GAN You See Me? Enhanced Data Reconstruction Attacks against Split Inference
Authors: Ziang Li, Mengda Yang, Yaxin Liu, Juan Wang, Hongxin Hu, Wenzhe Yi, Xiaoyang Xu
NeurIPS 2023 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | extensive evaluation across different split points and adversary setups demonstrates its state-of-the-art performance. and We systematically evaluate the reconstruction performance of Optimization-based GLASS and Learning-based GLASS++ on face data at different split points. Additionally, we thoroughly examine and analyze seven advanced defense mechanisms against DRA in SI. |
| Researcher Affiliation | Academia | 1Key Laboratory of Aerospace Information Security and Trusted Computing, Ministry of Education, School of Cyber Science and Engineering, Wuhan University 2Department of Computer Science and Engineering, University at Buffalo, SUNY |
| Pseudocode | Yes | The detailed algorithm of GLASS can be found in Appendix A.1. and The detailed algorithm of GLASS++ can be found in Appendix A.2. |
| Open Source Code | No | The paper does not provide an explicit statement or link indicating that the source code for the described methodology is publicly available. |
| Open Datasets | Yes | we use (1) Celeb A[Liu et al., 2015] containing 202,599 face images of 10,177 identities, (2) FFHQ[Karras et al., 2019] containing 70,000 face images with considerable variation in terms of age, ethnicity and image background. |
| Dataset Splits | No | The paper states, 'We split the datasets into two parts: a private dataset DP for training the target model and a public data used as an auxiliary dataset DA for training our Style GAN model.' However, it does not explicitly provide details about training, validation, and test splits with percentages or sample counts for model evaluation and hyperparameter tuning. |
| Hardware Specification | Yes | Most experiments are carried out on a server equipped with 256 GB RAM, two Intel Xeon Gold 6133, and four NVIDIA RTX 4090 GPUs. |
| Software Dependencies | No | The paper states 'We implement GLASS and GLASS++ in Pytorch[Paszke et al., 2019]' but does not specify the version number for Pytorch or any other software dependencies. |
| Experiment Setup | Yes | We set the number of iterations for Optimization-based DRA to 20,000 and the number of training epochs for Learning-based DRA to 30, while incorporating Total Variation into each attack loss function. It is worth acknowledging that the influence of hyperparameters varies across different adversarial settings and defense mechanisms. We analyze the hyperparameter selection strategies within different settings to meet the reasonable effectiveness of various attacks. Detailed information regarding the hyperparameters can be found in Appendix B.3. |