Low-Cost High-Power Membership Inference by Boosting Relativity
Primary Area: general machine learning (i.e., none of the above)
Code Of Ethics: I acknowledge that I and all co-authors of this work have read and commit to adhering to the ICLR Code of Ethics.
Keywords: Privacy Auditing, Information Leakage, Membership Infererence Attacks, Reference Models
Submission Guidelines: I certify that this submission complies with the submission instructions as described on https://iclr.cc/Conferences/2024/AuthorGuide.
Abstract: We present a membership inference attack game and design a novel attack (RMIA), which effectively leverages both reference models and population data in its likelihood ratio test. Our test amplifies the distinction between members and non-members relative to any target model. Our algorithm exhibits superior test power (true-positive rate) when compared to prior methods, even at extremely low false-positive error rates (as low as 0), and dominates them throughout the TPR-FPR tradeoff curve. It also performs exceptionally well under challenging real-world constraints, where only a limited number of reference models (as few as 1) are available, where the prior attack results approach random guess. Our method lays the groundwork for cost-effective and practical yet powerful privacy risk analysis of machine learning algorithms.
Anonymous Url: I certify that there is no URL (e.g., github page) that could be used to find authors' identity.
No Acknowledgement Section: I certify that there is no acknowledgement section in this submission for double blind review.
Submission Number: 6925
Loading