Canary in a Coalmine: Better Membership Inference with Ensembled Adversarial Queries
This work addresses the need for better enforcement of personal data ownership and intellectual property rights in industrial ML applications, representing a strong specific gain in membership inference accuracy.
The paper tackles the problem of membership inference for tracing training data ownership by proposing a method that uses adversarial tools to optimize discriminative and diverse queries, achieving significantly more accurate inference than existing methods, especially in offline scenarios and low false-positive regimes.
As industrial applications are increasingly automated by machine learning models, enforcing personal data ownership and intellectual property rights requires tracing training data back to their rightful owners. Membership inference algorithms approach this problem by using statistical techniques to discern whether a target sample was included in a model's training set. However, existing methods only utilize the unaltered target sample or simple augmentations of the target to compute statistics. Such a sparse sampling of the model's behavior carries little information, leading to poor inference capabilities. In this work, we use adversarial tools to directly optimize for queries that are discriminative and diverse. Our improvements achieve significantly more accurate membership inference than existing methods, especially in offline scenarios and in the low false-positive regime which is critical in legal settings. Code is available at https://github.com/YuxinWenRick/canary-in-a-coalmine.