Membership inference attacks (MIA) try to detect if data samples were used totrain a neural network model, e.g. to detect copyright abuses . We show that models with higher dimensional input and output are more vulnerable to MIA attacks . We propose using a novel predictability score that can be computed foreach sample, and its computation does not require a training set . Ourmembership error, obtained by subtracting the predictability . score from thereconstruction error, is shown to achieve high MIA accuracy on an extensivenumber of benchmarks. We show to achieve . high MIA . accuracy on . an extenivenumber . of benchmarks .

Author(s) : Avital Shafran, Shmuel Peleg, Yedid Hoshen

Links : PDF - Abstract

Code :

Keywords : mia - attacks - accuracy - predictability - high -

Leave a Reply

Your email address will not be published. Required fields are marked *