Privacy Backdoors: Enhancing Membership Inference through Poisoning Pre-trained Models

arXiv:2404.01231v1 Announce Type: new
Abstract: It is commonplace to produce application-specific models by fine-tuning large pre-trained models using a small bespoke dataset. The widespread availability of foundation model checkpoints on the web poses considerable risks, including the vulnerability to backdoor attacks. In this paper, we unveil a new vulnerability: the privacy backdoor attack. This black-box privacy attack aims to amplify the privacy leakage that arises when fine-tuning a model: when a victim fine-tunes a backdoored model, their training data will …

application arxiv attacks availability backdoor backdoor attacks backdoors cs.cr cs.lg dataset fine-tuning foundation large new vulnerability poisoning privacy risks the web vulnerability web