Membership inference attacks (MIA) try to detect if data samples were used totrain a neural network model, e.g. to detect copyright abuses . We show that models with higher dimensional input and output are more vulnerable to MIA attacks . We propose using a novel predictability score that can be computed foreach sample, and its computation does not require a training set . Ourmembership error, obtained by subtracting the predictability . score from thereconstruction error, is shown to achieve high MIA accuracy on an extensivenumber of benchmarks. We show to achieve . high MIA . accuracy on . an extenivenumber . of benchmarks .
Author(s) : Avital Shafran, Shmuel Peleg, Yedid HoshenLinks : PDF - Abstract
Code :
Keywords : mia - attacks - accuracy - predictability - high -