Property Inference Attacks and Defenses Literature

A curated list of property inference attacks and defenses papers.

Paper are sorted by their released dates in descending order.

How to Search?

Search keywords like conference name (e.g., CCS), adversarial knowledge (e.g., Black-box), or target model (e.g., Classification Model) over the webpage to quickly locate related papers.

Quick Links

Attack papers sorted by year: | 2024 | 2023 | 2022 | 2021 | 2019 | 2018 | 2015 |

Defense papers sorted by year: | 2024 | 2023 | 2022 | 2021 |

Property Inference Attacks

Attack Papers 2024 [Back to Top]

Year	Title	Adversarial Knowledge	Target Model	Venue	Paper Link	Code Link
2024	Towards More Efficient Property Inference Attacks on Graph Neural Networks	Black-box	GNNs	NIPS
2024	Quantifying Privacy Risks of Prompts in Visual Prompt Learning	Black-box	Visual Prompt Learning	USENIX	Link	Link
2024	Attesting Distributional Properties of Training Data for Machine Learning	Black-box	Classification model	ESORICS	Link	Link
2024	Property Existence Inference against Generative Models	Black-box	Generative model	USENIX	Link	Link
2024	Property Inference as a Regression Problem: Attacks and Defense	Black-box;White-box	Classification model	SECRYPT	Link

Attack Papers 2023 [Back to Top]

Year	Title	Adversarial Knowledge	Target Model	Venue	Paper Link	Code Link
2023	Distribution Inference Risks: Identifying and Mitigating Sources of Leakage	Black-box;White-box	Classification model	IEEE SaTML	Link	Link
2023	Dissecting Distribution Inference	Black-box	Classification model	IEEE SaTML	Link	Link
2023	Property Inference Attacks Against t-SNE Plots	unknown	unknown	openreview	Link
2023	SNAP: Efficient Extraction of Private Properties with Poisoning	Black-box	Classification model	S&P	Link
2023	SoK: Let the Privacy Games Begin! A Unified Treatment of Data Inference Privacy in Machine Learning	unknown	Classification model	S&P	Link
2023	Manipulating Transfer Learning for Property Inference	unknown	unknown	CVPR	Link
2023	Exploring Clustered Federated Learning’s Vulnerability against Property Inference Attack	White-box	Federated learning	RAID	Link

Attack Papers 2022 [Back to Top]

Year	Title	Adversarial Knowledge	Target Model	Venue	Paper Link	Code Link
2022	Property Inference Attacks against GANs	Black-box;Partial black-box	Generative model	NDSS	Link
2022	Group Property Inference Attacks Against Graph Neural Networks	White-box;Black-box	GNNs	CSS	Link
2022	Property Inference from Poisoning	Black-box	Classification model	S&P	Link
2022	Poisoning-Assisted Property Inference Attack against Federated Learning	unknown	unknown	TDSC	Link
2022	Formalizing and Estimating Distribution Inference Risks	Black-box;White-box	Classification model;GNNs	PETS	Link	Link
2022	Inference Attacks Against Graph Neural Networks	Black-box	GNNs	USENIX	Link
2022	Black-Box Audits for Group Distribution Shifts	Black-box	Classification model	arXiv	Link

Attack Papers 2021 [Back to Top]

Year	Title	Adversarial Knowledge	Target Model	Venue	Paper Link	Code Link
2021	Leakage of Dataset Properties in Multi-Party Machine Learning	Black-box	Classification model	USENIX	Link
2021	Unleashing the Tiger: Inference Attacks on Split Learning	Splitting	Classification model	CCS	Link	Link
2021	Property Inference Attacks on Convolutional Neural Networks: Influence and Implications of Target Model's Complexity	unknown	Classification model	arXiv	Link

Attack Papers 2019 [Back to Top]

Year	Title	Adversarial Knowledge	Target Model	Venue	Paper Link	Code Link
2019	Exploiting Unintended Feature Leakage in Collaborative Learning	White-box	Classification model	S&P	Link
2019	Property Inference Attacks on Neural Networks using Dimension Reduction Representations	unknown	Classification model	unknown	Link

Attack Papers 2018 [Back to Top]

Year	Title	Adversarial Knowledge	Target Model	Venue	Paper Link	Code Link
2018	Property Inference Attacks on Fully Connected Neural Networks using Permutation Invariant Representations	White-box	Classification Model	CCS	Link

Attack Papers 2015 [Back to Top]

Year	Title	Adversarial Knowledge	Target Model	Venue	Paper Link	Code Link
2015	Hacking Smart Machines with Smarter Ones: How to Extract Meaningful Data from Machine Learning Classifiers	White-box	HMMs and SVMs	International Journal of Security and Networks	Link

Property Inference Defenses

Defense Papers 2024 [Back to Top]

Year	Title	Adversarial Knowledge	Target Model	Venue	Paper Link	Code Link
2024	Inf2Guard: An Information-Theoretic Framework for Learning Privacy-Preserving Representations against Inference Attacks	Black-box	Classification model	USENIX	Link	Link
2024	Property Inference as a Regression Problem: Attacks and Defense	Black-box;White-box	Classification model	SECRYPT	Link

Defense Papers 2023 [Back to Top]

Year	Title	Adversarial Knowledge	Target Model	Venue	Paper Link	Code Link
2023	PriSampler: Mitigating Property Inference of Diffusion Models	unknown	Diffusion model	arXiv	Link
2022	Lessons Learned: Defending Against Property Inference Attacks	unknown	unknown	SECRYPT	Link
2023	Distribution Inference Risks: Identifying and Mitigating Sources of Leakage	Black-box;White-box	Classification model	IEEE SaTML	Link	Link
2023	Secure Split Learning against Property Inference, Data Reconstruction, and Feature Space Hijacking Attacks	unknown	unknown	arXiv	Link
2023	Protecting Global Properties of Datasets with Distribution Privacy Mechanisms	White-box	Classification	AISTATS	Link	Link

Defense Papers 2022 [Back to Top]

Year	Title	Adversarial Knowledge	Target Model	Venue	Paper Link	Code Link
2022	Lessons Learned: How (Not) to Defend Against Property Inference Attacks	unknown	unknown	arXiv	Link

Defense Papers 2021 [Back to Top]

Year	Title	Adversarial Knowledge	Target Model	Venue	Paper Link	Code Link
2021	NOSnoop: An Effective Collaborative Meta-Learning Scheme Against Property Inference Attack	unknown	unknown	ITJ	Link