Dissertations - M Tech (CS)
Permanent URI for this collectionhttp://164.52.219.250:4000/handle/10263/2147
These Dissertations were submitted in partial fulfilment of the requirements for the award of M TECH (Computer Science) Degree of Indian Statistical Institute
Browse
2 results
Search Results
Item Multi Trajectory Guided Model Inversion Attacks(Indian Statistical Institute, Kolkata, 2024-06) Nandi, IndrajitRecent advancements in deep learning have brought significant concerns regarding the privacy of training data due to overfitting and memorization, as well as a lack of defense mechanisms. In model inversion attacks, where Attackers aim to reconstruct original private training samples (i.e images) just by using the DNN model’s last layer output. Traditional black-box MI attacks face three key challenges: (1) Non-convex optimization landscapes often trap reconstructions in poor local minima, degrading output quality. (2) Black-box scenarios require excessive queries to approximate gradients, raising detection risks. (3) Unconstrained pixel-space optimization generates unrealistic artifacts since the inverse mapping lacks natural image priors. These issues collectively yield low-fidelity reconstructions that fail to capture meaningful private data, especially for complex inputs like faces or medical images. Here, Generative Adversarial Networks (GANs) come in picture which provide a lowdimensional latent space for efficient optimization while ensuring high-dimensional realism. Some recent methods have explored reinforcement learning, where the search in the latent space (learned from a GAN trained on public data) is formulated as a Markov Decision Process (MDP). In our method, we introduce: (1) a dynamics network to model state transitions in the latent space, (2) a reward network that learns directly from the model’s confidence scores, and (3) policy-value networks for efficient exploration inspired by efficient-zero V2. This learned framework automatically adapts autonomously to diverse target models, and leverages the GAN’s generative prior to ensure realistic reconstructions.Item Multi Trajectory Guided Model Inversion Attacks(Indian Statistical Institute, Kolkata, 2025-06) Nandi, IndrajitRecent advancements in deep learning have brought significant concerns regarding the privacy of training data due to overfitting and memorization, as well as a lack of defense mechanisms. In model inversion attacks, where Attackers aim to reconstruct original private training samples (i.e images) just by using the DNN model’s last layer output. Traditional black-box MI attacks face three key challenges: (1) Non-convex optimization landscapes often trap reconstructions in poor local minima, degrading output quality. (2) Black-box scenarios require excessive queries to approximate gradients, raising detection risks. (3) Unconstrained pixel-space optimization generates unrealistic artifacts since the inverse mapping lacks natural image priors. These issues collectively yield low-fidelity reconstructions that fail to capture meaningful private data, especially for complex inputs like faces or medical images. Here, Generative Adversarial Networks (GANs) come in picture which provide a lowdimensional latent space for efficient optimization while ensuring high-dimensional realism. Some recent methods have explored reinforcement learning, where the search in the latent space (learned from a GAN trained on public data) is formulated as a Markov Decision Process (MDP). In our method, we introduce: (1) a dynamics network to model state transitions in the latent space, (2) a reward network that learns directly from the model’s confidence scores, and (3) policy-value networks for efficient exploration inspired by efficient-zero V2. This learned framework automatically adapts autonomously to diverse target models, and leverages the GAN’s generative prior to ensure realistic reconstructions.