PANORAMIA: Privacy Auditing of Machine Learning Models without Retraining

Mishaal Kazmi; Hadrien Lautraite; Alireza Akbari; Qiaoyue Tang; Mauricio Soroco; Tao Wang; Sébastien Gambs; Mathias Lécuyer

PANORAMIA: Privacy Auditing of Machine Learning Models without Retraining

Mishaal Kazmi, Hadrien Lautraite, Alireza Akbari, Qiaoyue Tang, Mauricio Soroco, Tao Wang, Sébastien Gambs, Mathias Lécuyer

Published: 25 Sept 2024, Last Modified: 06 Nov 2024NeurIPS 2024 posterEveryoneRevisionsBibTeXCC BY 4.0

Keywords: privacy, auditing, machine learning, differential privacy, membership inference attack

TL;DR: PANORAMIA is a practical privacy audit for ML models, that does not retrain the target model or alter its training set or training algorithm.

Abstract: We present PANORAMIA, a privacy leakage measurement framework for machine learning models that relies on membership inference attacks using generated data as non-members. By relying on generated non-member data, PANORAMIA eliminates the common dependency of privacy measurement tools on in-distribution non-member data. As a result, PANORAMIA does not modify the model, training data, or training process, and only requires access to a subset of the training data. We evaluate PANORAMIA on ML models for image and tabular data classification, as well as on large-scale language models.

Supplementary Material: zip

Primary Area: Privacy

Submission Number: 7917

Loading