Model inversion reverse-engineers input samples from a given model, and hence poses serious threats to information confidentiality.We propose novel technique based on StyleGAN, whose generator has special architecture that forces the decomposition of an styles various granularities such model can learn them separately in training.During sample generation, transforms latent value parameters controlling these compose sample.In our inversion, target label some subject invert (e.g., private face identity recognition model), leverages StyleGAN trained public data same domain human dataset), uses gradient descent or genetic search algorithm, together with distribution clipping, find proper parameterization generated is correctly classified (by model) recognized by humans.The results show inverted have high fidelity, substantially better than those existing state-of-the-art techniques.

Load

Load