Exploration and Defense of Membership Inference Attack in Natural Language Processing
Paper Link: https://openreview.net/forum?id=ByhZMDueQE
Paper Type: Long paper (up to eight pages of content + unlimited references and appendices)
Abstract: The risk posed by Membership Inference Attack (MIA) to deep learning models for Computer Vision tasks is well known, but MIA has not been addressed or explored fully in the Natural Language Processing (NLP) domain. In this work, we analyze the security risk posed by MIA to NLP models. We show that NLP models are actually at greater risk to MIA than models trained on Computer Vision datasets. This includes as much as an $8.04\%$ increase in attack success rate against NLP models. Based on these findings, we further assess conventional MIA defense mechanisms and demonstrate that none give satisfactory performance across all NLP datasets. Lastly, we develop a novel MIA defense for NLP called GRIP that lowers MIA's success rate by 31.25\% and 6.25\% as compared to undefended models and differential privacy (DP).
0 Replies
Loading