RelaxLoss: Defending Membership Inference Attacks without Losing UtilityDownload PDF

29 Sept 2021, 00:32 (edited 15 Mar 2022)ICLR 2022 SpotlightReaders: Everyone
  • Keywords: membership inference attack, defense
  • Abstract: As a long-term threat to the privacy of training data, membership inference attacks (MIAs) emerge ubiquitously in machine learning models. Existing works evidence strong connection between the distinguishability of the training and testing loss distributions and the model's vulnerability to MIAs. Motivated by existing results, we propose a novel training framework based on a relaxed loss ($\textbf{RelaxLoss}$) with a more achievable learning target, which leads to narrowed generalization gap and reduced privacy leakage. RelaxLoss is applicable to any classification model with added benefits of easy implementation and negligible overhead. Through extensive evaluations on five datasets with diverse modalities (images, medical data, transaction records), our approach consistently outperforms state-of-the-art defense mechanisms in terms of resilience against MIAs as well as model utility. Our defense is the first that can withstand a wide range of attacks while preserving (or even improving) the target model's utility.
  • One-sentence Summary: We propose a novel training scheme that is highly effective in protecting against membership inference attacks while preserving the utility of target models.
8 Replies