Dataset Distillation Fixes Dataset Reconstruction Attacks

Abstract: Modern deep learning requires large volumes of data, which could contain sensitive or private information which cannot be leaked. Recent work has shown for homogeneous neural networks a large portion of this training data could be reconstructed with only access to the trained network parameters. While the attack was shown to work empirically, there exists little formal understanding of its effectiveness regime, and ways to defend against it. In this work, we first build a stronger version of the dataset recons… Show more

“…This type of problem arises in many deep learning fields such as hyperparameters optimization (Domke, 2012;MacKay et al, 2019;Maclaurin et al, 2015), meta-learning (Finn et al, 2017;Rajeswaran et al, 2019), and adversarial training Madry et al, 2017;Szegedy et al, 2013) as well as safety and verification methods (Gruenbacher et al, 2022;Grunbacher et al, 2021;Xiao et al, 2022). Similarly, dataset distillation can also be framed as a bilevel optimization problem, with θ the set of network parameters, and ψ our distilled dataset parameters, given by the coreset images and labels (Loo et al, 2023;Nguyen et al, 2021a;Wang et al, 2018;Zhou et al, 2022).…”

Dataset Distillation with Convexified Implicit Gradients

“…This type of problem arises in many deep learning fields such as hyperparameters optimization (Domke, 2012;MacKay et al, 2019;Maclaurin et al, 2015), meta-learning (Finn et al, 2017;Rajeswaran et al, 2019), and adversarial training Madry et al, 2017;Szegedy et al, 2013) as well as safety and verification methods (Gruenbacher et al, 2022;Grunbacher et al, 2021;Xiao et al, 2022). Similarly, dataset distillation can also be framed as a bilevel optimization problem, with θ the set of network parameters, and ψ our distilled dataset parameters, given by the coreset images and labels (Loo et al, 2023;Nguyen et al, 2021a;Wang et al, 2018;Zhou et al, 2022).…”

Dataset Distillation with Convexified Implicit Gradients