SoK: Data Reconstruction Attacks Against Machine Learning Models: Definition, Metrics, and Benchmark
Rui Wen
34th USENIX Security Symposium (USENIX Security '25) · Day 3 · ML and AI Privacy 2
This talk, presented by Kyo from Syspar and authored by Rui Wen, delves into the critical and evolving field of **data reconstruction attacks** against machine learning (ML) models. As machine learning models become increasingly pervasive, particularly in highly sensitive domains like personal identification, disease diagnosis, and financial assessment, the imperative to protect the privacy of training data has grown exponentially. While model owners often release only the trained model, a growing body of research demonstrates that sophisticated adversaries can infer sensitive information about the underlying training samples. Data reconstruction attacks represent the "ultimate privacy breach" in this context, as they aim to expose all information about individual training samples.
AI review
Legitimate academic SoK work that fills a real gap — the field genuinely lacked a unified definition and evaluation framework for data reconstruction attacks. Solid systematization effort, but the contributions are largely methodological scaffolding rather than a novel attack or a meaningful new threat revelation. USENIX-appropriate, conference-appropriate, not a must-see.