GLiRA: Black-Field Membership Inference Assault through Information Distillation
Authors: Andrey V. Galichin, Mikhail Pautov, Alexey Zhavoronkin, Oleg Y. Rogov, Ivan Oseledets
Summary: Whereas Deep Neural Networks (DNNs) have demonstrated exceptional efficiency in duties associated to notion and management, there are nonetheless a number of unresolved considerations concerning the privateness of their coaching knowledge, significantly within the context of vulnerability to Membership Inference Assaults (MIAs). On this paper, we discover a connection between the susceptibility to membership inference assaults and the vulnerability to distillation-based performance stealing assaults. Particularly, we suggest {GLiRA}, a distillation-guided method to membership inference assault on the black-box neural community. We observe that the data distillation considerably improves the effectivity of chance ratio of membership inference assault, particularly within the black-box setting, i.e., when the structure of the goal mannequin is unknown to the attacker. We consider the proposed technique throughout a number of picture classification datasets and fashions and show that chance ratio assaults when guided by the data distillation, outperform the present state-of-the-art membership inference assaults within the black-box setting.