Bayesian Perspective on Memorization and Reconstruction
This work addresses privacy concerns in machine learning by clarifying attack types and offering a theoretical framework to prevent reconstruction, though it is incremental as it builds on existing privacy literature.
The paper tackles the problem of data reconstruction attacks in privacy by introducing a Bayesian perspective and a new security definition that provably prevents such attacks in certain settings, showing that fingerprinting code attacks are a form of membership inference rather than reconstruction.
We introduce a new Bayesian perspective on the concept of data reconstruction, and leverage this viewpoint to propose a new security definition that, in certain settings, provably prevents reconstruction attacks. We use our paradigm to shed new light on one of the most notorious attacks in the privacy and memorization literature - fingerprinting code attacks (FPC). We argue that these attacks are really a form of membership inference attacks, rather than reconstruction attacks. Furthermore, we show that if the goal is solely to prevent reconstruction (but not membership inference), then in some cases the impossibility results derived from FPC no longer apply.