Data-Free Model-Related Attacks: Unleashing the Potential of Generative AI

Ye, D; Zhu, T; Wang, S; Liu, B; Zhang, LY; Zhou, W; Zhang, Y

Data-Free Model-Related Attacks: Unleashing the Potential of Generative AI

Ye, D Zhu, T Wang, S Liu, B

Zhang, LY Zhou, W Zhang, Y

Permalink

Publication Type:: Conference Proceeding
Citation:: Proceedings of the 34th Usenix Security Symposium, 2025, pp. 1709-1727
Issue Date:: 2025-01-01

Open Access

Copyright Clearance Process

Recently Added
In Progress
Open Access

This item is open access.

Adobe PDF

Download Accepted versionAdobe PDF (2.52 MB)

View statistics

Full metadata record

Field	Value	Language
dc.contributor.author	Ye, D
dc.contributor.author	Zhu, T
dc.contributor.author	Wang, S
dc.contributor.author	Liu, B https://orcid.org/0000-0002-3603-6617
dc.contributor.author	Zhang, LY
dc.contributor.author	Zhou, W
dc.contributor.author	Zhang, Y
dc.date.accessioned	2025-11-24T02:57:41Z
dc.date.available	2025-11-24T02:57:41Z
dc.date.issued	2025-01-01
dc.identifier.citation	Proceedings of the 34th Usenix Security Symposium, 2025, pp. 1709-1727
dc.identifier.uri	http://hdl.handle.net/10453/190772
dc.description.abstract	Generative AI technology has become increasingly integrated into our daily lives, offering powerful capabilities to enhance productivity. However, these same capabilities can be exploited by adversaries for malicious purposes. While existing research on adversarial applications of generative AI predominantly focuses on cyberattacks, less attention has been given to attacks targeting deep learning models. In this paper, we introduce the use of generative AI for facilitating model-related attacks, including model extraction, membership inference, and model inversion. Our study reveals that adversaries can launch a variety of model-related attacks against both image and text models in a data-free and black-box manner, achieving comparable performance to baseline methods that have access to the target models’ training data and parameters in a white-box manner. This research serves as an important early warning to the community about the potential risks associated with generative AI-powered attacks on deep learning models. The source code is provided at: https://zenodo.org/records/14737003.
dc.language	en
dc.relation.ispartof	Proceedings of the 34th Usenix Security Symposium
dc.rights	info:eu-repo/semantics/openAccess
dc.title	Data-Free Model-Related Attacks: Unleashing the Potential of Generative AI
dc.type	Conference Proceeding
pubs.organisational-group	University of Technology Sydney
pubs.organisational-group	University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	University of Technology Sydney/Faculty of Engineering and Information Technology/School of Computer Science
pubs.organisational-group	University of Technology Sydney/UTS Groups
pubs.organisational-group	University of Technology Sydney/UTS Groups/Australian Artificial Intelligence Institute (AAII)
pubs.organisational-group	University of Technology Sydney/UTS Groups/The Trustworthy Digital Society
utslib.copyright.status	open_access	*
dc.date.updated	2025-11-24T02:57:39Z
pubs.publication-status	Published

Abstract:

Generative AI technology has become increasingly integrated into our daily lives, offering powerful capabilities to enhance productivity. However, these same capabilities can be exploited by adversaries for malicious purposes. While existing research on adversarial applications of generative AI predominantly focuses on cyberattacks, less attention has been given to attacks targeting deep learning models. In this paper, we introduce the use of generative AI for facilitating model-related attacks, including model extraction, membership inference, and model inversion. Our study reveals that adversaries can launch a variety of model-related attacks against both image and text models in a data-free and black-box manner, achieving comparable performance to baseline methods that have access to the target models’ training data and parameters in a white-box manner. This research serves as an important early warning to the community about the potential risks associated with generative AI-powered attacks on deep learning models. The source code is provided at: https://zenodo.org/records/14737003.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/190772