Go to ICLR 2026 Conference homepageModel Theft and Inversion Attacks Against Query-free Collaborative Inference Systems
Keywords: computer vision, privacy attacks, collaborative inference
Abstract: Collaborative inference systems are designed to deploy high-performance models on resource-constrained edge devices by splitting the model into two parts, deployed separately on the client device and the server. However, server-side adversaries can still infer client's private information from the latter part of the model. Previous works rely on auxiliary data with matching labels and unlimited queries to reconstruct inference data or determine sample membership. In contrast, this paper introduces a novel threat called Model Theft and Inversion Attacks (MTIA), targeting a more realistic and challenging scenario where adversaries often lack access to label-consistent datasets. Moreover, adversaries cannot query the client device and have no knowledge of the client model’s architecture or parameters. To address these challenges, we leverage transfer learning and self-attention alignment to extract knowledge from the server model and align it with the target task. This enables model recovery with performance comparable to the original model while improving the reconstruction of high-fidelity private data. Additionally, we propose an enhancement that uses reconstructed images to further boost the recovered model’s performance. Extensive experiments across various datasets and settings validate the effectiveness, robustness, and generalizability of our approach.
Primary Area: alignment, fairness, safety, privacy, and societal considerations
Submission Number: 8166
Loading