Saved in:
Bibliographic Details
Main Authors: Wang, Zhiqi, Zhang, Chengyu, Chen, Yuetian, Baracaldo, Nathalie, Kadhe, Swanand, Yu, Lei
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2506.13972
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866918081592295424
author Wang, Zhiqi
Zhang, Chengyu
Chen, Yuetian
Baracaldo, Nathalie
Kadhe, Swanand
Yu, Lei
author_facet Wang, Zhiqi
Zhang, Chengyu
Chen, Yuetian
Baracaldo, Nathalie
Kadhe, Swanand
Yu, Lei
contents Membership inference attacks (MIAs) pose a significant threat to the privacy of machine learning models and are widely used as tools for privacy assessment, auditing, and machine unlearning. While prior MIA research has primarily focused on performance metrics such as AUC, accuracy, and TPR@low FPR - either by developing new methods to enhance these metrics or using them to evaluate privacy solutions - we found that it overlooks the disparities among different attacks. These disparities, both between distinct attack methods and between multiple instantiations of the same method, have crucial implications for the reliability and completeness of MIAs as privacy evaluation tools. In this paper, we systematically investigate these disparities through a novel framework based on coverage and stability analysis. Extensive experiments reveal significant disparities in MIAs, their potential causes, and their broader implications for privacy evaluation. To address these challenges, we propose an ensemble framework with three distinct strategies to harness the strengths of state-of-the-art MIAs while accounting for their disparities. This framework not only enables the construction of more powerful attacks but also provides a more robust and comprehensive methodology for privacy evaluation.
format Preprint
id arxiv_https___arxiv_org_abs_2506_13972
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Membership Inference Attacks as Privacy Tools: Reliability, Disparity and Ensemble
Wang, Zhiqi
Zhang, Chengyu
Chen, Yuetian
Baracaldo, Nathalie
Kadhe, Swanand
Yu, Lei
Machine Learning
Membership inference attacks (MIAs) pose a significant threat to the privacy of machine learning models and are widely used as tools for privacy assessment, auditing, and machine unlearning. While prior MIA research has primarily focused on performance metrics such as AUC, accuracy, and TPR@low FPR - either by developing new methods to enhance these metrics or using them to evaluate privacy solutions - we found that it overlooks the disparities among different attacks. These disparities, both between distinct attack methods and between multiple instantiations of the same method, have crucial implications for the reliability and completeness of MIAs as privacy evaluation tools. In this paper, we systematically investigate these disparities through a novel framework based on coverage and stability analysis. Extensive experiments reveal significant disparities in MIAs, their potential causes, and their broader implications for privacy evaluation. To address these challenges, we propose an ensemble framework with three distinct strategies to harness the strengths of state-of-the-art MIAs while accounting for their disparities. This framework not only enables the construction of more powerful attacks but also provides a more robust and comprehensive methodology for privacy evaluation.
title Membership Inference Attacks as Privacy Tools: Reliability, Disparity and Ensemble
topic Machine Learning
url https://arxiv.org/abs/2506.13972