Skip to content
/ HP-MIA Public

A PyTorch implementation of "HP-MIA: A novel membership inference attack scheme for high membership prediction precision"

static.aminer.cn/upload/pdf/28/1035/1355/65497cb4939a5f4082b36359_1.pdf
0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ShiChen28/HP-MIA

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

131 Commits
HP-MIA
HP-MIA
 
 
Overview.png
Overview.png
 
 
Paper.pdf
Paper.pdf
 
 
README.md
README.md
 
 

Repository files navigation

HP-MIA

HP-MIA: A novel membership inference attack scheme for high membership prediction precision

teaserfigure

💻 Code

A PyTorch implementation of HP-MIA.

➡️ See usage in the HP-MIA folder !

This implementation references codes from ml-leaks-pytorch, membership-inference-evaluation and Purchase100 and Texas100 dataset. Thank the authors for their work!

📝 Abstract

Membership Inference Attacks (MIAs) have been considered as one of the major privacy threats in recent years, especially in machine learning models. Most canonical MIAs identify whether a specific data point was presented in the confidential training set of a neural network by analyzing its output pattern on such data point. However, these methods heavily rely on overfitting and are difficult to achieve high precision. Although some recent works, such as difficulty calibration techniques, have tried to tackle this problem in a tentative manner, identifying members with high precision is still a difficult task.

To address above challenge, in this paper we rethink how overfitting impacts MIA and argue that it can provide much clearer signals of non-member samples. In scenarios where the cost of launching an attack is high, such signals can avoid unnecessary attacks and reduce the attack's false positive rate. Based on our observation, we propose High-Precision MIA (HP-MIA), a novel two-stage attack scheme that leverages membership exclusion techniques to guarantee high membership prediction precision. Our empirical results have illustrated that our two-stage attack can significantly increase the number of identified members while guaranteeing high precision.

👇 Paper Link

Preprint Version /Aminer

Computers & Security, Volume 136, January 2024, 103571 /Elsevier

🌈 Citation

@article{Chen2024HPMIA,
  title={HP-MIA: A novel membership inference attack scheme for high membership prediction precision},
  author={Shi Chen and Wennan Wang and Yubin Zhong and Zuobin Ying and Weixuan Tang and Zijie Pan},
  journal={Computers \& Security},
  volume={136},
  pages={103571},
  year={2024},
  publisher={Elsevier}
}

📨 Contact

If there is anything you would like to discuss, please contact shichen2001x@gmail.com.

About

A PyTorch implementation of "HP-MIA: A novel membership inference attack scheme for high membership prediction precision"

static.aminer.cn/upload/pdf/28/1035/1355/65497cb4939a5f4082b36359_1.pdf

Topics

machine-learning ai-security membership-inference-attack

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages