Who's Afraid of Thomas Bayes?
This addresses security concerns for machine learning practitioners using Bayesian methods, though it is incremental in exploring specific security measures.
The paper investigates how Bayesian neural networks affect model security, finding they are more vulnerable to membership inference attacks but at least as robust to adversarial examples as non-Bayesian networks.
In many cases, neural networks perform well on test data, but tend to overestimate their confidence on out-of-distribution data. This has led to adoption of Bayesian neural networks, which better capture uncertainty and therefore more accurately reflect the model's confidence. For machine learning security researchers, this raises the natural question of how making a model Bayesian affects the security of the model. In this work, we explore the interplay between Bayesianism and two measures of security: model privacy and adversarial robustness. We demonstrate that Bayesian neural networks are more vulnerable to membership inference attacks in general, but are at least as robust as their non-Bayesian counterparts to adversarial examples.