Recent model inversion attack algorithms permit adversaries to reconstruct a neural network's private training data just by repeatedly querying the network and inspecting its outputs. In this work, we develop novel architecture that leverages sparse-coding layers obtain superior robustness class of attacks. Three decades computer science research has studied sparse coding in context image denoising, object recognition, adversarial misclassification settings, but best our knowledge, connection state-of-the-art privacy vulnerabilities remains unstudied. However, architectures suggest an advantageous means defend against attacks because they allow us control amount irrelevant information encoded intermediate representations manner can be computed efficiently during is known have little effect on classification accuracy. Specifically, compared networks trained with variety defenses, maintain comparable or higher accuracy while degrading reconstructions factors 1.1 18.3 across reconstruction quality metrics (PSNR, SSIM, FID). This performance advantage holds 5 datasets ranging from CelebA faces medical images CIFAR-10, various SGD-based GAN-based attacks, including Plug-&-Play We provide cluster-ready PyTorch codebase promote standardize defense evaluations.

Load

Load