Current browse context:
cs.CR
Change to browse by:
References & Citations
Computer Science > Cryptography and Security
Title: Revisiting Membership Inference Under Realistic Assumptions
(Submitted on 21 May 2020 (v1), last revised 13 Jan 2021 (this version, v5))
Abstract: We study membership inference in settings where some of the assumptions typically used in previous research are relaxed. First, we consider skewed priors, to cover cases such as when only a small fraction of the candidate pool targeted by the adversary are actually members and develop a PPV-based metric suitable for this setting. This setting is more realistic than the balanced prior setting typically considered by researchers. Second, we consider adversaries that select inference thresholds according to their attack goals and develop a threshold selection procedure that improves inference attacks. Since previous inference attacks fail in imbalanced prior setting, we develop a new inference attack based on the intuition that inputs corresponding to training set members will be near a local minimum in the loss function, and show that an attack that combines this with thresholds on the per-instance loss can achieve high PPV even in settings where other attacks appear to be ineffective. Code for our experiments can be found here: this https URL
Submission history
From: Bargav Jayaraman [view email][v1] Thu, 21 May 2020 20:17:42 GMT (2632kb,D)
[v2] Sun, 21 Jun 2020 17:24:39 GMT (3309kb,D)
[v3] Wed, 9 Sep 2020 16:57:30 GMT (11850kb,D)
[v4] Sat, 3 Oct 2020 13:37:57 GMT (5919kb,D)
[v5] Wed, 13 Jan 2021 20:44:44 GMT (5449kb,D)
Link back to: arXiv, form interface, contact.