Current browse context:
cs.CR
Change to browse by:
References & Citations
Computer Science > Cryptography and Security
Title: Membership Inference Attacks against Machine Learning Models
(Submitted on 18 Oct 2016 (v1), last revised 31 Mar 2017 (this version, v2))
Abstract: We quantitatively investigate how machine learning models leak information about the individual data records on which they were trained. We focus on the basic membership inference attack: given a data record and black-box access to a model, determine if the record was in the model's training dataset. To perform membership inference against a target model, we make adversarial use of machine learning and train our own inference model to recognize differences in the target model's predictions on the inputs that it trained on versus the inputs that it did not train on.
We empirically evaluate our inference techniques on classification models trained by commercial "machine learning as a service" providers such as Google and Amazon. Using realistic datasets and classification tasks, including a hospital discharge dataset whose membership is sensitive from the privacy perspective, we show that these models can be vulnerable to membership inference attacks. We then investigate the factors that influence this leakage and evaluate mitigation strategies.
Submission history
From: Reza Shokri [view email][v1] Tue, 18 Oct 2016 22:38:33 GMT (504kb,D)
[v2] Fri, 31 Mar 2017 22:17:07 GMT (507kb,D)
Link back to: arXiv, form interface, contact.