学术文献库

An efficient scheme is introduced that extends the generalized membership inference attack to every point in a model's training data set. Our approach leverages data partitioning to create variable sized training sets for the reference models. We then train an attack model for every single training example for a reference model configuration based upon output for each individual point. This allows us to quantify the membership inference attack vulnerability of each training data point. Using this approach, we discovered that smaller amounts of reference model training data led to a stronger attack. Furthermore, the reference models do not need to be of the same architecture as the target model, providing additional attack efficiencies. The attack may also be performed by an adversary even when they do not have the complete original data set.