Privacy Backdoors: Stealing Data with Corrupted Pretrained Models

arXiv:2404.00473v1 Announce Type: cross
Abstract: Practitioners commonly download pretrained machine learning models from open repositories and finetune them to fit specific applications. We show that this practice introduces a new risk of privacy backdoors. By tampering with a pretrained model's weights, an attacker can fully compromise the privacy of the finetuning data. We show how to build privacy backdoors for a variety of models, including transformers, which enable an attacker to reconstruct individual finetuning samples, with a guaranteed success! We …

abstract applications arxiv cs.cr cs.lg data download finetuning machine machine learning machine learning models practice pretrained models privacy repositories risk show stealing them type