Understanding Practical Membership Privacy of Deep Learning
Tobaben, Marlon, Pradhan, Gauri, He, Yuan, Jälkö, Joonas, Honkela, Antti
–arXiv.org Artificial Intelligence
We apply a state-of-the-art membership inference attack (MIA) to systematically test the practical privacy vulnerability of fine-tuning large image classification models.We focus on understanding the properties of data sets and samples that make them vulnerable to membership inference. In terms of data set properties, we find a strong power law dependence between the number of examples per class in the data and the MIA vulnerability, as measured by true positive rate of the attack at a low false positive rate. For an individual sample, large gradients at the end of training are strongly correlated with MIA vulnerability.
arXiv.org Artificial Intelligence
Feb-7-2024
- Country:
- Asia > Russia (0.04)
- South America > Chile
- North America
- United States
- Texas > Travis County
- Austin (0.04)
- Rhode Island > Providence County
- Providence (0.04)
- New York > New York County
- New York City (0.04)
- Louisiana > Orleans Parish
- New Orleans (0.04)
- California
- San Francisco County > San Francisco (0.14)
- Santa Clara County > San Jose (0.04)
- Alaska > Anchorage Municipality
- Anchorage (0.04)
- Texas > Travis County
- Canada > Ontario
- Toronto (0.14)
- United States
- Europe
- Austria > Vienna (0.14)
- Spain
- Canary Islands (0.04)
- Andalusia > Granada Province
- Granada (0.04)
- Russia > Northwestern Federal District
- Leningrad Oblast > Saint Petersburg (0.04)
- France > Hauts-de-France
- Finland > Uusimaa
- Helsinki (0.04)
- Africa > Rwanda
- Genre:
- Research Report (0.64)
- Industry:
- Information Technology > Security & Privacy (0.68)
- Health & Medicine (0.46)
- Technology: