Distributional Black-Box Model Inversion Attack with Multi-Agent Reinforcement Learning

arXiv:2404.13860v1 Announce Type: new
Abstract: A Model Inversion (MI) attack based on Generative Adversarial Networks (GAN) aims to recover the private training data from complex deep learning models by searching codes in the latent space. However, they merely search a deterministic latent space such that the found latent code is usually suboptimal. In addition, the existing distributional MI schemes assume that an attacker can access the structures and parameters of the target model, which is not always viable in practice. …

abstract adversarial agent arxiv box code cs.cr cs.lg data deep learning found gan generative generative adversarial networks however multi-agent networks reinforcement reinforcement learning search searching space training training data type