Scalable Membership Inference Attacks via Quantile Regression. (arXiv:2307.03694v1 [cs.LG])

Membership inference attacks are designed to determine, using black box
access to trained models, whether a particular example was used in training or
not. Membership inference can be formalized as a hypothesis testing problem.
The most effective existing attacks estimate the distribution of some test
statistic (usually the model's confidence on the true label) on points that
were (and were not) used in training by training many \emph{shadow models} --
i.e. models of the same architecture as the model being …

access attacks black box box distribution problem statistic test testing training