Types of model inversion attacks
This section categorizes model inversion based on the technique used to reconstruct training data. We will start with the first model inversion attack in 2015 by adversarial AI researchers.
Exploitation of model confidence scores
Known also as the MIFace attack because of its focus on face recognition APIs, this type of attack was one of the first to be demonstrated by a team of researchers at Carnegie-Mellon University and the University of Wisconsin–Madison, who published their work in Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures, published by Matt Fredrikson, Somesh Jha, and Thomas Ristenpart in 2015. The paper can be found at https://dl.acm.org/doi/pdf/10.1145/2810103.2813677.
Attack approach and algorithm
This attack exploits the confidence information the model returns as a feedback signal to guide the search for the input that maximizes the confidence for a given class label. Confidence...