Agnostic Label-Only Membership Inference Attack

• Published in: Network and System Security pp. 249 - 264
• Main Authors: Monreale, Anna, Naretto, Francesca, Rizzo, Simone
• Format: Book Chapter
• Language: English
• Published: Cham Springer Nature Switzerland 2023
• Series: Lecture Notes in Computer Science
• ISBN: 9783031398278; 3031398270
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-031-39828-5_14

In recent years we are witnessing the diffusion of AI systems based on powerful Machine Learning models which find application in many critical contexts such as medicine and financial market. In such contexts, it is important to design Trustworthy AI systems while guaranteeing privacy protection. However, some attacks on the privacy of Machine Learning models have been designed to show the threats of exposing such models. Membership Inference is one of the simplest privacy threats faced by Machine Learning models. It is based on the assumption that an adversary, observing the confidence of the model prediction, can infer whether a particular record was used for training the classifier. A variant, called Label-Only attack, exploits the adversary’s knowledge of the training data statistics to infer the record membership without accessing the confidence score of the prediction. In this paper, we propose a variant of the Label-Only attack, called Aloa, which estimates the prediction confidence exploiting a mechanism that is completely agnostic to the input data distributions. In fact, it requires neither statistical knowledge of the data nor the type of variables. Experimental results show better performance of our attack with respect to the competitors.