PANORAMIA: Privacy Auditing of Machine Learning Models without Retraining
This addresses privacy auditing for ML practitioners by providing a non-invasive tool, though it is incremental as it builds on existing membership inference methods.
The paper tackles the problem of measuring privacy leakage in machine learning models by introducing PANORAMIA, a framework that uses membership inference attacks with generated non-member data, eliminating the need for in-distribution non-member data and avoiding model retraining.
We present PANORAMIA, a privacy leakage measurement framework for machine learning models that relies on membership inference attacks using generated data as non-members. By relying on generated non-member data, PANORAMIA eliminates the common dependency of privacy measurement tools on in-distribution non-member data. As a result, PANORAMIA does not modify the model, training data, or training process, and only requires access to a subset of the training data. We evaluate PANORAMIA on ML models for image and tabular data classification, as well as on large-scale language models.