Property Inference Attacks and Defenses Literature
A curated list of property inference attacks and defenses papers.
Paper are sorted by their released dates in descending order.
Search keywords like conference name (e.g., CCS
), adversarial knowledge (e.g., Black-box
), or target model (e.g., Classification Model
) over the webpage to quickly locate related papers.
Attack papers sorted by year: | 2024 | 2023 | 2022 | 2021 | 2019 | 2018 | 2015 |
Defense papers sorted by year: | 2024 | 2023 | 2022 | 2021 |
Property Inference Attacks
Year
Title
Adversarial Knowledge
Target Model
Venue
Paper Link
Code Link
2024
Quantifying Privacy Risks of Prompts in Visual Prompt Learning
Black-box
Visual Prompt Learning
USENIX
Link
Link
2024
Attesting Distributional Properties of Training Data for Machine Learning
Black-box
Classification model
ESORICS
Link
Link
2024
Property Existence Inference against Generative Models
Black-box
Generative model
USENIX
Link
Link
2024
Property Inference as a Regression Problem: Attacks and Defense
Black-box;White-box
Classification model
SECRYPT
Link
Year
Title
Adversarial Knowledge
Target Model
Venue
Paper Link
Code Link
2023
Distribution Inference Risks: Identifying and Mitigating Sources of Leakage
Black-box;White-box
Classification model
IEEE SaTML
Link
Link
2023
Dissecting Distribution Inference
Black-box
Classification model
IEEE SaTML
Link
Link
2023
Property Inference Attacks Against t-SNE Plots
unknown
unknown
openreview
Link
2023
SNAP: Efficient Extraction of Private Properties with Poisoning
Black-box
Classification model
S&P
Link
2023
SoK: Let the Privacy Games Begin! A Unified Treatment of Data Inference Privacy in Machine Learning
unknown
Classification model
S&P
Link
2023
Manipulating Transfer Learning for Property Inference
unknown
unknown
CVPR
Link
2023
Exploring Clustered Federated Learning’s Vulnerability against Property Inference Attack
White-box
Federated learning
RAID
Link
Year
Title
Adversarial Knowledge
Target Model
Venue
Paper Link
Code Link
2022
Property Inference Attacks against GANs
Black-box;Partial black-box
Generative model
NDSS
Link
2022
Group Property Inference Attacks Against Graph Neural Networks
White-box;Black-box
GNNs
CSS
Link
2022
Property Inference from Poisoning
Black-box
Classification model
S&P
Link
2022
Poisoning-Assisted Property Inference Attack against Federated Learning
unknown
unknown
TDSC
Link
2022
Formalizing and Estimating Distribution Inference Risks
Black-box;White-box
Classification model;GNNs
PETS
Link
Link
2022
Inference Attacks Against Graph Neural Networks
Black-box
GNNs
USENIX
Link
2022
Black-Box Audits for Group Distribution Shifts
Black-box
Classification model
arXiv
Link
Year
Title
Adversarial Knowledge
Target Model
Venue
Paper Link
Code Link
2021
Leakage of Dataset Properties in Multi-Party Machine Learning
Black-box
Classification model
USENIX
Link
2021
Unleashing the Tiger: Inference Attacks on Split Learning
Splitting
Classification model
CCS
Link
Link
2021
Property Inference Attacks on Convolutional Neural Networks: Influence and Implications of Target Model's Complexity
unknown
Classification model
arXiv
Link
Year
Title
Adversarial Knowledge
Target Model
Venue
Paper Link
Code Link
2019
Exploiting Unintended Feature Leakage in Collaborative Learning
White-box
Classification model
S&P
Link
2019
Property Inference Attacks on Neural Networks using Dimension Reduction Representations
unknown
Classification model
unknown
Link
Year
Title
Adversarial Knowledge
Target Model
Venue
Paper Link
Code Link
2018
Property Inference Attacks on Fully Connected Neural Networks using Permutation Invariant Representations
White-box
Classification Model
CCS
Link
Year
Title
Adversarial Knowledge
Target Model
Venue
Paper Link
Code Link
2015
Hacking Smart Machines with Smarter Ones: How to Extract Meaningful Data from Machine Learning Classifiers
White-box
HMMs and SVMs
International Journal of Security and Networks
Link
Property Inference Defenses
Year
Title
Adversarial Knowledge
Target Model
Venue
Paper Link
Code Link
2024
Inf2Guard: An Information-Theoretic Framework for Learning Privacy-Preserving Representations against Inference Attacks
Black-box
Classification model
USENIX
Link
Link
2024
Property Inference as a Regression Problem: Attacks and Defense
Black-box;White-box
Classification model
SECRYPT
Link
Year
Title
Adversarial Knowledge
Target Model
Venue
Paper Link
Code Link
2023
PriSampler: Mitigating Property Inference of Diffusion Models
unknown
Diffusion model
arXiv
Link
2022
Lessons Learned: Defending Against Property Inference Attacks
unknown
unknown
SECRYPT
Link
2023
Distribution Inference Risks: Identifying and Mitigating Sources of Leakage
Black-box;White-box
Classification model
IEEE SaTML
Link
Link
2023
Secure Split Learning against Property Inference, Data Reconstruction, and Feature Space Hijacking Attacks
unknown
unknown
arXiv
Link
2023
Protecting Global Properties of Datasets with Distribution Privacy Mechanisms
White-box
Classification
AISTATS
Link
Link
Year
Title
Adversarial Knowledge
Target Model
Venue
Paper Link
Code Link
2022
Lessons Learned: How (Not) to Defend Against Property Inference Attacks
unknown
unknown
arXiv
Link
Year
Title
Adversarial Knowledge
Target Model
Venue
Paper Link
Code Link
2021
NOSnoop: An Effective Collaborative Meta-Learning Scheme Against Property Inference Attack
unknown
unknown
ITJ
Link