User-Level Membership Inference Attack against Metric Embedding Learning
This addresses privacy risks in person re-identification and similar tasks, offering a more practical attack method for real-world scenarios, though it is incremental as it builds on existing membership inference techniques.
The paper tackles the problem of membership inference attacks in metric embedding learning by developing a user-level attack that determines if any sample from a target user was in the training set, even without access to exact training images, and achieves high accuracy in evaluations on several datasets.
Membership inference (MI) determines if a sample was part of a victim model training set. Recent development of MI attacks focus on record-level membership inference which limits their application in many real-world scenarios. For example, in the person re-identification task, the attacker (or investigator) is interested in determining if a user's images have been used during training or not. However, the exact training images might not be accessible to the attacker. In this paper, we develop a user-level MI attack where the goal is to find if any sample from the target user has been used during training even when no exact training sample is available to the attacker. We focus on metric embedding learning due to its dominance in person re-identification, where user-level MI attack is more sensible. We conduct an extensive evaluation on several datasets and show that our approach achieves high accuracy on user-level MI task.