Bayesian Inference of Training Dataset Membership
This addresses privacy concerns for users of machine learning models by providing an efficient and interpretable alternative to traditional membership inference attacks, though it appears incremental as it builds on existing methods.
The paper tackled the problem of determining if a dataset was part of a machine learning model's training data, which reveals privacy vulnerabilities, by proposing a Bayesian inference method that analyzes post-hoc metrics like prediction error and confidence, achieving effectiveness in distinguishing member from non-member datasets in experiments on synthetic data.
Determining whether a dataset was part of a machine learning model's training data pool can reveal privacy vulnerabilities, a challenge often addressed through membership inference attacks (MIAs). Traditional MIAs typically require access to model internals or rely on computationally intensive shadow models. This paper proposes an efficient, interpretable and principled Bayesian inference method for membership inference. By analyzing post-hoc metrics such as prediction error, confidence (entropy), perturbation magnitude, and dataset statistics from a trained ML model, our approach computes posterior probabilities of membership without requiring extensive model training. Experimental results on synthetic datasets demonstrate the method's effectiveness in distinguishing member from non-member datasets. Beyond membership inference, this method can also detect distribution shifts, offering a practical and interpretable alternative to existing approaches.