ML Anthology

Reconstructing Training Data with Informed Adversaries

Borja Balle, Giovanni Cherubin, Jamie Hayes
NeurIPSW 2021
/neuripsw/2021/balle2021neuripsw-reconstructing/

Abstract

Given access to a machine learning model, can an adversary reconstruct the model’s training data? This work proposes a formal threat model to study this question, shows that reconstruction attacks are feasible in theory and in practice, and presents preliminary results assessing how different factors of standard machine learning pipelines affect the success of reconstruction. Finally, we empirically evaluate what levels of differential privacy suffice to prevent reconstruction attacks.

PDF NeurIPSW OpenReview Semantic Scholar

Cite

Text

Balle et al. "Reconstructing Training Data with Informed Adversaries." NeurIPS 2021 Workshops: PRIML, 2021.

Markdown

[Balle et al. "Reconstructing Training Data with Informed Adversaries." NeurIPS 2021 Workshops: PRIML, 2021.](https://mlanthology.org/neuripsw/2021/balle2021neuripsw-reconstructing/)

BibTeX

@inproceedings{balle2021neuripsw-reconstructing,
  title     = {{Reconstructing Training Data with Informed Adversaries}},
  author    = {Balle, Borja and Cherubin, Giovanni and Hayes, Jamie},
  booktitle = {NeurIPS 2021 Workshops: PRIML},
  year      = {2021},
  url       = {https://mlanthology.org/neuripsw/2021/balle2021neuripsw-reconstructing/}
}