Timezone: »

Canary in a Coalmine: Better Membership Inference with Ensembled Adversarial Queries
Yuxin Wen · Arpit Bansal · Hamid Kazemi · Eitan Borgnia · Micah Goldblum · Jonas Geiping · Tom Goldstein

As industrial applications are increasingly automated by machine learning models, enforcing personal data ownership and intellectual property rights requires tracing training data back to their rightful owners. Membership inference algorithms approach this problem by using statistical techniques to discern whether a target sample was included in a model's training set. However, existing methods only utilize the unaltered target sample or simple augmentations of the target to compute statistics. Such a sparse sampling of the model's behavior carries little information, leading to poor inference capabilities. In this work, we use adversarial tools to directly optimize for queries that are discriminative and diverse. Our improvements achieve significantly more accurate membership inference than existing methods, especially in offline scenarios and in the low false-positive regime which is critical in legal settings.

Author Information

Yuxin Wen (University of Maryland)
Arpit Bansal (University of Maryland, College Park)
Hamid Kazemi (University of Maryland - College Park)
Eitan Borgnia (University of Maryland)
Micah Goldblum (University of Maryland)
Jonas Geiping (University of Maryland, College Park)
Jonas Geiping

Jonas is a postdoctoral researcher at UMD. His background is in Mathematics, more specifically in mathematical optimization and its applications to deep learning. His current focus is on designing more secure and private ML systems, especially for federated learning, and on understanding fundamental phenomena behind generalization.

Tom Goldstein (University of Maryland)

More from the Same Authors