Showing 1–4 of 4 results for author: Kahla, M

Label-Only Model Inversion Attacks via Boundary Repulsion

Authors: Mostafa Kahla, Si Chen, Hoang Anh Just, Ruoxi Jia

Abstract: Recent studies show that the state-of-the-art deep neural networks are vulnerable to model inversion attacks, in which access to a model is abused to reconstruct private training data of any given target class. Existing attacks rely on having access to either the complete target model (whitebox) or the model's soft-labels (blackbox). However, no prior work has been done in the harder but more prac… ▽ More Recent studies show that the state-of-the-art deep neural networks are vulnerable to model inversion attacks, in which access to a model is abused to reconstruct private training data of any given target class. Existing attacks rely on having access to either the complete target model (whitebox) or the model's soft-labels (blackbox). However, no prior work has been done in the harder but more practical scenario, in which the attacker only has access to the model's predicted label, without a confidence measure. In this paper, we introduce an algorithm, Boundary-Repelling Model Inversion (BREP-MI), to invert private training data using only the target model's predicted labels. The key idea of our algorithm is to evaluate the model's predicted labels over a sphere and then estimate the direction to reach the target class's centroid. Using the example of face recognition, we show that the images reconstructed by BREP-MI successfully reproduce the semantics of the private training data for various datasets and target model architectures. We compare BREP-MI with the state-of-the-art whitebox and blackbox model inversion attacks and the results show that despite assuming less knowledge about the target model, BREP-MI outperforms the blackbox attack and achieves comparable results to the whitebox attack. △ Less

Submitted 3 March, 2022; originally announced March 2022.

Comments: Accepted at CVPR2022

Knowledge-Enriched Distributional Model Inversion Attacks

Authors: Si Chen, Mostafa Kahla, Ruoxi Jia, Guo-Jun Qi

Abstract: Model inversion (MI) attacks are aimed at reconstructing training data from model parameters. Such attacks have triggered increasing concerns about privacy, especially given a growing number of online model repositories. However, existing MI attacks against deep neural networks (DNNs) have large room for performance improvement. We present a novel inversion-specific GAN that can better distill kno… ▽ More Model inversion (MI) attacks are aimed at reconstructing training data from model parameters. Such attacks have triggered increasing concerns about privacy, especially given a growing number of online model repositories. However, existing MI attacks against deep neural networks (DNNs) have large room for performance improvement. We present a novel inversion-specific GAN that can better distill knowledge useful for performing attacks on private models from public data. In particular, we train the discriminator to differentiate not only the real and fake samples but the soft-labels provided by the target model. Moreover, unlike previous work that directly searches for a single data point to represent a target class, we propose to model a private data distribution for each target class. Our experiments show that the combination of these techniques can significantly boost the success rate of the state-of-the-art MI attacks by 150%, and generalize better to a variety of datasets and models. Our code is available at https://github.com/SCccc21/Knowledge-Enriched-DMI. △ Less

Submitted 19 August, 2021; v1 submitted 8 October, 2020; originally announced October 2020.

General DeepLCP model for disease prediction : Case of Lung Cancer

Authors: Mayssa Ben Kahla, Dalel Kanzari, Ahmed Maalel

Abstract: According to GHO (Global Health Observatory (GHO), the high prevalence of a large variety of diseases such as Ischaemic heart disease, stroke, lung cancer disease and lower respiratory infections have remained the top killers during the past decade. The growth in the number of mortalities caused by these disease is due to the very delayed symptoms'detection. Since in the early stages, the sympto… ▽ More According to GHO (Global Health Observatory (GHO), the high prevalence of a large variety of diseases such as Ischaemic heart disease, stroke, lung cancer disease and lower respiratory infections have remained the top killers during the past decade. The growth in the number of mortalities caused by these disease is due to the very delayed symptoms'detection. Since in the early stages, the symptoms are insignificant and similar to those of benign diseases (e.g. the flu ), and we can only detect the disease at an advanced stage. In addition, The high frequency of improper practices that are harmful to health, the hereditary factors, and the stressful living conditions can increase the death rates. Many researches dealt with these fatal disease, and most of them applied advantage machine learning models to deal with image diagnosis. However the drawback is that imagery permit only to detect disease at a very delayed stage and then patient can hardly be saved. In this Paper we present our new approach "DeepLCP" to predict fatal diseases that threaten people's lives. It's mainly based on raw and heterogeneous data of the concerned (or under-tested) person. "DeepLCP" results of a combination combination of the Natural Language Processing (NLP) and the deep learning paradigm.The experimental results of the proposed model in the case of Lung cancer prediction have approved high accuracy and a low loss data rate during the validation of the disease prediction. △ Less

Submitted 15 September, 2020; originally announced September 2020.

Red-Black Trees with Constant Update Time

Authors: Amr Elmasry, Mostafa Kahla, Fady Ahdy, Mahmoud Hashem

Abstract: We show how a few modifications to the red-black trees allow for $O(1)$ worst-case update time (once the position of the inserted or deleted element is known). The resulting structure is based on relaxing some of the properties of the red-black trees while guaranteeing that the height remains logarithmic with respect to the number of nodes. Compared to the other search trees with constant update t… ▽ More We show how a few modifications to the red-black trees allow for $O(1)$ worst-case update time (once the position of the inserted or deleted element is known). The resulting structure is based on relaxing some of the properties of the red-black trees while guaranteeing that the height remains logarithmic with respect to the number of nodes. Compared to the other search trees with constant update time, our tree is the first to provide a tailored deletion procedure without using the global rebuilding technique. In addition, our structure is very simple to implement and allows for a simpler proof of correctness than those alternative trees. △ Less

Submitted 5 April, 2018; originally announced April 2018.