notesum.ai

Published at November 13

Trap-MID: Trapdoor-based Defense against Model Inversion Attacks

cs.CR

cs.AI

cs.CV

cs.LG

Released Date: November 13, 2024

Authors: Zhen-Ting Liu¹, Shang-Tse Chen¹

Aff.: ¹National Taiwan University

Arxiv: http://arxiv.org/abs/2411.08460v1

Refer to caption

GMI
Defense	Acc $\uparrow$	AA-1 $\downarrow$	AA-5 $\downarrow$	KNN Dist $\uparrow$	FID $\uparrow$
-	86.21 $\pm$ 0.91	14.29 $\pm$ 0.63	32.64 $\pm$ 0.67	1798.23 $\pm$ 3.57	31.01 $\pm$ 1.06
MID	77.89 $\pm$ 0.70	9.88 $\pm$ 0.89	23.58 $\pm$ 2.09	1894.38 $\pm$ 25.02	35.60 $\pm$ 0.73
BiDO	78.97 $\pm$ 0.44	4.92 $\pm$ 0.32	14.03 $\pm$ 0.96	2020.05 $\pm$ 13.10	46.79 $\pm$ 1.42
NegLS	81.99 $\pm$ 0.45	7.80 $\pm$ 0.55	23.10 $\pm$ 0.74	1797.49 $\pm$ 9.29	40.92 $\pm$ 1.53
Trap-MID	81.37 $\pm$ 1.04	0.24 $\pm$ 0.19	1.16 $\pm$ 0.83	2411.39 $\pm$ 80.80	153.73 $\pm$ 62.84
KED-MI
-	86.21 $\pm$ 0.91	56.46 $\pm$ 2.56	82.84 $\pm$ 1.66	1404.85 $\pm$ 11.96	17.10 $\pm$ 1.09
MID	77.89 $\pm$ 0.70	53.24 $\pm$ 4.46	80.08 $\pm$ 3.55	1413.49 $\pm$ 33.05	18.45 $\pm$ 1.29
BiDO	78.97 $\pm$ 0.44	34.84 $\pm$ 1.27	62.42 $\pm$ 1.42	1530.94 $\pm$ 9.53	20.95 $\pm$ 0.83
NegLS	81.99 $\pm$ 0.45	32.45 $\pm$ 1.81	62.13 $\pm$ 2.64	1543.70 $\pm$ 7.36	39.02 $\pm$ 4.87
Trap-MID	81.37 $\pm$ 1.04	9.24 $\pm$ 9.36	19.24 $\pm$ 18.65	2056.00 $\pm$ 311.59	87.39 $\pm$ 66.40
PLG-MI
-	86.21 $\pm$ 0.91	95.81 $\pm$ 1.63	99.43 $\pm$ 0.26	1174.13 $\pm$ 31.82	12.77 $\pm$ 0.59
MID	77.89 $\pm$ 0.70	92.72 $\pm$ 1.64	98.64 $\pm$ 0.40	1149.64 $\pm$ 19.26	14.36 $\pm$ 2.26
BiDO	78.97 $\pm$ 0.44	89.18 $\pm$ 1.59	97.64 $\pm$ 0.41	1242.04 $\pm$ 21.25	16.82 $\pm$ 1.62
NegLS	81.99 $\pm$ 0.45	89.38 $\pm$ 3.35	97.81 $\pm$ 0.94	1412.19 $\pm$ 56.72	69.02 $\pm$ 10.94
Trap-MID	81.37 $\pm$ 1.04	6.23 $\pm$ 5.60	13.15 $\pm$ 10.30	2055.96 $\pm$ 147.67	57.82 $\pm$ 23.41