Training data membership inference via Gaussian process meta-modeling: a post-hoc analysis approach
This addresses privacy concerns for machine learning practitioners by providing a practical alternative to existing MIAs, though it appears incremental as it builds on post-hoc analysis techniques.
The paper tackles the problem of membership inference attacks (MIAs) on machine learning models, which pose privacy risks, by proposing GP-MIA, an efficient and interpretable method based on Gaussian process meta-modeling that achieves high accuracy and generalizability across various datasets.
Membership inference attacks (MIAs) test whether a data point was part of a model's training set, posing serious privacy risks. Existing methods often depend on shadow models or heavy query access, which limits their practicality. We propose GP-MIA, an efficient and interpretable approach based on Gaussian process (GP) meta-modeling. Using post-hoc metrics such as accuracy, entropy, dataset statistics, and optional sensitivity features (e.g. gradients, NTK measures) from a single trained model, GP-MIA trains a GP classifier to distinguish members from non-members while providing calibrated uncertainty estimates. Experiments on synthetic data, real-world fraud detection data, CIFAR-10, and WikiText-2 show that GP-MIA achieves high accuracy and generalizability, offering a practical alternative to existing MIAs.