Automated Membership Inference Attacks: Discovering MIA Signal Computations using LLM Agents
This work addresses the problem of automating MIA design for researchers and practitioners in machine learning security, representing an incremental advance by applying LLM agents to a known bottleneck.
The paper tackles the challenge of designing membership inference attacks (MIAs) by introducing AutoMIA, a framework that uses LLM agents to automate the discovery of new MIA signal computations, achieving improvements of up to 0.18 in absolute AUC over existing methods.
Membership inference attacks (MIAs), which enable adversaries to determine whether specific data points were part of a model's training dataset, have emerged as an important framework to understand, assess, and quantify the potential information leakage associated with machine learning systems. Designing effective MIAs is a challenging task that usually requires extensive manual exploration of model behaviors to identify potential vulnerabilities. In this paper, we introduce AutoMIA -- a novel framework that leverages large language model (LLM) agents to automate the design and implementation of new MIA signal computations. By utilizing LLM agents, we can systematically explore a vast space of potential attack strategies, enabling the discovery of novel strategies. Our experiments demonstrate AutoMIA can successfully discover new MIAs that are specifically tailored to user-configured target model and dataset, resulting in improvements of up to 0.18 in absolute AUC over existing MIAs. This work provides the first demonstration that LLM agents can serve as an effective and scalable paradigm for designing and implementing MIAs with SOTA performance, opening up new avenues for future exploration.