Key points are not available for this paper at this time.
As machine learning (ML) technologies evolve, various online intelligent services use ML models to provide predictions. Unfortunately, attackers can obtain the private information of the model by interacting with the online service, namely model inversion attack (MIA). However, MIA requires large data sets to be transferred to an online service to obtain the predictive value of the inference model. Besides, the huge transmission may cause the administrator's active defense. To overcome this drawback, we propose a novel MIA scheme, which leverages latent information extracted by an auxiliary neural network as high-dimensional features to simplify what inversion model should learn. The core idea of our scheme is to reuse some parameters of the local pretraining model. Extensive experiments have verified the effectiveness of our method in convolutional neural networks on LFW, pubFig, MNIST data sets. Experimental results show that even with a few queries, our inversion method still work accurately and is superior to other technologies. It is worth mentioning that our method makes it more difficult for administrators to defend against the attack and elicit more investigations for privacy-preserving.
Mo et al. (Thu,) studied this question.