mirror of
https://github.com/stratosphereips/awesome-ml-privacy-attacks.git
synced 2025-12-15 23:59:39 +01:00
Maria RigakiAwesome atacks on ML privacy 
This repository contains a curated list of papers related to privacy attacks against machine learning. A code repository is provided when available. For corections, suggestions and missing papers, please either open an issue or submit a pull request.
Table of Contents
Surveys and Overviews
- An Overview of Privacy in Machine Learning (De Cristofaro, 2020)
- A Survey of Privacy Attacks in Machine Learning (Rigaki and Garcia, 2020)
Papers and Code
Membership inference
- Membership inference attacks against machine learning models (Shokri et al., 2017) (code)
- Understanding membership inferences on well-generalized learning models(Long et al., 2018)
- Privacy risk in machine learning:Analyzing the connection to overfitting, (Yeom et al., 2018) (code)
- Membership inference attack against differentially private deep learning model (Rahman ett al., 2018)
- Comprehensive privacy analysis of deep learning: Passive and active white-box inference attacks against centralized and federated learning. (Nasr et al., 2019) (code)
- Logan: Membership inference attacks against generative models. (Hayes et al. 2019) (code)
- Evaluating differentially private machine learning in practice (Jayaraman and Evans, 2019) (code)
- Ml-leaks: Model and data independent membership inference attacks and defenses on machine learning models (Salem et al., 2019) (code)
- Privacy risks of securing machine learning models against adversarial examples (Song L. et al., 2019) (code)
- White-box vs Black-box: Bayes Optimal Strategies for Membership Inference (Sablayrolles etal., 2019)
- Privacy risks of explaining machine learning models (Shokri et al., 2019)
- Demystifying membership inference attacks in machine learning as a service (Truex et al., 2019)
- Monte carlo and reconstruction membership inference attacks against generative models (Hilprecht et al., 2019)
- MemGuard: Defending against Black-Box Membership Inference Attacks via Adversarial Examples (Jia et al., 2019) (code)
- Gan-leaks: A taxonomy of membership inference attacks against gans (Chen,et al., 2019))
- Auditing Data Provenance in Text-Generation Models (Song and Shmatikov, 2019)
- Membership Inference Attacks on Sequence-to-Sequence Models: Is My Data In Your Machine Translation System? (Hisamoto et al., 2020)
- Revisiting Membership InferenceUnder Realistic Assumptions (Jayaraman et al., 2020)
Reconstruction
Reconstruction attacks cover also attacks known as model inversion and attribute inference.
- Privacy in pharmacogenetics: An end-to-end case study of personalized warfarin dosing (Fredrikson et al., 2014)
- Model inversion attacks that exploit confidence information and basic countermeasures (Fredrikson et al., 2015) (code)
- A methodology for formalizing model-inversion attacks (Wu et al., 2016)
- Deep models under the gan: Information leakage from collaborative deep learning (Hitaj et al., 2017)
- Machine learning models that remember too much (Song, C. et al., 2017) (code)
- Model inversion attacks for prediction systems: Without knowledge of non-sensitive attributes (Hidano et al., 2017)
- The secret sharer: Evaluating and testing unintended memorization in neural networks (Carlini et al., 2019)
- Deep leakage from gradients (Zhu et al., 2019) (code)
- Model inversion attacks against collaborative inference (He et al., 2019) (code)
- Beyond Inferring Class Representatives: User-Level Privacy Leakage From Federated Learning (Wang et al., 2019)
- Neural network inversion in adversarial setting via background knowledge alignment (Yang et al., 2019)
- iDLG: Improved Deep Leakage from Gradients (Zhao et al., 2020) (code)
- Privacy Risks of General-Purpose Language Models (Pan et al., 2020)
- The secret revealer: generative model-inversion attacks against deep neural networks) (link (Zhang et al., 2020)
- Inverting Gradients - How easy is it to break privacy in federated learning? (Geiping et al., 2020)
Property inference
- Hacking smart machines with smarter ones: How to extract meaningful data from machine learning classifiers (Ateniese et al., 2015)
- Property inference attacks on fully connected neural networks using permutation invariant representations (Ganju et al., 2018)
- Exploiting unintended feature leakage in collaborative learning (Melis et al., 2019) (code)
- Overlearning Reveals Sensitive Attributes (Song C. et al., 2020) (code)
Model extraction
- Stealing machine learning models via prediction apis (Tramèr et al., 2016) (code)
- Stealing hyperparameters in machine learning(Wang B. et al., 2018)
- Copycat CNN: Stealing Knowledge by Persuading Confession with Random Non-Labeled Data (Correia-Silva et al., 2018) (code)
- Towards reverse-engineering black-box neural networks.(Oh et al., 2018) (code)
- Knockoff nets: Stealing functionality of black-box models (Orekondy et al., 2019) (code)
- PRADA: protecting against DNN model stealing attacks (juuti et al., 2019) (code)
- Model Reconstruction from Model Explanations (Milli et al., 2019)
- Exploring connections between active learning and model extraction (Chandrasekaran et al., 2020)
- High Accuracy and High Fidelity Extraction of Neural Networks (Jagielski et al., 2020)
- Thieves on Sesame Street! Model Extraction of BERT-based APIs (Krishna et al., 2020) (code)