This repository is an "awesome list" curating research papers and tools focused on privacy attacks against machine learning models. It serves as a comprehensive resource for researchers, security engineers, and practitioners interested in understanding and mitigating privacy risks in ML systems. The list categorizes attacks into membership inference, reconstruction, property/distribution inference, and model extraction, providing links to code where available.

How It Works

The list compiles academic papers, categorizing them by the type of privacy attack they describe. For each paper, it provides citation details and, crucially, links to associated code repositories when published by the authors. This structure allows users to quickly find relevant research and access practical implementations or experimental setups for various ML privacy attacks.

Quick Start & Requirements

This is a curated list of research papers and tools, not a software package to be installed. Users can browse the content directly within the repository.

Highlighted Details

• Extensive categorization of privacy attacks: membership inference, reconstruction, property inference, and model extraction.
• Includes links to over 100 papers specifically on membership inference attacks.
• Lists several privacy testing tools such as PrivacyRaven, TensorFlow Privacy, and Adversarial Robustness Toolbox (ART).
• Provides direct links to code repositories for many of the cited research papers.

Maintenance & Community

The repository is maintained by stratosphereips and encourages community contributions through issues and pull requests for corrections, suggestions, or missing papers.

Licensing & Compatibility

The repository itself is licensed under the MIT License, allowing for broad use and modification. The licenses of the linked papers and tools may vary.

Limitations & Caveats

This is a static list of research papers and does not include active development or a community forum. The availability and maintenance of linked code repositories are dependent on their original authors.