Pseudo Label-Guided Model Inversion Attack via Conditional Generative Adversarial Network

Model inversion (MI) attacks have raised increasing concerns about privacy, which can reconstruct training data from public models. Indeed, MI be formalized as an optimization problem that seeks private in a certain space. Recent leverage generative adversarial network (GAN) image prior to narrow the search space, and successfully even high-dimensional (e.g., face images). However, these do not fully exploit potential capabilities of target model, still leading vague coupled i.e., different classes images are Besides, widely used cross-entropy loss suffers gradient vanishing. To address problems, we propose Pseudo Label-Guided (PLG-MI) attack via conditional GAN (cGAN). At first, top-n selection strategy is proposed provide pseudo-labels for data, use guide cGAN. In this way, space decoupled images. Then max-margin introduced improve process on subspace class. Extensive experiments demonstrate our PLG-MI significantly improves success rate visual quality various datasets models, notably, 2 ∼ 3× better than state-of-the-art under large distributional shifts. Our code available at: https://github.com/LetheSec/PLG-MI-Attack.