Search Icon
2027 Submissions

Cascading and Proxy Membership Inference Attacks

Yuntao Du (Purdue University), Jiacheng Li (Purdue University), Yuetian Chen (Purdue University), Kaiyuan Zhang (Purdue University), Zhizhen Yuan (Purdue University), Hanshen Xiao (Purdue University and NVIDIA Research), Bruno Ribeiro (Purdue University), Ninghui Li (Purdue University)

A Membership Inference Attack (MIA) assesses how much a trained machine learning model reveals about its training data by determining whether specific query instances were included in the dataset. We classify existing MIAs into adaptive or non-adaptive, depending on whether the adversary is allowed to train shadow models on membership queries. In the adaptive setting, where the adversary can train shadow models after accessing query instances, we highlight the importance of exploiting membership dependencies between instances and propose an attack-agnostic framework called Cascading Membership Inference Attack (CMIA), which incorporates membership dependencies via conditional shadow training to boost membership inference performance.

In the non-adaptive setting, where the adversary is restricted to training shadow models before obtaining membership queries, we introduce Proxy Membership Inference Attack (PMIA). PMIA employs a proxy selection strategy that identifies samples with similar behaviors to the query instance and uses their behaviors in shadow models to perform a membership posterior odds test for membership inference. We provide theoretical analyses for both attacks, and extensive experimental results demonstrate that CMIA and PMIA substantially outperform existing MIAs in both settings, particularly in the low false-positive regime, which is crucial for evaluating privacy risks.

Paper
Slides
Video

View More Papers

From Scam to Safety: Participatory Design of Digital Privacy...

Sarah Tabassum (University of North Carolina at Charlotte, USA), Narges Zare (University of North Carolina at Charlotte, USA), Cori Faklaris(University of North Carolina at Charlotte, USA)

Read More

PrivATE: Differentially Private Average Treatment Effect Estimation for Observational...

Quan Yuan (Zhejiang University and University of Virginia), Xiaochen Li (University of North Carolina at Greensboro), Linkang Du (Xi'an Jiaotong University), Min Chen (Vrije Universiteit Amsterdam), Mingyang Sun (Peking University), Yunjun Gao (Zhejiang University), Shibo He (Zhejiang University), Jiming Chen (Zhejiang University and Hangzhou Dianzi University), Zhikun Zhang (Zhejiang University)

Read More

Distributed Broadcast Encryption for Confidential Interoperability across Private Blockchains

Angelo De Caro (IBM Research Zurich), Kaoutar Elkhiyaoui (IBM Research Zurich), Sandeep Nishad (IBM Research India), Sikhar Patranabis (IBM Research India), Venkatraman Ramakrishna (IBM Research India)

Read More