Go to ICLR 2025 Conference homepageBoosting Membership Inference Attacks with Upstream Modification
Keywords: Membership inference attacks
TL;DR: Improve Membership inference attacks by modifying shadow model framework
Abstract: Membership Inference Attacks (MIAs) can be used by model owners to identify privacy leakage of specific points in their machine learning models. In this setting, the model owner (who is playing the role of the attacker) has perfect knowledge of the training data but a limited computational budget. However, current MIAs have limited effectiveness in this scenario: 1) They perform poorly against the most vulnerable points 2) They require training too many models. To overcome this weakness, we modify two limitations, in the initial/upstream stages of the MIA framework, namely sampling bias (i.e., too many points dropped during sampling) and attack aggregation (i.e., average attack results over all the data points instead of only the most vulnerable ones). Our improvements carryover downstream and boost attack accuracy of existing MIAs by \textit{increasing the TPR of existing attacks at incredibly low FPRs (as low as zero) while achieving a near-perfect AUC}. As a consequence, our modifications enable the practical and effective application of MIAs for identification of data-leakage in machine learning models.
Primary Area: alignment, fairness, safety, privacy, and societal considerations
Code Of Ethics: I acknowledge that I and all co-authors of this work have read and commit to adhering to the ICLR Code of Ethics.
Submission Guidelines: I certify that this submission complies with the submission instructions as described on https://iclr.cc/Conferences/2025/AuthorGuide.
Anonymous Url: I certify that there is no URL (e.g., github page) that could be used to find authors’ identity.
No Acknowledgement Section: I certify that there is no acknowledgement section in this submission for double blind review.
Submission Number: 3181
Loading