Related papers: Generative Model Inversion Through the Lens of the Manifold Hypothesis

Generative Model Inversion Through the Lens of the Manifold Hypothesis

URL: http://arxiv.org/abs/2509.20177v1
Date: Wed, 24 Sep 2025 14:39:25 GMT
Title: Generative Model Inversion Through the Lens of the Manifold Hypothesis
Authors: Xiong Peng, Bo Han, Fengfei Yu, Tongliang Liu, Feng Liu, Mingyuan Zhou,
Abstract summary: Model inversion attacks (MIAs) aim to reconstruct class-representative samples from trained models.<n>Recent generative MIAs utilize generative adversarial networks to learn image priors that guide the inversion process.
Score: 98.37040155914595
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Model inversion attacks (MIAs) aim to reconstruct class-representative samples from trained models. Recent generative MIAs utilize generative adversarial networks to learn image priors that guide the inversion process, yielding reconstructions with high visual quality and strong fidelity to the private training data. To explore the reason behind their effectiveness, we begin by examining the gradients of inversion loss with respect to synthetic inputs, and find that these gradients are surprisingly noisy. Further analysis reveals that generative inversion implicitly denoises these gradients by projecting them onto the tangent space of the generator manifold, filtering out off-manifold components while preserving informative directions aligned with the manifold. Our empirical measurements show that, in models trained with standard supervision, loss gradients often exhibit large angular deviations from the data manifold, indicating poor alignment with class-relevant directions. This observation motivates our central hypothesis: models become more vulnerable to MIAs when their loss gradients align more closely with the generator manifold. We validate this hypothesis by designing a novel training objective that explicitly promotes such alignment. Building on this insight, we further introduce a training-free approach to enhance gradient-manifold alignment during inversion, leading to consistent improvements over state-of-the-art generative MIAs.

Related papers

Understanding Degradation with Vision Language Model [56.09241449206817]
Understanding visual degradations is a critical yet challenging problem in computer vision.<n>We introduce DU-VLM, a multimodal chain-of-thought model trained with supervised fine-tuning and reinforcement learning.<n>We also introduce textbfDU-110k, a large-scale dataset comprising 110,000 clean-degraded pairs with grounded physical annotations.
arXiv Detail & Related papers (2026-02-04T13:51:15Z)
Transformer Is Inherently a Causal Learner [27.79148022495734]
We show that transformer trained in an autoregressive manner naturally encodes time-delayed causal structures.<n>We prove this connection theoretically under standard identifiability conditions.<n>This approach greatly surpasses the performance of state-of-the-art discovery algorithms.
arXiv Detail & Related papers (2026-01-09T09:10:04Z)
Taming Preference Mode Collapse via Directional Decoupling Alignment in Diffusion Reinforcement Learning [27.33241821967005]
We propose a novel framework that mitigates Preference Mode Collapse (PMC)<n>D$2$-Align achieves superior alignment with human preference.
arXiv Detail & Related papers (2025-12-30T11:17:52Z)
Enhanced Privacy Leakage from Noise-Perturbed Gradients via Gradient-Guided Conditional Diffusion Models [26.493235454865538]
Federated learning synchronizes models through gradient transmission and aggregation.<n>These gradients pose significant privacy risks, as sensitive training data is embedded within them.<n>Existing gradient inversion attacks suffer from significantly degraded reconstruction performance when gradients are perturbed by noise.
arXiv Detail & Related papers (2025-11-13T15:43:45Z)
Performance of Machine Learning Methods for Gravity Inversion: Successes and Challenges [0.0]
Recent advances in machine learning have motivated data-driven approaches for gravity inversion.<n>We first design a convolutional neural network trained to directly map gravity anomalies to density fields.<n>To further investigate generative modeling, we employ Variational Autoencoders (VAEs) and Generative Adversarial Networks (GANs)
arXiv Detail & Related papers (2025-09-28T19:19:07Z)
Sparsity-Driven Parallel Imaging Consistency for Improved Self-Supervised MRI Reconstruction [2.8237889121096034]
We propose a novel way to train PD-DL networks via carefully-designed perturbations.<n>We show that the proposed training strategy effectively reduces aliasing artifacts and mitigates noise amplification at high acceleration rates.
arXiv Detail & Related papers (2025-05-30T02:11:25Z)
One-for-More: Continual Diffusion Model for Anomaly Detection [63.50488826645681]
Anomaly detection methods utilize diffusion models to generate or reconstruct normal samples when given arbitrary anomaly images.<n>Our study found that the diffusion model suffers from severe faithfulness hallucination'' and catastrophic forgetting''<n>We propose a continual diffusion model that uses gradient projection to achieve stable continual learning.
arXiv Detail & Related papers (2025-02-27T07:47:27Z)
Oscillation Inversion: Understand the structure of Large Flow Model through the Lens of Inversion Method [60.88467353578118]
We show that a fixed-point-inspired iterative approach to invert real-world images does not achieve convergence, instead oscillating between distinct clusters. We introduce a simple and fast distribution transfer technique that facilitates image enhancement, stroke-based recoloring, as well as visual prompt-guided image editing.
arXiv Detail & Related papers (2024-11-17T17:45:37Z)
Manifold Integrated Gradients: Riemannian Geometry for Feature Attribution [8.107199775668942]
Integrated Gradients (IG) is a prevalent feature attribution method for black-box deep learning models. We address two predominant challenges associated with IG: the generation of noisy feature visualizations and the vulnerability to adversarial attributional attacks. Our approach involves an adaptation of path-based feature attribution, aligning the path of attribution more closely to the intrinsic geometry of the data manifold.
arXiv Detail & Related papers (2024-05-16T04:13:17Z)
Minusformer: Improving Time Series Forecasting by Progressively Learning Residuals [14.741951369068877]
We find that ubiquitous time series (TS) forecasting models are prone to severe overfitting. We introduce a dual-stream and subtraction mechanism, which is a deep Boosting ensemble learning method. The proposed method outperform existing state-of-the-art methods, yielding an average performance improvement of 11.9% across various datasets.
arXiv Detail & Related papers (2024-02-04T03:54:31Z)
Low-rank Tensor Assisted K-space Generative Model for Parallel Imaging Reconstruction [14.438899814473446]
We present a new idea, low-rank tensor assisted k-space generative model (LR-KGM) for parallel imaging reconstruction. This means that we transform original prior information into high-dimensional prior information for learning. Experimental comparisons with the state-of-the-arts demonstrated that the proposed LR-KGM method achieved better performance.
arXiv Detail & Related papers (2022-12-11T13:34:43Z)
Self-Supervised Training with Autoencoders for Visual Anomaly Detection [61.62861063776813]
We focus on a specific use case in anomaly detection where the distribution of normal samples is supported by a lower-dimensional manifold. We adapt a self-supervised learning regime that exploits discriminative information during training but focuses on the submanifold of normal examples. We achieve a new state-of-the-art result on the MVTec AD dataset -- a challenging benchmark for visual anomaly detection in the manufacturing domain.
arXiv Detail & Related papers (2022-06-23T14:16:30Z)
Hard-label Manifolds: Unexpected Advantages of Query Efficiency for Finding On-manifold Adversarial Examples [67.23103682776049]
Recent zeroth order hard-label attacks on image classification models have shown comparable performance to their first-order, gradient-level alternatives. It was recently shown in the gradient-level setting that regular adversarial examples leave the data manifold, while their on-manifold counterparts are in fact generalization errors. We propose an information-theoretic argument based on a noisy manifold distance oracle, which leaks manifold information through the adversary's gradient estimate.
arXiv Detail & Related papers (2021-03-04T20:53:06Z)

This list is automatically generated from the titles and abstracts of the papers in this site.