Adaptive Domain Inference Attack with Concept Hierarchy
| dc.contributor.author | Gu, Yuechun | |
| dc.contributor.author | He, Jiajie | |
| dc.contributor.author | Chen, Keke | |
| dc.date.accessioned | 2026-02-12T16:44:17Z | |
| dc.date.issued | 2025-07-20 | |
| dc.description | KDD '25: The 31st ACM SIGKDD Conference on Knowledge Discovery and Data Mining Toronto ON Canada August 3 - 7, 2025 | |
| dc.description.abstract | With increasingly deployed deep neural networks in sensitive application domains, such as healthcare and security, it's essential to understand what kind of sensitive information can be inferred from these models. Most known model-targeted attacks assume attackers have learned the application domain or training data distribution to ensure successful attacks. Can removing the domain information from model APIs protect models from these attacks? This paper studies this critical problem. Unfortunately, even with minimal knowledge, i.e., accessing the model as an unnamed function without leaking the meaning of input and output, the proposed adaptive domain inference attack (ADI) can still successfully estimate relevant subsets of training data. We show that the extracted relevant data can significantly improve, for instance, the performance of model-inversion attacks. Specifically, the ADI method utilizes a concept hierarchy extracted from a collection of available public and private datasets and a novel algorithm to adaptively tune the likelihood of leaf concepts showing up in the unseen training data. We also designed a straightforward hypothesis-testing-based attack -- LDI. The ADI attack not only extracts partial training data at the concept level but also converges fastest and requires the fewest target-model accesses among all candidate methods. Our code is available at https://anonymous.4open.science/r/KDD-362D. | |
| dc.description.sponsorship | This material is based upon work sup-ported by the National Science Foundation under Grant No. (2232824) | |
| dc.description.uri | https://dl.acm.org/doi/10.1145/3690624.3709332 | |
| dc.format.extent | 12 pages | |
| dc.genre | conference papers and proceedings | |
| dc.identifier | doi:10.13016/m2sxuc-qtvo | |
| dc.identifier.citation | Gu, Yuechun, Jiajie He, and Keke Chen. “Adaptive Domain Inference Attack with Concept Hierarchy.” Proceedings of the 31st ACM SIGKDD Conference on Knowledge Discovery and Data Mining V., July 20, 2025. https://doi.org/10.1145/3690624.3709332. | |
| dc.identifier.uri | https://doi.org/10.1145/3690624.3709332 | |
| dc.identifier.uri | http://hdl.handle.net/11603/41876 | |
| dc.language.iso | en | |
| dc.publisher | ACM | |
| dc.relation.isAvailableAt | The University of Maryland, Baltimore County (UMBC) | |
| dc.relation.ispartof | UMBC Computer Science and Electrical Engineering Department | |
| dc.relation.ispartof | UMBC Faculty Collection | |
| dc.relation.ispartof | UMBC Student Collection | |
| dc.rights | Attribution 4.0 International | |
| dc.rights.uri | https://creativecommons.org/licenses/by/4.0/ | |
| dc.subject | Computer Science - Cryptography and Security | |
| dc.subject | UMBC Cyber Defense Lab (CDL) | |
| dc.subject | Computer Science - Machine Learning | |
| dc.title | Adaptive Domain Inference Attack with Concept Hierarchy | |
| dc.type | Text | |
| dcterms.creator | https://orcid.org/0009-0006-4945-7310 | |
| dcterms.creator | https://orcid.org/0009-0009-7956-8355 | |
| dcterms.creator | https://orcid.org/0000-0002-9996-156X |