Timezone: »
Poster
Variational Model Inversion Attacks
Kuan-Chieh Wang · YAN FU · Ke Li · Ashish Khisti · Richard Zemel · Alireza Makhzani
Given the ubiquity of deep neural networks, it is important that these models do not reveal information about sensitive data that they have been trained on. In model inversion attacks, a malicious user attempts to recover the private dataset used to train a supervised neural network. A successful model inversion attack should generate realistic and diverse samples that accurately describe each of the classes in the private dataset. In this work, we provide a probabilistic interpretation of model inversion attacks, and formulate a variational objective that accounts for both diversity and accuracy. In order to optimize this variational objective, we choose a variational family defined in the code space of a deep generative model, trained on a public auxiliary dataset that shares some structural similarity with the target dataset. Empirically, our method substantially improves performance in terms of target attack accuracy, sample realism, and diversity on datasets of faces and chest X-ray images.
Author Information
Kuan-Chieh Wang (University of Toronto)
YAN FU (Toronto University)
Ke Li (Google / SFU)
Ashish Khisti (University of Toronto)
Richard Zemel (Columbia University)
Alireza Makhzani (University of Toronto)
More from the Same Authors
-
2021 : Understanding Post-hoc Adaptation for Improving Subgroup Robustness »
David Madras · Richard Zemel -
2021 : Few Shot Image Generation via Implicit Autoencoding of Support Sets »
Shenyang Huang · Kuan-Chieh Wang · Guillaume Rabusseau · Alireza Makhzani -
2021 : Amortized Causal Discovery: Learning to Infer Causal Graphs from Time-Series Data »
Sindy Löwe · David Madras · Richard Zemel · Max Welling -
2021 : Cross-Domain Lossy Compression as Optimal Transport with an Entropy Bottleneck »
Huan Liu · George Zhang · Jun Chen · Ashish Khisti -
2021 : Your Dataset is a Multiset and You Should Compress it Like One »
Daniel Severo · James Townsend · Ashish Khisti · Alireza Makhzani · Karen Ullrich -
2022 : DrML: Diagnosing and Rectifying Vision Models using Language »
Yuhui Zhang · Jeff Z. HaoChen · Shih-Cheng Huang · Kuan-Chieh Wang · James Zou · Serena Yeung -
2022 Poster: Implications of Model Indeterminacy for Explanations of Automated Decisions »
Marc-Etienne Brunet · Ashton Anderson · Richard Zemel -
2022 Poster: Deep Ensembles Work, But Are They Necessary? »
Taiga Abe · Estefany Kelly Buchanan · Geoff Pleiss · Richard Zemel · John Cunningham -
2021 : Your Dataset is a Multiset and You Should Compress it Like One »
Daniel Severo · James Townsend · Ashish Khisti · Alireza Makhzani · Karen Ullrich -
2021 : Gotta Go Fast with Score-Based Generative Models »
Alexia Jolicoeur-Martineau · Ke Li · Rémi Piché-Taillefer · Tal Kachman · Ioannis Mitliagkas -
2021 Poster: Universal Rate-Distortion-Perception Representations for Lossy Compression »
George Zhang · Jingjing Qian · Jun Chen · Ashish Khisti -
2021 Poster: Grad2Task: Improved Few-shot Text Classification Using Gradients for Task Representation »
Jixuan Wang · Kuan-Chieh Wang · Frank Rudzicz · Michael Brudno -
2021 Poster: Identifying and Benchmarking Natural Out-of-Context Prediction Problems »
David Madras · Richard Zemel -
2020 : Contributed talks 5: Fairness and Robustness in Invariant Learning: A Case Study in Toxicity Classification »
Elliot Creager · David Madras · Richard Zemel -
2020 Poster: Coded Sequential Matrix Multiplication For Straggler Mitigation »
Nikhil Krishnan Muralee Krishnan · Seyederfan Hosseini · Ashish Khisti -
2019 Poster: Information-Theoretic Generalization Bounds for SGLD via Data-Dependent Estimates »
Jeffrey Negrea · Mahdi Haghifam · Gintare Karolina Dziugaite · Ashish Khisti · Daniel Roy -
2019 Poster: Incremental Few-Shot Learning with Attention Attractor Networks »
Mengye Ren · Renjie Liao · Ethan Fetaya · Richard Zemel -
2019 Poster: SMILe: Scalable Meta Inverse Reinforcement Learning through Context-Conditional Policies »
Kamyar Ghasemipour · Shixiang (Shane) Gu · Richard Zemel -
2019 Poster: Efficient Graph Generation with Graph Recurrent Attention Networks »
Renjie Liao · Yujia Li · Yang Song · Shenlong Wang · Will Hamilton · David Duvenaud · Raquel Urtasun · Richard Zemel -
2019 Poster: Approximate Feature Collisions in Neural Nets »
Ke Li · Tianhao Zhang · Jitendra Malik -
2018 : Spotlights »
Guangneng Hu · Ke Li · Aviral Kumar · Phi Vu Tran · Samuel G. Fadel · Rita Kuznetsova · Bong-Nam Kang · Behrouz Haji Soleimani · Jinwon An · Nathan de Lara · Anjishnu Kumar · Tillman Weyde · Melanie Weber · Kristen Altenburger · Saeed Amizadeh · Xiaoran Xu · Yatin Nandwani · Yang Guo · Maria Pacheco · William Fedus · Guillaume Jaume · Yuka Yoneda · Yunpu Ma · Yunsheng Bai · Berk Kapicioglu · Maximilian Nickel · Fragkiskos Malliaros · Beier Zhu · Aleksandar Bojchevski · Joshua Joseph · Gemma Roig · Esma Balkir · Xander Steenbrugge -
2018 Poster: Learning Latent Subspaces in Variational Autoencoders »
Jack Klys · Jake Snell · Richard Zemel -
2018 Poster: Predict Responsibly: Improving Fairness and Accuracy by Learning to Defer »
David Madras · Toni Pitassi · Richard Zemel -
2018 Poster: Neural Guided Constraint Logic Programming for Program Synthesis »
Lisa Zhang · Gregory Rosenblatt · Ethan Fetaya · Renjie Liao · William Byrd · Matthew Might · Raquel Urtasun · Richard Zemel -
2017 : Poster Session (encompasses coffee break) »
Beidi Chen · Borja Balle · Daniel Lee · iuri frosio · Jitendra Malik · Jan Kautz · Ke Li · Masashi Sugiyama · Miguel A. Carreira-Perpinan · Ramin Raziperchikolaei · Theja Tulabandhula · Yung-Kyun Noh · Adams Wei Yu -
2017 : Contributed talk: Predict Responsibly: Increasing Fairness by Learning To Defer Abstract »
David Madras · Richard Zemel · Toni Pitassi -
2017 : Fast k-Nearest Neighbor Search via Prioritized DCI »
Ke Li -
2017 Poster: PixelGAN Autoencoders »
Alireza Makhzani · Brendan J Frey -
2017 Poster: Dualing GANs »
Yujia Li · Alex Schwing · Kuan-Chieh Wang · Richard Zemel -
2017 Poster: Causal Effect Inference with Deep Latent-Variable Models »
Christos Louizos · Uri Shalit · Joris Mooij · David Sontag · Richard Zemel · Max Welling -
2017 Spotlight: Dualing GANs »
Yujia Li · Alex Schwing · Kuan-Chieh Wang · Richard Zemel -
2017 Poster: Few-Shot Learning Through an Information Retrieval Lens »
Eleni Triantafillou · Richard Zemel · Raquel Urtasun -
2017 Poster: Prototypical Networks for Few-shot Learning »
Jake Snell · Kevin Swersky · Richard Zemel -
2016 Poster: Understanding the Effective Receptive Field in Deep Convolutional Neural Networks »
Wenjie Luo · Yujia Li · Raquel Urtasun · Richard Zemel -
2016 Poster: Learning Deep Parsimonious Representations »
Renjie Liao · Alex Schwing · Richard Zemel · Raquel Urtasun -
2015 Poster: Skip-Thought Vectors »
Jamie Kiros · Yukun Zhu · Russ Salakhutdinov · Richard Zemel · Raquel Urtasun · Antonio Torralba · Sanja Fidler -
2015 Poster: Winner-Take-All Autoencoders »
Alireza Makhzani · Brendan J Frey -
2015 Poster: Exploring Models and Data for Image Question Answering »
Mengye Ren · Jamie Kiros · Richard Zemel -
2014 Workshop: Representation and Learning Methods for Complex Outputs »
Richard Zemel · Dale Schuurmans · Kilian Q Weinberger · Yuhong Guo · Jia Deng · Francesco Dinuzzo · Hal Daumé III · Honglak Lee · Noah A Smith · Richard Sutton · Jiaqian YU · Vitaly Kuznetsov · Luke Vilnis · Hanchen Xiong · Calvin Murdock · Thomas Unterthiner · Jean-Francis Roy · Martin Renqiang Min · Hichem SAHBI · Fabio Massimo Zanzotto -
2014 Poster: A Multiplicative Model for Learning Distributed Text-Based Attribute Representations »
Jamie Kiros · Richard Zemel · Russ Salakhutdinov -
2013 Workshop: Output Representation Learning »
Yuhong Guo · Dale Schuurmans · Richard Zemel · Samy Bengio · Yoshua Bengio · Li Deng · Dan Roth · Kilian Q Weinberger · Jason Weston · Kihyuk Sohn · Florent Perronnin · Gabriel Synnaeve · Pablo R Strasser · julien audiffren · Carlo Ciliberto · Dan Goldwasser -
2013 Poster: A Determinantal Point Process Latent Variable Model for Inhibition in Neural Spiking Data »
Jasper Snoek · Richard Zemel · Ryan Adams -
2013 Poster: On the Expressive Power of Restricted Boltzmann Machines »
James Martens · Arkadev Chattopadhya · Toni Pitassi · Richard Zemel -
2012 Poster: Collaborative Ranking With 17 Parameters »
Maksims Volkovs · Richard Zemel -
2012 Poster: Bayesian n-Choose-k Models for Classification and Ranking »
Kevin Swersky · Danny Tarlow · Richard Zemel · Ryan Adams · Brendan J Frey -
2012 Poster: Efficient Sampling for Bipartite Matching Problems »
Maksims Volkovs · Richard Zemel -
2012 Poster: Cardinality Restricted Boltzmann Machines »
Kevin Swersky · Danny Tarlow · Ilya Sutskever · Richard Zemel · Russ Salakhutdinov · Ryan Adams -
2010 Talk: Opening Remarks and Awards »
Richard Zemel · Terrence Sejnowski · John Shawe-Taylor -
2009 Placeholder: Opening Remarks »
Richard Zemel -
2008 Poster: Comparing model predictions of response bias and variance in cue combination »
Rama Natarajan · Iain Murray · Ladan Shams · Richard Zemel -
2008 Poster: Learning Hybrid Models for Image Annotation with Partially Labeled Data »
Xuming He · Richard Zemel -
2008 Poster: Competing RBM density models for classification of fMRI images »
Tanya Schmah · Geoffrey E Hinton · Richard Zemel