Saved in:
Bibliographic Details
Main Authors: Chaudhari, Harsh, Severi, Giorgio, Oprea, Alina, Ullman, Jonathan
Format: Preprint
Published: 2023
Subjects:
Online Access:https://arxiv.org/abs/2310.03838
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866916093849763840
author Chaudhari, Harsh
Severi, Giorgio
Oprea, Alina
Ullman, Jonathan
author_facet Chaudhari, Harsh
Severi, Giorgio
Oprea, Alina
Ullman, Jonathan
contents The integration of machine learning (ML) in numerous critical applications introduces a range of privacy concerns for individuals who provide their datasets for model training. One such privacy risk is Membership Inference (MI), in which an attacker seeks to determine whether a particular data sample was included in the training dataset of a model. Current state-of-the-art MI attacks capitalize on access to the model's predicted confidence scores to successfully perform membership inference, and employ data poisoning to further enhance their effectiveness. In this work, we focus on the less explored and more realistic label-only setting, where the model provides only the predicted label on a queried sample. We show that existing label-only MI attacks are ineffective at inferring membership in the low False Positive Rate (FPR) regime. To address this challenge, we propose a new attack Chameleon that leverages a novel adaptive data poisoning strategy and an efficient query selection method to achieve significantly more accurate membership inference than existing label-only attacks, especially at low FPRs.
format Preprint
id arxiv_https___arxiv_org_abs_2310_03838
institution arXiv
publishDate 2023
record_format arxiv
spellingShingle Chameleon: Increasing Label-Only Membership Leakage with Adaptive Poisoning
Chaudhari, Harsh
Severi, Giorgio
Oprea, Alina
Ullman, Jonathan
Machine Learning
The integration of machine learning (ML) in numerous critical applications introduces a range of privacy concerns for individuals who provide their datasets for model training. One such privacy risk is Membership Inference (MI), in which an attacker seeks to determine whether a particular data sample was included in the training dataset of a model. Current state-of-the-art MI attacks capitalize on access to the model's predicted confidence scores to successfully perform membership inference, and employ data poisoning to further enhance their effectiveness. In this work, we focus on the less explored and more realistic label-only setting, where the model provides only the predicted label on a queried sample. We show that existing label-only MI attacks are ineffective at inferring membership in the low False Positive Rate (FPR) regime. To address this challenge, we propose a new attack Chameleon that leverages a novel adaptive data poisoning strategy and an efficient query selection method to achieve significantly more accurate membership inference than existing label-only attacks, especially at low FPRs.
title Chameleon: Increasing Label-Only Membership Leakage with Adaptive Poisoning
topic Machine Learning
url https://arxiv.org/abs/2310.03838