Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures

Fredrikson, Matt; Jha, Somesh; Ristenpart, Thomas

doi:10.1145/2810103.2813677

articleOct 6, 2015GOLD OA

Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures

MFMatt Fredrikson SJSomesh Jha TRThomas Ristenpart

Carnegie Mellon University · University of Wisconsin–Madison · +1 more institution

Indexed incrossref

Abstract

Machine-learning (ML) algorithms are increasingly utilized in privacy-sensitive applications such as predicting lifestyle choices, making medical diagnoses, and facial recognition. In a model inversion attack, recently introduced in a case study of linear classifiers in personalized medicine by Fredrikson et al., adversarial access to an ML model is abused to learn sensitive genomic information about individuals. Whether model inversion attacks apply to settings outside theirs, however, is unknown. We develop a new class of model inversion attack that exploits confidence values revealed along with predictions. Our new attacks are applicable in a variety of settings, and we explore two in depth: decision trees…

Citation impact

2,761

total citations

FWCI: 62.33
Percentile: 100%
References: 29

Citations per year

Authors

3

Topics & keywords

Topics

Keywords

Exploit
Computer science
Machine learning
Artificial intelligence
Decision tree
Medical diagnosis
Computer security

UN Sustainable Development Goals

Peace, Justice and strong institutions

No related works found for this paper.