{"title":"Demystifying the Membership Inference Attack","authors":"Paul Irolla, G. Châtel","doi":"10.1109/CMI48017.2019.8962136","DOIUrl":null,"url":null,"abstract":"The Membership Inference Attack (MIA) is the process of determining whether a sample comes from the training dataset (in) of a machine learning model or not (out). This attack makes use of a trained machine learning to expose confidential information about its training data. It is particularly alarming in cases where data is tightly linked to individuals like in the medical, financial and marketing domains. The underlying factors of the success of MIA are not well understood. The current theory explains its success by the difference in the confidence levels for in samples and out samples. In this article, we show that the confidence levels play little to no role in the MIA success in most of the cases. We propose a more general theory that explains previous results and some unexpected observations that have been made in the state-of-the-art. To back up our theory, we run MIA exneriments on MNIST, CIFAR-10 and Fashion-MNIST.","PeriodicalId":142770,"journal":{"name":"2019 12th CMI Conference on Cybersecurity and Privacy (CMI)","volume":"4 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"15","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 12th CMI Conference on Cybersecurity and Privacy (CMI)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CMI48017.2019.8962136","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 15
Abstract
The Membership Inference Attack (MIA) is the process of determining whether a sample comes from the training dataset (in) of a machine learning model or not (out). This attack makes use of a trained machine learning to expose confidential information about its training data. It is particularly alarming in cases where data is tightly linked to individuals like in the medical, financial and marketing domains. The underlying factors of the success of MIA are not well understood. The current theory explains its success by the difference in the confidence levels for in samples and out samples. In this article, we show that the confidence levels play little to no role in the MIA success in most of the cases. We propose a more general theory that explains previous results and some unexpected observations that have been made in the state-of-the-art. To back up our theory, we run MIA exneriments on MNIST, CIFAR-10 and Fashion-MNIST.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
