White-box vs Black-box: Bayes Optimal Strategies for Membership Inference - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Communication Dans Un Congrès Année : 2019

White-box vs Black-box: Bayes Optimal Strategies for Membership Inference

Résumé

Membership inference determines, given a sample and trained parameters of a machine learning model, whether the sample was part of the training set. In this paper, we derive the optimal strategy for membership inference with a few assumptions on the distribution of the parameters. We show that optimal attacks only depend on the loss function, and thus black-box attacks are as good as white-box attacks. As the optimal strategy is not tractable, we provide approximations of it leading to several inference methods, and show that existing membership inference methods are coarser approximations of this optimal strategy. Our membership attacks outperform the state of the art in various settings, ranging from a simple logistic regression to more complex architectures and datasets, such as ResNet-101 and Imagenet.

Dates et versions

hal-02278902 , version 1 (04-09-2019)

Identifiants

Citer

Alexandre Sablayrolles, Matthijs Douze, Yann Ollivier, Cordelia Schmid, Hervé Jégou. White-box vs Black-box: Bayes Optimal Strategies for Membership Inference. ICML 2019 - 36th International Conference on Machine Learning, Jun 2019, Long Beach, United States. pp.5558-5567. ⟨hal-02278902⟩
159 Consultations
0 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More