A Pragmatic Approach to Membership Inferences on Machine Learning Models

Yunhui Long, Lei Wang, Diyue Bu, Vincent Bindschaedler, Xiaofeng Wang, Haixu Tang, Carl A. Gunter, Kai Chen

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

Membership Inference Attacks (MIAs) aim to determine the presence of a record in a machine learning model's training data by querying the model. Recent work has demonstrated the effectiveness of MIA on various machine learning models and corresponding defenses have been proposed. However, both attacks and defenses have focused on an adversary that indiscriminately attacks all the records without regard to the cost of false positives or negatives. In this work, we revisit membership inference attacks from the perspective of a pragmatic adversary who carefully selects targets and make predictions conservatively. We design a new evaluation methodology that allows us to evaluate the membership privacy risk at the level of individuals and not only in aggregate. We experimentally demonstrate that highly vulnerable records exist even when the aggregate attack precision is close to 50% (baseline). Specifically, on the MNIST dataset, our pragmatic adversary achieves a precision of 95.05% whereas the prior attack only achieves a precision of 51.7%.

Original languageEnglish (US)
Title of host publicationProceedings - 5th IEEE European Symposium on Security and Privacy, Euro S and P 2020
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages521-534
Number of pages14
ISBN (Electronic)9781728150871
DOIs
StatePublished - Sep 2020
Event5th IEEE European Symposium on Security and Privacy, Euro S and P 2020 - Virtual, Genoa, Italy
Duration: Sep 7 2020Sep 11 2020

Publication series

NameProceedings - 5th IEEE European Symposium on Security and Privacy, Euro S and P 2020

Conference

Conference5th IEEE European Symposium on Security and Privacy, Euro S and P 2020
Country/TerritoryItaly
CityVirtual, Genoa
Period9/7/209/11/20

Keywords

  • n/a

ASJC Scopus subject areas

  • Artificial Intelligence
  • Computer Networks and Communications
  • Hardware and Architecture
  • Software
  • Safety, Risk, Reliability and Quality
  • Information Systems and Management

Fingerprint

Dive into the research topics of 'A Pragmatic Approach to Membership Inferences on Machine Learning Models'. Together they form a unique fingerprint.

Cite this