Privacy Backdoors: Stealing Data with Corrupted Pretrained Models

arXiv:2404.00473v1 Announce Type: new
Abstract: Practitioners commonly download pretrained machine learning models from open repositories and finetune them to fit specific applications. We show that this practice introduces a new risk of privacy backdoors. By tampering with a pretrained model's weights, an attacker can fully compromise the privacy of the finetuning data. We show how to build privacy backdoors for a variety of models, including transformers, which enable an attacker to reconstruct individual finetuning samples, with a guaranteed success! We …

applications arxiv attacker backdoors can compromise cs.cr cs.lg data download finetuning machine machine learning machine learning models practice privacy repositories risk stealing tampering