Training Data Reconstruction: Privacy Due to Uncertainty?
Abstract
Being able to reconstruct training data from the parameters of a neural network is a major privacy concern. Previous works have shown that reconstructing training data, under certain circumstances, is possible. In this work, we analyse such reconstructions empirically and propose a new formulation of the reconstruction as a solution to a bilevel optimisation problem. We demonstrate that our formulation as well as previous approaches highly depend on the initialisation of the training images x to reconstruct. In particular, we show that a random initialisation of x can lead to reconstructions that resemble valid training samples while not being part of the actual training dataset. Thus, our experiments on affine and one-hidden layer networks suggest that when reconstructing natural images, yet an adversary cannot identify whether reconstructed images have indeed been part of the set of training samples.
Cite
Text
Runkel et al. "Training Data Reconstruction: Privacy Due to Uncertainty?." IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops, 2025.Markdown
[Runkel et al. "Training Data Reconstruction: Privacy Due to Uncertainty?." IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops, 2025.](https://mlanthology.org/cvprw/2025/runkel2025cvprw-training/)BibTeX
@inproceedings{runkel2025cvprw-training,
title = {{Training Data Reconstruction: Privacy Due to Uncertainty?}},
author = {Runkel, Christina and Gandikota, Kanchana Vaishnavi and Geiping, Jonas and Schönlieb, Carola-Bibiane and Moeller, Michael},
booktitle = {IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops},
year = {2025},
pages = {3502-3510},
url = {https://mlanthology.org/cvprw/2025/runkel2025cvprw-training/}
}