Data from Model: Extracting Data from Non-robust and Robust Models
This work addresses the fundamental understanding of feature mapping in deep learning for researchers, but it is incremental as it builds on existing model inversion and robustness concepts.
The paper tackles the problem of generating data from deep neural network models to explore the relationship between data and models, finding that accuracy drops are limited after multiple cycles of data-to-model and model-to-data transformations, especially for robust models, with accuracy drops as low as 1-2% in some cases.
The essence of deep learning is to exploit data to train a deep neural network (DNN) model. This work explores the reverse process of generating data from a model, attempting to reveal the relationship between the data and the model. We repeat the process of Data to Model (DtM) and Data from Model (DfM) in sequence and explore the loss of feature mapping information by measuring the accuracy drop on the original validation dataset. We perform this experiment for both a non-robust and robust origin model. Our results show that the accuracy drop is limited even after multiple sequences of DtM and DfM, especially for robust models. The success of this cycling transformation can be attributed to the shared feature mapping existing in data and model. Using the same data, we observe that different DtM processes result in models having different features, especially for different network architecture families, even though they achieve comparable performance.