZsbQAAAAA:4n3tZGcwFochwREqn4fRWcmA9YeLRxikwB1LN8t2ui1NbRPHSHjTuoqHrSfP1vxXfecw0kobBQ) (Okada et al., 2021) - [**Model Extraction and Adversarial Transferability, Your BERT is Vulnerable!**](https://arxiv.org/abs/2103.10013) (He et al., 2021) ([code](https://github.com/xlhex/extract_and_transfer)) - [**Thief, Beware of What Get You There: Towards Understanding Model Extraction Attack**](https://arxiv.org/abs/2104.05921) (Zhang et al., 2021) +- [**Model Weight Theft With Just Noise Inputs: The Curious Case of the Petulant Attacker**](https://arxiv.org/abs/1912.08987) (Roberts et al., 2019) +- [**Protecting DNNs from Theft using an Ensemble of Diverse Models**](https://openreview.net/forum?id=LucJxySuJcE) (Kariyappa et al., 2021) # Other From 220b63e62914f0cdaa1cffb0c5f55cf79b1cb34c Mon Sep 17 00:00:00 2001 From: Suha Sabi Hussain Date: Tue, 4 May 2021 13:27:19 -0400 Subject: [PATCH 10/28] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index bfacba2..f808442 100644 --- a/README.md +++ b/README.md @@ -192,6 +192,7 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**Thief, Beware of What Get You There: Towards Understanding Model Extraction Attack**](https://arxiv.org/abs/2104.05921) (Zhang et al., 2021) - [**Model Weight Theft With Just Noise Inputs: The Curious Case of the Petulant Attacker**](https://arxiv.org/abs/1912.08987) (Roberts et al., 2019) - [**Protecting DNNs from Theft using an Ensemble of Diverse Models**](https://openreview.net/forum?id=LucJxySuJcE) (Kariyappa et al., 2021) +- [**Information Laundering for Model Privacy**](https://arxiv.org/abs/2009.06112) (Wang et al., 2021) # Other From 38d05fc0d92565d1a107ab6c077a5c436333734c Mon Sep 17 00:00:00 2001 From: Suha Sabi Hussain Date: Tue, 4 May 2021 14:13:19 -0400 Subject: [PATCH 11/28] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index f808442..49e022a 100644 --- a/README.md +++ b/README.md @@ -193,6 +193,7 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**Model Weight Theft With Just Noise Inputs: The Curious Case of the Petulant Attacker**](https://arxiv.org/abs/1912.08987) (Roberts et al., 2019) - [**Protecting DNNs from Theft using an Ensemble of Diverse Models**](https://openreview.net/forum?id=LucJxySuJcE) (Kariyappa et al., 2021) - [**Information Laundering for Model Privacy**](https://arxiv.org/abs/2009.06112) (Wang et al., 2021) +- [**Deep Neural Network Fingerprinting by Conferrable Adversarial Examples**](https://arxiv.org/abs/1912.00888) (Lukas et al., 2021) # Other From 69d27b10770fb05b424541f1103befb0f039ae56 Mon Sep 17 00:00:00 2001 From: Suha Sabi Hussain Date: Wed, 5 May 2021 16:53:15 -0400 Subject: [PATCH 12/28] Add property inference paper --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 49e022a..df86247 100644 --- a/README.md +++ b/README.md @@ -145,6 +145,7 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**Overlearning Reveals Sensitive Attributes**](https://openreview.net/pdf?id=SJeNz04tDS) (Song C. et al., 2020) ([code](https://drive.google.com/file/d/1hu0PhN3pWXe6LobxiPFeYBm8L-vQX2zJ/view?usp=sharing)) - [**Subject Property Inference Attack in Collaborative Learning**](https://ieeexplore.ieee.org/document/9204357) (Xu and Li, 2020) - [**Property Inference From Poisoning**](https://arxiv.org/abs/2101.11073) (Chase et al., 2021) +- [**Property Inference Attacks on Convolutional Neural Networks: Influence and Implications of Target Model's Complexity**](https://arxiv.org/abs/2104.13061) (Parisot et al., 2021) ## Model extraction From 465ac0ed2478cabbfb360f578aa1674206de0d74 Mon Sep 17 00:00:00 2001 From: Suha Sabi Hussain Date: Wed, 5 May 2021 16:56:31 -0400 Subject: [PATCH 13/28] Add model inversion paper --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index df86247..42122f3 100644 --- a/README.md +++ b/README.md @@ -136,6 +136,7 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**On the (In)Feasibility of Attribute Inference Attacks on Machine Learning Models**](https://arxiv.org/abs/2103.07101) (Zhao et al., 2021) - [**Practical Defences Against Model Inversion Attacks for Split Neural Networks**](https://arxiv.org/abs/2104.05743) (Titcombe et al., 2021) - [**R-GAP: Recursive Gradient Attack on Privacy**](https://arxiv.org/abs/2010.07733) (Zhu and Blaschko, 2021) +- [**Exploiting Explanations for Model Inversion Attacks**](https://arxiv.org/abs/2104.12669) (Zhao et al., 2021) ## Property inference From 1b9dec6a4972169b011e3be3cde6c28f68251ab7 Mon Sep 17 00:00:00 2001 From: Suha Sabi Hussain Date: Wed, 5 May 2021 22:48:27 -0400 Subject: [PATCH 14/28] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 42122f3..70a707a 100644 --- a/README.md +++ b/README.md @@ -196,6 +196,7 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**Protecting DNNs from Theft using an Ensemble of Diverse Models**](https://openreview.net/forum?id=LucJxySuJcE) (Kariyappa et al., 2021) - [**Information Laundering for Model Privacy**](https://arxiv.org/abs/2009.06112) (Wang et al., 2021) - [**Deep Neural Network Fingerprinting by Conferrable Adversarial Examples**](https://arxiv.org/abs/1912.00888) (Lukas et al., 2021) +- [**BODAME: Bilevel Optimization for Defense Against Model Extraction**](https://arxiv.org/abs/2103.06797) (Mori et al., 2021) # Other From cc0b7cdca31180ff50a4a96807f239e1895699fd Mon Sep 17 00:00:00 2001 From: Suha Sabi Hussain Date: Thu, 6 May 2021 01:44:19 -0400 Subject: [PATCH 15/28] Add model extraction paper --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 70a707a..a9cc269 100644 --- a/README.md +++ b/README.md @@ -197,6 +197,7 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**Information Laundering for Model Privacy**](https://arxiv.org/abs/2009.06112) (Wang et al., 2021) - [**Deep Neural Network Fingerprinting by Conferrable Adversarial Examples**](https://arxiv.org/abs/1912.00888) (Lukas et al., 2021) - [**BODAME: Bilevel Optimization for Defense Against Model Extraction**](https://arxiv.org/abs/2103.06797) (Mori et al., 2021) +- [**Dataset Inference: Ownership Resolution in Machine Learning**](https://openreview.net/forum?id=hvdKKV2yt7T) (Maini et al., 2021) # Other From 3eba3c558d29d4c0c0933505d338b692d93d1c17 Mon Sep 17 00:00:00 2001 From: Suha Sabi Hussain Date: Tue, 11 May 2021 17:22:56 -0400 Subject: [PATCH 16/28] Update README.md --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index a9cc269..2207db0 100644 --- a/README.md +++ b/README.md @@ -213,3 +213,4 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**Quantifying and Mitigating Privacy Risks of Contrastive Learning**](https://arxiv.org/abs/2102.04140) (He and Zhang, 2021) - [**Coded Machine Unlearning**](https://arxiv.org/abs/2012.15721) (Aldaghri et al., 2020) - [**Unlearnable Examples: Making Personal Data Unexploitable**](https://arxiv.org/abs/2101.04898) (Huang et al., 2021) +- [**Measuring Data Leakage in Machine-Learning Models with Fisher Information**](https://arxiv.org/abs/2102.11673) (Hannun et al., 2021) From ceb14a144db72cb84fc1856df0b9563e5d18e561 Mon Sep 17 00:00:00 2001 From: Maria Rigaki Date: Wed, 12 May 2021 11:52:30 +0200 Subject: [PATCH 17/28] Fixed bullet point and moved the Carlini paper to reconstruction attacks --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 690f6a9..4df10d8 100644 --- a/README.md +++ b/README.md @@ -129,6 +129,7 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**MixCon: Adjusting the Separability of Data Representations for Harder Data Recovery**](https://arxiv.org/abs/2010.11463) (Li et al., 2020) - [**Evaluation of Inference Attack Models for Deep Learning on Medical Data**](https://arxiv.org/abs/2011.00177) (Wu et al., 2020) - [**FaceLeaks: Inference Attacks against Transfer Learning Models via Black-box Queries**](https://arxiv.org/abs/2010.14023) (Liew and Takahashi, 2020) +- [**Extracting Training Data from Large Language Models**](https://arxiv.org/abs/2012.07805) (Carlini et al., 2020) - [**MIDAS: Model Inversion Defenses Using an Approximate Memory System**](https://ieeexplore.ieee.org/abstract/document/9358254) (Xu et al., 2021) - [**KART: Privacy Leakage Framework of Language Models Pre-trained with Clinical Records**](https://arxiv.org/abs/2101.00036) (Nakamura et al., 2020) - [**Derivation of Constraints from Machine Learning Models and Applications to Security and Privacy**](https://hal.archives-ouvertes.fr/hal-03091740/) (Falaschi et al., 2021) @@ -176,11 +177,10 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**ES Attack: Model Stealing against Deep Neural Networks without Data Hurdles**](https://arxiv.org/abs/2009.09560) (Yuan et al., 2020) - [**Black-Box Ripper: Copying black-box models using generative evolutionary algorithms**](https://arxiv.org/abs/2010.11158) (Barbalau et al., 2020) ([code](https://github.com/antoniobarbalau/black-box-ripper)) - [**Model Extraction Attacks on Graph Neural Networks: Taxonomy and Realization**](https://arxiv.org/abs/2010.12751) (Wu et al., 2020) -- [**Extracting Training Data from Large Language Models**](https://arxiv.org/abs/2012.07805) (Carlini et al., 2020) - [**Model Extraction Attacks and Defenses on Cloud-Based Machine Learning Models**](https://ieeexplore.ieee.org/abstract/document/9311938?casa_token=f_8Lg24vAQkAAAAA:A7P5ym7bTLFIJZtL2yGorscyQC2R1WGJUKzcO-pn8wADHus0w8NArN-nv0JFcKYhwwQFeCaptQ) (Gong et al., 2020) - [**Leveraging Extracted Model Adversaries for Improved Black Box Attacks**](https://arxiv.org/abs/2010.16336) (Nizar and Kobren, 2020) - [**Differentially Private Machine Learning Model against Model Extraction Attack**](https://ieeexplore.ieee.org/abstract/document/9291542) (Cheng et al., 2020) -- - [**Model Extraction Attacks and Defenses on Cloud-Based Machine Learning Models**](https://ieeexplore.ieee.org/abstract/document/9311938?casa_token=YP1PeB4XPqEAAAAA:q1Ni88642UTpBQ8r7jUe9tbWjMWG9lw3v8CK4g1q7V-ZShK0KonYuMiapY4rXDfKVNST6xLtSw) (Gong et al., 2020) +- [**Model Extraction Attacks and Defenses on Cloud-Based Machine Learning Models**](https://ieeexplore.ieee.org/abstract/document/9311938?casa_token=YP1PeB4XPqEAAAAA:q1Ni88642UTpBQ8r7jUe9tbWjMWG9lw3v8CK4g1q7V-ZShK0KonYuMiapY4rXDfKVNST6xLtSw) (Gong et al., 2020) - [**Stealing Neural Network Models through the Scan Chain: A New Threat for ML Hardware**](https://eprint.iacr.org/2021/167) (Potluri and Aysu, 2021) - [**Model Extraction and Defenses on Generative Adversarial Networks**](https://arxiv.org/abs/2101.02069) (Hu and Pang, 2021) - [**Protecting Decision Boundary of Machine Learning Model With Differentially Private Perturbation**](https://ieeexplore.ieee.org/abstract/document/9286504) (Zheng et al., 2021) From 094f0b4d2df905c44673eed25b39cb8d94701d4b Mon Sep 17 00:00:00 2001 From: Maria Rigaki Date: Wed, 12 May 2021 12:03:38 +0200 Subject: [PATCH 18/28] Added latest papers --- README.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 4df10d8..437c980 100644 --- a/README.md +++ b/README.md @@ -84,6 +84,8 @@ This repository contains a curated list of papers related to privacy attacks aga - [**Node-Level Membership Inference Attacks Against Graph Neural Networks**](https://arxiv.org/abs/2102.05429) (He et al., 2021) - [**Practical Blind Membership Inference Attack via Differential Comparisons**](https://arxiv.org/abs/2101.01341) (Hui et al., 2021) - [**ADePT: Auto-encoder based Differentially Private Text Transformation**](https://arxiv.org/abs/2102.01502) (Krishna et al., 2021) +- [**Membership Inference Attack Susceptibility of Clinical Language Models**](https://arxiv.org/abs/2104.08305) (Jagannatha et al., 2021) +- [**Membership Inference Attacks on Knowledge Graphs**](https://arxiv.org/abs/2104.08273) (Wang & Sun, 2021) ## Reconstruction @@ -134,7 +136,7 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**KART: Privacy Leakage Framework of Language Models Pre-trained with Clinical Records**](https://arxiv.org/abs/2101.00036) (Nakamura et al., 2020) - [**Derivation of Constraints from Machine Learning Models and Applications to Security and Privacy**](https://hal.archives-ouvertes.fr/hal-03091740/) (Falaschi et al., 2021) - [**On the (In)Feasibility of Attribute Inference Attacks on Machine Learning Models**](https://arxiv.org/abs/2103.07101) (Zhao et al., 2021) - +- [**Exploiting Explanations for Model Inversion Attacks**](https://arxiv.org/abs/2104.12669) (Zhao et al., 2021) ## Property inference - [**Hacking smart machines with smarter ones: How to extract meaningful data from machine learning classifiers**](https://dl.acm.org/doi/10.1504/IJSN.2015.071829) (Ateniese et al., 2015) @@ -143,6 +145,7 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**Overlearning Reveals Sensitive Attributes**](https://openreview.net/pdf?id=SJeNz04tDS) (Song C. et al., 2020) ([code](https://drive.google.com/file/d/1hu0PhN3pWXe6LobxiPFeYBm8L-vQX2zJ/view?usp=sharing)) - [**Subject Property Inference Attack in Collaborative Learning**](https://ieeexplore.ieee.org/document/9204357) (Xu and Li, 2020) - [**Property Inference From Poisoning**](https://arxiv.org/abs/2101.11073) (Chase et al., 2021) +- [**Property Inference Attacks on Convolutional Neural Networks: Influence and Implications of Target Model's Complexity**](https://arxiv.org/abs/2104.13061) (Parisot et al., 2021) ## Model extraction @@ -186,6 +189,7 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**Protecting Decision Boundary of Machine Learning Model With Differentially Private Perturbation**](https://ieeexplore.ieee.org/abstract/document/9286504) (Zheng et al., 2021) - [**Special-Purpose Model Extraction Attacks: Stealing Coarse Model with Fewer Queries**](https://ieeexplore.ieee.org/abstract/document/9343086?casa_token=Fn4CtwOZsbQAAAAA:4n3tZGcwFochwREqn4fRWcmA9YeLRxikwB1LN8t2ui1NbRPHSHjTuoqHrSfP1vxXfecw0kobBQ) (Okada et al., 2021) - [**Model Extraction and Adversarial Transferability, Your BERT is Vulnerable!**](https://arxiv.org/abs/2103.10013) (He et al., 2021) ([code](https://github.com/xlhex/extract_and_transfer)) +- [**Good Artists Copy, Great Artists Steal: Model Extraction Attacks Against Image Translation Generative Adversarial Networks**](https://arxiv.org/abs/2104.12623) (Szyller et al., 2021) # Other From 72e0e86441e36c6871d2f546621cde042a23876f Mon Sep 17 00:00:00 2001 From: Mohammad Malekzadeh Date: Thu, 3 Jun 2021 16:59:32 +0100 Subject: [PATCH 19/28] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 963051a..6421b6e 100644 --- a/README.md +++ b/README.md @@ -150,7 +150,7 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**Subject Property Inference Attack in Collaborative Learning**](https://ieeexplore.ieee.org/document/9204357) (Xu and Li, 2020) - [**Property Inference From Poisoning**](https://arxiv.org/abs/2101.11073) (Chase et al., 2021) - [**Property Inference Attacks on Convolutional Neural Networks: Influence and Implications of Target Model's Complexity**](https://arxiv.org/abs/2104.13061) (Parisot et al., 2021) - +- [**Honest-but-Curious Nets: Sensitive Attributes of Private Inputs can be Secretly Coded into the Entropy of Classifiers' Outputs**](https://arxiv.org/abs/2105.12049) (Malekzadeh et al. 2021) ## Model extraction - [**Stealing machine learning models via prediction apis**](https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_tramer.pdf) (Tramèr et al., 2016) ([code](https://github.com/ftramer/Steal-ML)) From 334f11ed9a36d44898b9a92966768b583a43bf7d Mon Sep 17 00:00:00 2001 From: Mohammad Malekzadeh Date: Thu, 3 Jun 2021 17:03:10 +0100 Subject: [PATCH 20/28] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 6421b6e..8143162 100644 --- a/README.md +++ b/README.md @@ -150,7 +150,7 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**Subject Property Inference Attack in Collaborative Learning**](https://ieeexplore.ieee.org/document/9204357) (Xu and Li, 2020) - [**Property Inference From Poisoning**](https://arxiv.org/abs/2101.11073) (Chase et al., 2021) - [**Property Inference Attacks on Convolutional Neural Networks: Influence and Implications of Target Model's Complexity**](https://arxiv.org/abs/2104.13061) (Parisot et al., 2021) -- [**Honest-but-Curious Nets: Sensitive Attributes of Private Inputs can be Secretly Coded into the Entropy of Classifiers' Outputs**](https://arxiv.org/abs/2105.12049) (Malekzadeh et al. 2021) +- [**Honest-but-Curious Nets: Sensitive Attributes of Private Inputs can be Secretly Coded into the Entropy of Classifiers' Outputs**](https://arxiv.org/abs/2105.12049) (Malekzadeh et al. 2021) ([code](https://github.com/mmalekzadeh/honest-but-curious-nets)) ## Model extraction - [**Stealing machine learning models via prediction apis**](https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_tramer.pdf) (Tramèr et al., 2016) ([code](https://github.com/ftramer/Steal-ML)) From 55494f413f40945ce61fe1f72f732eb146d5c7e2 Mon Sep 17 00:00:00 2001 From: Suha Sabi Hussain <17119557+suhacker1@users.noreply.github.com> Date: Fri, 9 Jul 2021 02:26:48 -0400 Subject: [PATCH 21/28] Add more papers --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 8143162..9101e77 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,7 @@ This repository contains a curated list of papers related to privacy attacks aga - [**Privacy and Security Issues in Deep Learning: A Survey**](https://ieeexplore.ieee.org/abstract/document/9294026) (Liu et al., 2021) - [**ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models**](https://arxiv.org/abs/2102.02551) (Liu et al., 2021) - [**Membership Inference Attacks on Machine Learning: A Survey**](https://arxiv.org/abs/2103.07853) (Hu et al., 2021) +- [**Survey: Leakage and Privacy at Inference Time**](https://arxiv.org/abs/2107.01614) (Jegorova et al., 2021) # Privacy Testing Tools - [**PrivacyRaven**](https://github.com/trailofbits/PrivacyRaven) (Trail of Bits) @@ -87,6 +88,8 @@ This repository contains a curated list of papers related to privacy attacks aga - [**The Influence of Dropout on Membership Inference in Differentially Private Models**](https://arxiv.org/abs/2103.09008) (Galinkin, 2021) - [**Membership Inference Attack Susceptibility of Clinical Language Models**](https://arxiv.org/abs/2104.08305) (Jagannatha et al., 2021) - [**Membership Inference Attacks on Knowledge Graphs**](https://arxiv.org/abs/2104.08273) (Wang & Sun, 2021) +- [**When Does Data Augmentation Help With Membership Inference Attacks?**](http://proceedings.mlr.press/v139/kaya21a.html) (Kaya and Dumitras, 2021) +- [**The Influence of Training Parameters and Architectural Choices on the Vulnerability of Neural Networks to Membership Inference Attacks**](https://www.mi.fu-berlin.de/inf/groups/ag-idm/theseses/2021_oussama_bouanani_bsc_thesis.pdf) (Bouanani, 2021) ## Reconstruction @@ -140,6 +143,7 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**Practical Defences Against Model Inversion Attacks for Split Neural Networks**](https://arxiv.org/abs/2104.05743) (Titcombe et al., 2021) - [**R-GAP: Recursive Gradient Attack on Privacy**](https://arxiv.org/abs/2010.07733) (Zhu and Blaschko, 2021) - [**Exploiting Explanations for Model Inversion Attacks**](https://arxiv.org/abs/2104.12669) (Zhao et al., 2021) +- [**SAFELearn: Secure Aggregation for private FEderated Learning**](https://encrypto.de/papers/FMMMMNRSSYZ21.pdf) (Fereidooni et al., 2021) ## Property inference @@ -217,3 +221,5 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**Coded Machine Unlearning**](https://arxiv.org/abs/2012.15721) (Aldaghri et al., 2020) - [**Unlearnable Examples: Making Personal Data Unexploitable**](https://arxiv.org/abs/2101.04898) (Huang et al., 2021) - [**Measuring Data Leakage in Machine-Learning Models with Fisher Information**](https://arxiv.org/abs/2102.11673) (Hannun et al., 2021) +- [**Teacher Model Fingerprinting Attacks Against Transfer Learning**](https://arxiv.org/abs/2106.12478) (Chen et al, 2021) +- [**Bounding Information Leakage in Machine Learning**](https://arxiv.org/abs/2105.03875) (Del Grosso et al., 2021) From b78af51ef3732e3cd674b1a21ec937145d7ff3e1 Mon Sep 17 00:00:00 2001 From: Suha Sabi Hussain <17119557+suhacker1@users.noreply.github.com> Date: Fri, 9 Jul 2021 02:38:05 -0400 Subject: [PATCH 22/28] Update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 9101e77..b893893 100644 --- a/README.md +++ b/README.md @@ -223,3 +223,5 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**Measuring Data Leakage in Machine-Learning Models with Fisher Information**](https://arxiv.org/abs/2102.11673) (Hannun et al., 2021) - [**Teacher Model Fingerprinting Attacks Against Transfer Learning**](https://arxiv.org/abs/2106.12478) (Chen et al, 2021) - [**Bounding Information Leakage in Machine Learning**](https://arxiv.org/abs/2105.03875) (Del Grosso et al., 2021) +- [**RoFL: Attestable Robustness for Secure Federated Learning**](https://arxiv.org/abs/2107.03311) +- From 0b84ebd0b9c3bd6c1723aaaacbd1ba521ff4d1d9 Mon Sep 17 00:00:00 2001 From: Suha Sabi Hussain <17119557+suhacker1@users.noreply.github.com> Date: Fri, 9 Jul 2021 02:38:24 -0400 Subject: [PATCH 23/28] Update README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index b893893..8175234 100644 --- a/README.md +++ b/README.md @@ -224,4 +224,3 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**Teacher Model Fingerprinting Attacks Against Transfer Learning**](https://arxiv.org/abs/2106.12478) (Chen et al, 2021) - [**Bounding Information Leakage in Machine Learning**](https://arxiv.org/abs/2105.03875) (Del Grosso et al., 2021) - [**RoFL: Attestable Robustness for Secure Federated Learning**](https://arxiv.org/abs/2107.03311) -- From 8ba0714532f179a8e6ec7b0bbf94198b01b0360a Mon Sep 17 00:00:00 2001 From: Suha Sabi Hussain <17119557+suhacker1@users.noreply.github.com> Date: Fri, 9 Jul 2021 03:05:11 -0400 Subject: [PATCH 24/28] Update README.md --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 8175234..0baa279 100644 --- a/README.md +++ b/README.md @@ -90,6 +90,7 @@ This repository contains a curated list of papers related to privacy attacks aga - [**Membership Inference Attacks on Knowledge Graphs**](https://arxiv.org/abs/2104.08273) (Wang & Sun, 2021) - [**When Does Data Augmentation Help With Membership Inference Attacks?**](http://proceedings.mlr.press/v139/kaya21a.html) (Kaya and Dumitras, 2021) - [**The Influence of Training Parameters and Architectural Choices on the Vulnerability of Neural Networks to Membership Inference Attacks**](https://www.mi.fu-berlin.de/inf/groups/ag-idm/theseses/2021_oussama_bouanani_bsc_thesis.pdf) (Bouanani, 2021) +- [**Membership Inference on Word Embedding and Beyond**](https://arxiv.org/abs/2106.11384) (Mahloujifar et al., 2021) ## Reconstruction @@ -144,6 +145,7 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**R-GAP: Recursive Gradient Attack on Privacy**](https://arxiv.org/abs/2010.07733) (Zhu and Blaschko, 2021) - [**Exploiting Explanations for Model Inversion Attacks**](https://arxiv.org/abs/2104.12669) (Zhao et al., 2021) - [**SAFELearn: Secure Aggregation for private FEderated Learning**](https://encrypto.de/papers/FMMMMNRSSYZ21.pdf) (Fereidooni et al., 2021) +- [**Does BERT Pretrained on Clinical Notes Reveal Sensitive Data?**](https://arxiv.org/abs/2104.07762) (Lehman et al., 2021) ## Property inference From ea8bcee6ea95d1a09f6fe9a3a41fda66e971cc1b Mon Sep 17 00:00:00 2001 From: Suha Sabi Hussain <17119557+suhacker1@users.noreply.github.com> Date: Fri, 9 Jul 2021 03:07:03 -0400 Subject: [PATCH 25/28] Update README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 0baa279..e788379 100644 --- a/README.md +++ b/README.md @@ -130,7 +130,6 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**SAPAG: A Self-Adaptive Privacy Attack From Gradients**](https://arxiv.org/abs/2009.06228) (Wang et al., 2020) - [**Theory-Oriented Deep Leakage from Gradients via Linear Equation Solver**](https://arxiv.org/abs/2010.13356) (Pan et al., 2020) - [**Improved Techniques for Model Inversion Attacks**](https://arxiv.org/abs/2010.04092) (Chen et al., 2020) -- [**KART: Privacy Leakage Framework of Language Models Pre-trained with Clinical Records**](https://arxiv.org/abs/2101.00036) (Nakamura et al., 2020) - [**Black-box Model Inversion Attribute Inference Attacks on Classification Models**](https://arxiv.org/abs/2012.03404) (Mehnaz et al., 2020) - [**Deep Face Recognizer Privacy Attack: Model Inversion Initialization by a Deep Generative Adversarial Data Space Discriminator**](https://ieeexplore.ieee.org/abstract/document/9306253?casa_token=H78uIRJ2smYAAAAA:iQiA_5d2a2mbH4oBF9EZwSjakAz3Muq3ZOkNDBkK_fLq19PEMGEvpipyli7d9SGKESglqIb9Ug) (Khosravy et al., 2020) - [**MixCon: Adjusting the Separability of Data Representations for Harder Data Recovery**](https://arxiv.org/abs/2010.11463) (Li et al., 2020) @@ -146,6 +145,8 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**Exploiting Explanations for Model Inversion Attacks**](https://arxiv.org/abs/2104.12669) (Zhao et al., 2021) - [**SAFELearn: Secure Aggregation for private FEderated Learning**](https://encrypto.de/papers/FMMMMNRSSYZ21.pdf) (Fereidooni et al., 2021) - [**Does BERT Pretrained on Clinical Notes Reveal Sensitive Data?**](https://arxiv.org/abs/2104.07762) (Lehman et al., 2021) +- [**Training Data Leakage Analysis in Language Models**](https://arxiv.org/abs/2101.05405) (Inan et al., 2021) +- ## Property inference From cb64b4efa19a3ee2d6e258b5cf82128b8d200539 Mon Sep 17 00:00:00 2001 From: Suha Sabi Hussain Date: Fri, 27 Aug 2021 15:36:12 -0400 Subject: [PATCH 26/28] Update README.md --- README.md | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index e788379..b104f57 100644 --- a/README.md +++ b/README.md @@ -21,6 +21,7 @@ This repository contains a curated list of papers related to privacy attacks aga - [**ML-Doctor: Holistic Risk Assessment of Inference Attacks Against Machine Learning Models**](https://arxiv.org/abs/2102.02551) (Liu et al., 2021) - [**Membership Inference Attacks on Machine Learning: A Survey**](https://arxiv.org/abs/2103.07853) (Hu et al., 2021) - [**Survey: Leakage and Privacy at Inference Time**](https://arxiv.org/abs/2107.01614) (Jegorova et al., 2021) +- [**A Review of Confidentiality Threats Against Embedded Neural Network Models**](https://arxiv.org/abs/2105.01401) (Joud et al., 2021) # Privacy Testing Tools - [**PrivacyRaven**](https://github.com/trailofbits/PrivacyRaven) (Trail of Bits) @@ -91,6 +92,7 @@ This repository contains a curated list of papers related to privacy attacks aga - [**When Does Data Augmentation Help With Membership Inference Attacks?**](http://proceedings.mlr.press/v139/kaya21a.html) (Kaya and Dumitras, 2021) - [**The Influence of Training Parameters and Architectural Choices on the Vulnerability of Neural Networks to Membership Inference Attacks**](https://www.mi.fu-berlin.de/inf/groups/ag-idm/theseses/2021_oussama_bouanani_bsc_thesis.pdf) (Bouanani, 2021) - [**Membership Inference on Word Embedding and Beyond**](https://arxiv.org/abs/2106.11384) (Mahloujifar et al., 2021) +- [**TableGAN-MCA: Evaluating Membership Collisions of GAN-Synthesized Tabular Data Releasing**](https://arxiv.org/abs/2107.13190) (Hu et al., 2021) ## Reconstruction @@ -146,7 +148,12 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**SAFELearn: Secure Aggregation for private FEderated Learning**](https://encrypto.de/papers/FMMMMNRSSYZ21.pdf) (Fereidooni et al., 2021) - [**Does BERT Pretrained on Clinical Notes Reveal Sensitive Data?**](https://arxiv.org/abs/2104.07762) (Lehman et al., 2021) - [**Training Data Leakage Analysis in Language Models**](https://arxiv.org/abs/2101.05405) (Inan et al., 2021) -- +- [**Exploiting Explanations for Model Inversion Attacks**](https://arxiv.org/abs/2104.12669) (Zhao et al., 2021) +- [**Model Fragmentation, Shuffle and Aggregation to Mitigate Model Inversion in Federated Learning**](https://ieeexplore.ieee.org/abstract/document/9478813?casa_token=047c6zFuwm4AAAAA:h6qWPCm6WXUbtVgk1iATPshiPMfvGEp6lVUrblEm8P2tRX4OIDEDpnzICVwYveoENEnH6Ig-yg) (Masude et al., 2021) +- [**PRECODE - A Generic Model Extension to Prevent Deep Gradient Leakage**](https://arxiv.org/abs/2108.04725) (Scheliga et al., 2021) +- [**On the Importance of Encrypting Deep Features**](https://arxiv.org/abs/2108.07147) (Ni et al., 2021) +- [**Defending Against Model Inversion Attack by Adversarial Examples**](https://www.cs.hku.hk/data/techreps/document/TR-2021-03.pdf) (Wen et al., 2021) +- [****]() (et al., 2021) ## Property inference @@ -208,6 +215,11 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**BODAME: Bilevel Optimization for Defense Against Model Extraction**](https://arxiv.org/abs/2103.06797) (Mori et al., 2021) - [**Dataset Inference: Ownership Resolution in Machine Learning**](https://openreview.net/forum?id=hvdKKV2yt7T) (Maini et al., 2021) - [**Good Artists Copy, Great Artists Steal: Model Extraction Attacks Against Image Translation Generative Adversarial Networks**](https://arxiv.org/abs/2104.12623) (Szyller et al., 2021) +- [**Towards Characterizing Model Extraction Queries and How to Detect Them**](https://www2.eecs.berkeley.edu/Pubs/TechRpts/2021/EECS-2021-126.pdf) (Zhang et al., 2021) +- [**Hardness of Samples Is All You Need: Protecting Deep Learning Models Using Hardness of Samples**](https://arxiv.org/abs/2106.11424) (Sadeghzadeh et al., 2021) +- [**Stateful Detection of Model Extraction Attacks**](https://arxiv.org/abs/2107.05166) (Pal et al., 2021) +- [**MEGEX: Data-Free Model Extraction Attack against Gradient-Based Explainable AI**](https://arxiv.org/abs/2107.08909) (Miura et al., 2021) +- [**INVERSENET: Augmenting Model Extraction Attacks with Training Data Inversion**](https://www.ijcai.org/proceedings/2021/0336.pdf) (Gong et al., 2021) # Other From fb911d8e255adcc4593dc818b27012fcf0d2f72e Mon Sep 17 00:00:00 2001 From: MariaRigaki Date: Mon, 27 Sep 2021 13:59:04 +0200 Subject: [PATCH 27/28] Removed duplicate --- README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index b104f57..846de4b 100644 --- a/README.md +++ b/README.md @@ -148,12 +148,11 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**SAFELearn: Secure Aggregation for private FEderated Learning**](https://encrypto.de/papers/FMMMMNRSSYZ21.pdf) (Fereidooni et al., 2021) - [**Does BERT Pretrained on Clinical Notes Reveal Sensitive Data?**](https://arxiv.org/abs/2104.07762) (Lehman et al., 2021) - [**Training Data Leakage Analysis in Language Models**](https://arxiv.org/abs/2101.05405) (Inan et al., 2021) -- [**Exploiting Explanations for Model Inversion Attacks**](https://arxiv.org/abs/2104.12669) (Zhao et al., 2021) - [**Model Fragmentation, Shuffle and Aggregation to Mitigate Model Inversion in Federated Learning**](https://ieeexplore.ieee.org/abstract/document/9478813?casa_token=047c6zFuwm4AAAAA:h6qWPCm6WXUbtVgk1iATPshiPMfvGEp6lVUrblEm8P2tRX4OIDEDpnzICVwYveoENEnH6Ig-yg) (Masude et al., 2021) - [**PRECODE - A Generic Model Extension to Prevent Deep Gradient Leakage**](https://arxiv.org/abs/2108.04725) (Scheliga et al., 2021) - [**On the Importance of Encrypting Deep Features**](https://arxiv.org/abs/2108.07147) (Ni et al., 2021) - [**Defending Against Model Inversion Attack by Adversarial Examples**](https://www.cs.hku.hk/data/techreps/document/TR-2021-03.pdf) (Wen et al., 2021) -- [****]() (et al., 2021) + ## Property inference From fe3880cc13d7041adef0bcc268ccd90bfaeaf979 Mon Sep 17 00:00:00 2001 From: MariaRigaki Date: Wed, 20 Oct 2021 18:26:35 +0200 Subject: [PATCH 28/28] Add "See through gradients" paper --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 846de4b..37fbb38 100644 --- a/README.md +++ b/README.md @@ -152,6 +152,7 @@ Reconstruction attacks cover also attacks known as *model inversion* and *attrib - [**PRECODE - A Generic Model Extension to Prevent Deep Gradient Leakage**](https://arxiv.org/abs/2108.04725) (Scheliga et al., 2021) - [**On the Importance of Encrypting Deep Features**](https://arxiv.org/abs/2108.07147) (Ni et al., 2021) - [**Defending Against Model Inversion Attack by Adversarial Examples**](https://www.cs.hku.hk/data/techreps/document/TR-2021-03.pdf) (Wen et al., 2021) +- [**See through Gradients: Image Batch Recovery via GradInversion**](https://openaccess.thecvf.com/content/CVPR2021/papers/Yin_See_Through_Gradients_Image_Batch_Recovery_via_GradInversion_CVPR_2021_paper.pdf) (Yin et al., 2021)