Quantifying Membership Inference Vulnerability via Generalization Gap and Other Model Metrics
This work addresses privacy risks in machine learning by providing a method to assess vulnerability to membership inference attacks, which is incremental as it builds on existing attack frameworks.
The paper tackles the problem of quantifying membership inference vulnerability by showing that a model's generalization gap directly enables an effective deterministic black-box membership inference attack, providing an upper bound on security based on a simple metric, with experimental results showing comparable accuracy to state-of-the-art attacks in many cases.
We demonstrate how a target model's generalization gap leads directly to an effective deterministic black box membership inference attack (MIA). This provides an upper bound on how secure a model can be to MIA based on a simple metric. Moreover, this attack is shown to be optimal in the expected sense given access to only certain likely obtainable metrics regarding the network's training and performance. Experimentally, this attack is shown to be comparable in accuracy to state-of-art MIAs in many cases.