Saved in:
Bibliographic Details
Main Authors: Aubinais, Eric, Formont, Philippe, Piantanida, Pablo, Gassiat, Elisabeth
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2502.06567
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866916047792111616
author Aubinais, Eric
Formont, Philippe
Piantanida, Pablo
Gassiat, Elisabeth
author_facet Aubinais, Eric
Formont, Philippe
Piantanida, Pablo
Gassiat, Elisabeth
contents Quantizing machine learning models has demonstrated its effectiveness in lowering memory and inference costs while maintaining performance levels comparable to those of the original models. In this work, we investigate the impact of quantization procedures on privacy in data-driven models, focusing on their vulnerability to membership inference attacks. Membership Inference Security (MIS) has recently been proposed to characterize the privacy of machine learning models against the most powerful (and possibly unknown) attacks. However, quantifying MIS appears to be computationally very difficult. In this paper, we propose a new MIS indicator for post-training quantization procedures of machine learning models that minimizes an empirical loss. This new indicator is a byproduct of a theoretical asymptotic analysis of the MIS in this context. We also present a methodology for empirically estimating our MIS indicator. Using synthetic datasets and real-world data (in the context of drug discovery), we demonstrate the effectiveness of our approach in assessing and ranking the MIS of different quantizers.
format Preprint
id arxiv_https___arxiv_org_abs_2502_06567
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Membership Inference Risks in Quantized Models: A Theoretical and Empirical Study
Aubinais, Eric
Formont, Philippe
Piantanida, Pablo
Gassiat, Elisabeth
Machine Learning
Quantizing machine learning models has demonstrated its effectiveness in lowering memory and inference costs while maintaining performance levels comparable to those of the original models. In this work, we investigate the impact of quantization procedures on privacy in data-driven models, focusing on their vulnerability to membership inference attacks. Membership Inference Security (MIS) has recently been proposed to characterize the privacy of machine learning models against the most powerful (and possibly unknown) attacks. However, quantifying MIS appears to be computationally very difficult. In this paper, we propose a new MIS indicator for post-training quantization procedures of machine learning models that minimizes an empirical loss. This new indicator is a byproduct of a theoretical asymptotic analysis of the MIS in this context. We also present a methodology for empirically estimating our MIS indicator. Using synthetic datasets and real-world data (in the context of drug discovery), we demonstrate the effectiveness of our approach in assessing and ranking the MIS of different quantizers.
title Membership Inference Risks in Quantized Models: A Theoretical and Empirical Study
topic Machine Learning
url https://arxiv.org/abs/2502.06567