approved
Membership Inference Attacks on ML Models

This collection of Jupyter notebooks implements membership inference attacks found in Salem et al. "ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models" for demonstration purposes. The first of the notebooks uses an intentionally overfit target model to showcase the risk of MIAs.

Tags
Data and Resources
To access the resources you must log in
  • LipariSC_MIAipynb

    Implementation of Salem's adversaries against models trained on toy data.

    The resource: 'LipariSC_MIA' is not accessible as guest user. You must login to access it!
  • LipariSC_MIA-Saferipynb

    Implementation of the Salem adversaries against safer ML models trained on...

    The resource: 'LipariSC_MIA-Safer' is not accessible as guest user. You must login to access it!
Additional Info
Field Value
Detailed description These experiments follow the paper by Salem et al. "ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models". The experiment showcases membership inference attacks against machine learning models using toy data.In particular, we generate synthetic datasets of points using scikit-learn's make_classification function and split them into target, test, and independent sets. Then, we train a target model and run three different attacks as described in the paper. We provide different performance metrics attacks.The second experiment makes some changes in how the toy data is generated in order to obtain less vulnerable models. In particular, we aim for less overfit models so that MIA risk is reduced.
Ethical issues No ethical issues were identified. All data used is synthetically generated using scikit-learn's make_classification function, which outputs combinations of Gaussian distributed random points and assigns them a class.make_classification: https://scikit-learn.org/stable/modules/generated/sklearn.datasets.make_classification.html
Group Others
Involved Institutions Universitat Rovira i Virgili
Involved People Blanco-Justicia, Alberto, alberto.blanco@urv.cat, orcid.org/0000-0002-1108-8082
Involved People Domingo-Ferrer, Josep, josep.domingo@urv.cat, orcid.org/0000-0001-7213-4962
State Complete
Thematic Cluster Privacy Enhancing Technology [PET]
ThematicCluster Social Data
system:type Experiment
Management Info
Field Value
Author Blanco Justicia Alberto
Maintainer Blanco Justicia Alberto
Version 1
Last Updated 30 May 2023, 08:56 (CEST)
Created 29 May 2023, 20:29 (CEST)