Keywords: privacy, auditing, machine learning, differential privacy, membership inference attack
TL;DR: PANORAMIA is a practical privacy audit for ML models, that does not retrain the target model or alter its training set or training algorithm.
Abstract: We present PANORAMIA, a privacy leakage measurement framework for machine learning models that relies on membership inference attacks using generated data as non-members. By relying on generated non-member data, PANORAMIA eliminates the common dependency of privacy measurement tools on in-distribution non-member data. As a result, PANORAMIA does not modify the model, training data, or training process, and only requires access to a subset of the training data. We evaluate PANORAMIA on ML models for image and tabular data classification, as well as on large-scale language models.
Supplementary Material: zip
Primary Area: Privacy
Submission Number: 7917
Loading