9

Privacy Attacks – Stealing Data

In the previous chapter, we explored the concept of privacy attacks, specifically focusing on model extraction. We learned about the techniques used to steal models trained on sensitive data. This chapter will explore the other two privacy attacks: model inversion and inference attacks. Unlike model extraction, these two types of attacks do not target the model itself but the data we used to train the model. The attempt is to either directly reconstruct training data or infer them. By understanding these attacks, we can better comprehend the vulnerabilities of machine learning (ML) models and develop effective countermeasures to protect sensitive data. In this chapter, we will cover the following topics:

Get Adversarial AI Attacks, Mitigations, and Defense Strategies now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.