Current research on data reconstruction attacks lacks formal definitions and unified evaluation standards, hindering systematic progress. Method: This work introduces the first formal attack definition and a multidimensional taxonomy tailored to vision tasks; designs a comprehensive evaluation framework balancing quantifiability, consistency, fidelity, and diversity; innovatively employs large language models (LLMs) for high-fidelity, automated visual quality assessment; and establishes the first standardized benchmark grounded in memory-effect modeling. Contribution/Results: Extensive experiments validate the effectiveness and robustness of the proposed metrics, uncovering a fundamental trade-off between reconstruction fidelity and diversity inherent in existing methods. The open-sourced benchmark provides a reproducible, comparable, and standardized research infrastructure for the community.

Data reconstruction attacks, which aim to recover the training dataset of a target model with limited access, have gained increasing attention in recent years. However, there is currently no consensus on a formal definition of data reconstruction attacks or appropriate evaluation metrics for measuring their quality. This lack of rigorous definitions and universal metrics has hindered further advancement in this field. In this paper, we address this issue in the vision domain by proposing a unified attack taxonomy and formal definitions of data reconstruction attacks. We first propose a set of quantitative evaluation metrics that consider important criteria such as quantifiability, consistency, precision, and diversity. Additionally, we leverage large language models (LLMs) as a substitute for human judgment, enabling visual evaluation with an emphasis on high-quality reconstructions. Using our proposed taxonomy and metrics, we present a unified framework for systematically evaluating the strengths and limitations of existing attacks and establishing a benchmark for future research. Empirical results, primarily from a memorization perspective, not only validate the effectiveness of our metrics but also offer valuable insights for designing new attacks.