Assessing Membership Inference Attacks under Distribution Shifts

Shi Yichuan; Olivera Kotevska; Viktor Reshniak; Amir Sadovnik

doi:10.1109/BigData62323.2024.10825580

Assessing Membership Inference Attacks under Distribution Shifts

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

1 Scopus citations

Abstract

Membership inference attacks (MIAs) exploit machine learning models to infer whether a data point was in the training set, posing significant privacy risks even with limited black-box access. These attacks rely on the attacker approximating the target model's training distribution, yet the impact of distribution shifts between target and shadow models on MIA success remains underexplored. We systematically evaluate five types of distribution shifts - -cutout, jitter, Gaussian noise, label shift, and attribute shift - - at varying intensities. Our results reveal that these shifts affect MIA effectiveness in nuanced ways, with some reducing attack success while others exacerbate vulnerabilities, and the same shift can have opposite effects depending on the type of MIA. This highlights the complex interplay between distributional differences and attack performance, offering critical insights for improving model defenses against MIAs.

Original language	English
Title of host publication	Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024
Editors	Wei Ding, Chang-Tien Lu, Fusheng Wang, Liping Di, Kesheng Wu, Jun Huan, Raghu Nambiar, Jundong Li, Filip Ilievski, Ricardo Baeza-Yates, Xiaohua Hu
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	4127-4131
Number of pages	5
ISBN (Electronic)	9798350362480
DOIs	https://doi.org/10.1109/BigData62323.2024.10825580
State	Published - 2024
Event	2024 IEEE International Conference on Big Data, BigData 2024 - Washington, United States Duration: Dec 15 2024 → Dec 18 2024

Publication series

Name	Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024

Conference

Conference	2024 IEEE International Conference on Big Data, BigData 2024
Country/Territory	United States
City	Washington
Period	12/15/24 → 12/18/24

Funding

This manuscript has been authored by UT-Battelle, LLC, under contract DE-AC05-00OR22725 with the US Department of Energy (DOE). The US government retains and the publisher, by accepting the article for publication, acknowledges that the US government retains a nonexclusive, paid-up, irrevocable, worldwide license to publish or reproduce the published form of this manuscript, or allow others to do so, for US government purposes. DOE will provide public access to these results of federally sponsored research in accordance with the DOE Public Access Plan (http://energy.gov/downloads/doepublic-access-plan).

Keywords

distribution shift
privacy
security

Access to Document

10.1109/BigData62323.2024.10825580

Cite this

Yichuan, S., Kotevska, O., Reshniak, V., & Sadovnik, A. (2024). Assessing Membership Inference Attacks under Distribution Shifts. In W. Ding, C.-T. Lu, F. Wang, L. Di, K. Wu, J. Huan, R. Nambiar, J. Li, F. Ilievski, R. Baeza-Yates, & X. Hu (Eds.), Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024 (pp. 4127-4131). (Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/BigData62323.2024.10825580

Yichuan, Shi ; Kotevska, Olivera ; Reshniak, Viktor et al. / Assessing Membership Inference Attacks under Distribution Shifts. Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024. editor / Wei Ding ; Chang-Tien Lu ; Fusheng Wang ; Liping Di ; Kesheng Wu ; Jun Huan ; Raghu Nambiar ; Jundong Li ; Filip Ilievski ; Ricardo Baeza-Yates ; Xiaohua Hu. Institute of Electrical and Electronics Engineers Inc., 2024. pp. 4127-4131 (Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024).

@inproceedings{000f95b044ef4113b46f77244ae0f5ab,

title = "Assessing Membership Inference Attacks under Distribution Shifts",

abstract = "Membership inference attacks (MIAs) exploit machine learning models to infer whether a data point was in the training set, posing significant privacy risks even with limited black-box access. These attacks rely on the attacker approximating the target model's training distribution, yet the impact of distribution shifts between target and shadow models on MIA success remains underexplored. We systematically evaluate five types of distribution shifts - -cutout, jitter, Gaussian noise, label shift, and attribute shift - - at varying intensities. Our results reveal that these shifts affect MIA effectiveness in nuanced ways, with some reducing attack success while others exacerbate vulnerabilities, and the same shift can have opposite effects depending on the type of MIA. This highlights the complex interplay between distributional differences and attack performance, offering critical insights for improving model defenses against MIAs.",

keywords = "distribution shift, privacy, security",

author = "Shi Yichuan and Olivera Kotevska and Viktor Reshniak and Amir Sadovnik",

note = "Publisher Copyright: {\textcopyright} 2024 IEEE.; 2024 IEEE International Conference on Big Data, BigData 2024 ; Conference date: 15-12-2024 Through 18-12-2024",

year = "2024",

doi = "10.1109/BigData62323.2024.10825580",

language = "English",

series = "Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "4127--4131",

editor = "Wei Ding and Chang-Tien Lu and Fusheng Wang and Liping Di and Kesheng Wu and Jun Huan and Raghu Nambiar and Jundong Li and Filip Ilievski and Ricardo Baeza-Yates and Xiaohua Hu",

booktitle = "Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024",

}

Yichuan, S, Kotevska, O , Reshniak, V & Sadovnik, A 2024, Assessing Membership Inference Attacks under Distribution Shifts. in W Ding, C-T Lu, F Wang, L Di, K Wu, J Huan, R Nambiar, J Li, F Ilievski, R Baeza-Yates & X Hu (eds), Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024. Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024, Institute of Electrical and Electronics Engineers Inc., pp. 4127-4131, 2024 IEEE International Conference on Big Data, BigData 2024, Washington, United States, 12/15/24. https://doi.org/10.1109/BigData62323.2024.10825580

Assessing Membership Inference Attacks under Distribution Shifts. / Yichuan, Shi; Kotevska, Olivera ; Reshniak, Viktor et al.
Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024. ed. / Wei Ding; Chang-Tien Lu; Fusheng Wang; Liping Di; Kesheng Wu; Jun Huan; Raghu Nambiar; Jundong Li; Filip Ilievski; Ricardo Baeza-Yates; Xiaohua Hu. Institute of Electrical and Electronics Engineers Inc., 2024. p. 4127-4131 (Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Assessing Membership Inference Attacks under Distribution Shifts

AU - Yichuan, Shi

AU - Kotevska, Olivera

AU - Reshniak, Viktor

AU - Sadovnik, Amir

PY - 2024

Y1 - 2024

N2 - Membership inference attacks (MIAs) exploit machine learning models to infer whether a data point was in the training set, posing significant privacy risks even with limited black-box access. These attacks rely on the attacker approximating the target model's training distribution, yet the impact of distribution shifts between target and shadow models on MIA success remains underexplored. We systematically evaluate five types of distribution shifts - -cutout, jitter, Gaussian noise, label shift, and attribute shift - - at varying intensities. Our results reveal that these shifts affect MIA effectiveness in nuanced ways, with some reducing attack success while others exacerbate vulnerabilities, and the same shift can have opposite effects depending on the type of MIA. This highlights the complex interplay between distributional differences and attack performance, offering critical insights for improving model defenses against MIAs.

AB - Membership inference attacks (MIAs) exploit machine learning models to infer whether a data point was in the training set, posing significant privacy risks even with limited black-box access. These attacks rely on the attacker approximating the target model's training distribution, yet the impact of distribution shifts between target and shadow models on MIA success remains underexplored. We systematically evaluate five types of distribution shifts - -cutout, jitter, Gaussian noise, label shift, and attribute shift - - at varying intensities. Our results reveal that these shifts affect MIA effectiveness in nuanced ways, with some reducing attack success while others exacerbate vulnerabilities, and the same shift can have opposite effects depending on the type of MIA. This highlights the complex interplay between distributional differences and attack performance, offering critical insights for improving model defenses against MIAs.

KW - distribution shift

KW - privacy

KW - security

UR - https://www.scopus.com/pages/publications/85218033896

U2 - 10.1109/BigData62323.2024.10825580

DO - 10.1109/BigData62323.2024.10825580

M3 - Conference contribution

AN - SCOPUS:85218033896

T3 - Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024

SP - 4127

EP - 4131

BT - Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024

A2 - Ding, Wei

A2 - Lu, Chang-Tien

A2 - Wang, Fusheng

A2 - Di, Liping

A2 - Wu, Kesheng

A2 - Huan, Jun

A2 - Nambiar, Raghu

A2 - Li, Jundong

A2 - Ilievski, Filip

A2 - Baeza-Yates, Ricardo

A2 - Hu, Xiaohua

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 2024 IEEE International Conference on Big Data, BigData 2024

Y2 - 15 December 2024 through 18 December 2024

ER -

Yichuan S, Kotevska O , Reshniak V , Sadovnik A. Assessing Membership Inference Attacks under Distribution Shifts. In Ding W, Lu CT, Wang F, Di L, Wu K, Huan J, Nambiar R, Li J, Ilievski F, Baeza-Yates R, Hu X, editors, Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024. Institute of Electrical and Electronics Engineers Inc. 2024. p. 4127-4131. (Proceedings - 2024 IEEE International Conference on Big Data, BigData 2024). doi: 10.1109/BigData62323.2024.10825580

Assessing Membership Inference Attacks under Distribution Shifts

Abstract

Publication series

Conference

Funding

Keywords

Access to Document

Other files and links

Fingerprint

Cite this