Class Attribute Inference Attacks: Inferring Sensitive Class Information by Diffusion-Based Attribute Manipulations
Abstract
Neural network-based image classifiers are powerful tools for computer vision tasks, but they inadvertently reveal sensitive attribute information about their classes, raising concerns about their privacy. To investigate this privacy leakage, we introduce the first Class Attribute Inference Attack (CAIA), which leverages recent advances in text-to-image synthesis to infer sensitive attributes of individual classes in a black-box setting, while remaining competitive with related white-box attacks. Our extensive experiments in the face recognition domain show that CAIA accurately infers undisclosed sensitive attributes, such as an individual's hair color, gender, and racial appearance, which are not part of the training labels.
Cite
Text
Struppek et al. "Class Attribute Inference Attacks: Inferring Sensitive Class Information by Diffusion-Based Attribute Manipulations." NeurIPS 2024 Workshops: AdvML-Frontiers, 2024.Markdown
[Struppek et al. "Class Attribute Inference Attacks: Inferring Sensitive Class Information by Diffusion-Based Attribute Manipulations." NeurIPS 2024 Workshops: AdvML-Frontiers, 2024.](https://mlanthology.org/neuripsw/2024/struppek2024neuripsw-class/)BibTeX
@inproceedings{struppek2024neuripsw-class,
title = {{Class Attribute Inference Attacks: Inferring Sensitive Class Information by Diffusion-Based Attribute Manipulations}},
author = {Struppek, Lukas and Hintersdorf, Dominik and Friedrich, Felix and Brack, Manuel and Schramowski, Patrick and Kersting, Kristian},
booktitle = {NeurIPS 2024 Workshops: AdvML-Frontiers},
year = {2024},
url = {https://mlanthology.org/neuripsw/2024/struppek2024neuripsw-class/}
}