intermediate feature representation
Appendix A Algorithm details
A.1 GLASS Algorithm 1 GAN-based latent space search attack ( GLASS) Require: A standard ResNet-18 network is divided into blocks, as shown in Figure 8. From Similarly, for GLASS, we set the learning rate to 1e-2 and the number of iterations to 20,000. Regarding IN, we selected a learning rate of 1e-3 and performed 30 training epochs. The accuracy of each defended model and its corresponding defense hyperparameters are shown in Table 3. Table 3: Details of defense hyperparameters (we set the split point uniformly to Block3). We train 50 distributions for Shredder, maintaining an accuracy of over 77% for all of them. As Figure 10 shows, the upper left curve implies a better privacy-utility trade-off. NoPeek and DISCO achieve the optimal defensive effect on almost all DRAs.
GAN You See Me? Enhanced Data Reconstruction Attacks against Split Inference Ziang Li1, Mengda Y ang
To overcome these challenges, we propose a G AN-based LA tent S pace S earch attack ( GLASS) that harnesses abundant prior knowledge from public data using advanced StyleGAN technologies. Additionally, we introduce GLASS++ to enhance reconstruction stability.
- North America > United States (0.04)
- Asia > China > Hubei Province > Wuhan (0.04)
- Asia > China > Chongqing Province > Chongqing (0.04)
Appendix A Algorithm details
A.1 GLASS Algorithm 1 GAN-based latent space search attack ( GLASS) Require: A standard ResNet-18 network is divided into blocks, as shown in Figure 8. From Similarly, for GLASS, we set the learning rate to 1e-2 and the number of iterations to 20,000. Regarding IN, we selected a learning rate of 1e-3 and performed 30 training epochs. The accuracy of each defended model and its corresponding defense hyperparameters are shown in Table 3. Table 3: Details of defense hyperparameters (we set the split point uniformly to Block3). We train 50 distributions for Shredder, maintaining an accuracy of over 77% for all of them. As Figure 10 shows, the upper left curve implies a better privacy-utility trade-off. NoPeek and DISCO achieve the optimal defensive effect on almost all DRAs.
GAN You See Me? Enhanced Data Reconstruction Attacks against Split Inference Ziang Li1, Mengda Y ang
To overcome these challenges, we propose a G AN-based LA tent S pace S earch attack ( GLASS) that harnesses abundant prior knowledge from public data using advanced StyleGAN technologies. Additionally, we introduce GLASS++ to enhance reconstruction stability.
Measuring Data Reconstruction Defenses in Collaborative Inference Systems Mengda Y ang
Specifically, we show that the latent privacy features are still retained in the obfuscated representations.
- North America > United States (0.04)
- Asia > China > Hubei Province > Wuhan (0.04)
- Asia > China > Chongqing Province > Chongqing (0.04)