Dissecting Membership Inference Risk in Machine Learning
2022 (English)In: Cyberspace Safety and Security: 13th International Symposium, CSS 2021, Virtual Event, November 9–11, 2021, Proceedings / [ed] Weizhi Meng; Mauro Conti, Springer, 2022, p. 36-54Conference paper, Published paper (Refereed)
Abstract [en]
Membership inference attacks (MIA) have been identified as a distinct threat to privacy when sensitive personal data are used to train the machine learning (ML) models. This work is aimed at deepening our understanding with respect to the existing black-box MIAs while introducing a new label only MIA model. The proposed MIA model can successfully exploit the well generalized models challenging the conventional wisdom that states generalized models are immune to membership inference. Through systematic experimentation, we show that the proposed MIA model can outperform the existing attack models while being more resilient towards manipulations to the membership inference results caused by the selection of membership validation data.
Place, publisher, year, edition, pages
Springer, 2022. p. 36-54
Series
Lecture Notes in Computer Science, ISSN 0302-9743, E-ISSN 1611-3349 ; 13172
Keywords [en]
Data privacy, Membership inference attack, Privacy preserving machine learning, Privacy-preserving techniques, Attack modeling, Black boxes, Generalized models, Inference attacks, Inference risk, Machine learning models, Machine-learning, Privacy preserving, Machine learning
National Category
Computer Sciences
Research subject
Skövde Artificial Intelligence Lab (SAIL)
Identifiers
URN: urn:nbn:se:his:diva-20889DOI: 10.1007/978-3-030-94029-4_3Scopus ID: 2-s2.0-85123431800ISBN: 978-3-030-94028-7 (print)ISBN: 978-3-030-94029-4 (electronic)OAI: oai:DiVA.org:his-20889DiVA, id: diva2:1634630
Conference
CSS 2021, 13th International Symposium on Cyberspace Safety and Security, Copenhagen, Denmark (Online), 9-11 November 2021
Note
© 2022, Springer Nature Switzerland AG.
Also part of the Security and Cryptology book sub series (LNSC, volume 13172)
2022-02-032022-02-032022-04-22Bibliographically approved