R.I.P.
π»
Ghosted
Privacy Backdoors: Stealing Data with Corrupted Pretrained Models
March 30, 2024 Β· Entered Twilight Β· π International Conference on Machine Learning
Repo contents: .gitattributes, .gitignore, README.md, analysis, materials, src, supple
Authors
Shanglun Feng, Florian Tramèr
arXiv ID
2404.00473
Category
cs.CR: Cryptography & Security
Cross-listed
cs.LG
Citations
30
Venue
International Conference on Machine Learning
Repository
https://github.com/ShanglunFengatETHZ/PrivacyBackdoor
β 50
Last Checked
1 month ago
Abstract
Practitioners commonly download pretrained machine learning models from open repositories and finetune them to fit specific applications. We show that this practice introduces a new risk of privacy backdoors. By tampering with a pretrained model's weights, an attacker can fully compromise the privacy of the finetuning data. We show how to build privacy backdoors for a variety of models, including transformers, which enable an attacker to reconstruct individual finetuning samples, with a guaranteed success! We further show that backdoored models allow for tight privacy attacks on models trained with differential privacy (DP). The common optimistic practice of training DP models with loose privacy guarantees is thus insecure if the model is not trusted. Overall, our work highlights a crucial and overlooked supply chain attack on machine learning privacy.
Community Contributions
Found the code? Know the venue? Think something is wrong? Let us know!
π Similar Papers
In the same crypt β Cryptography & Security
R.I.P.
π»
Ghosted
Membership Inference Attacks against Machine Learning Models
R.I.P.
π»
Ghosted
The Limitations of Deep Learning in Adversarial Settings
R.I.P.
π»
Ghosted
Practical Black-Box Attacks against Machine Learning
R.I.P.
π»
Ghosted
Distillation as a Defense to Adversarial Perturbations against Deep Neural Networks
R.I.P.
π»
Ghosted