Uncertainty, Calibration, and Membership Inference Attacks: An Information-Theoretic Perspective

arXiv:2402.10686v1 Announce Type: cross
Abstract: In a membership inference attack (MIA), an attacker exploits the overconfidence exhibited by typical machine learning models to determine whether a specific data point was used to train a target model. In this paper, we analyze the performance of the state-of-the-art likelihood ratio attack (LiRA) within an information-theoretical framework that allows the investigation of the impact of the aleatoric uncertainty in the true data generation process, of the epistemic uncertainty caused by a limited training …

art arxiv attack attacker attacks cs.cr cs.it cs.lg data eess.sp exploits information machine machine learning machine learning models math.it performance perspective point state target train uncertainty