White-box vs Black-box: Bayes Optimal Strategies for Membership Inference

被引：0

作者：

Sablayrolles, Alexandre ^{[1
,2
]}

Douze, Matthijs ^{[2
]}

Ollivier, Yann ^{[2
]}

Schmid, Cordelia ^{[1
]}

Jegou, Nerve ^{[2
]}

机构：

[1] Univ Grenoble Alpes, INRIA, CNRS, Grenoble INP,LJK, Grenoble, France

[2] Facebook AI Res, Grenoble, France

来源：

INTERNATIONAL CONFERENCE ON MACHINE LEARNING, VOL 97 | 2019年 / 97卷

关键词：

D O I：

暂无

中图分类号：

TP18 [人工智能理论];

学科分类号：

081104 ; 0812 ; 0835 ; 1405 ;

摘要：

Membership inference determines, given a sample and trained parameters of a machine learning model, whether the sample was part of the training set. In this paper, we derive the optimal strategy for membership inference with a few assumptions on the distribution of the parameters. We show that optimal attacks only depend on the loss function, and thus black-box attacks are as good as white-box attacks. As the optimal strategy is not tractable, we provide approximations of it leading to several inference methods, and show that existing membership inference methods are coarser approximations of this optimal strategy. Our membership attacks outperform the state of the art in various settings, ranging from a simple logistic regression to more complex architectures and datasets, such as ResNet-101 and Imagenet.

引用

页数：10

共 50 条

[1] On Membership of Black-box or White-box of Artificial Neural Network Models
Wu, Z. F.
Li, Jin
Cai, M. Y.
Zhang, W. J.
Lin, Y.
[J]. PROCEEDINGS OF THE 2016 IEEE 11TH CONFERENCE ON INDUSTRIAL ELECTRONICS AND APPLICATIONS (ICIEA), 2016, : 1400 - 1404
[2] Comparing White-box and Black-box Test Prioritization
Henard, Christopher
Papadakis, Mike
Harman, Mark
Jia, Yue
Le Traon, Yves
[J]. 2016 IEEE/ACM 38TH INTERNATIONAL CONFERENCE ON SOFTWARE ENGINEERING (ICSE), 2016, : 523 - 534
[3] Beating White-Box Defenses with Black-Box Attacks
Kumova, Vera
Pilat, Martin
[J]. 2021 INTERNATIONAL JOINT CONFERENCE ON NEURAL NETWORKS (IJCNN), 2021,
[4] Safety Assessment: From Black-Box to White-Box
Kurzidem, Iwo
Misik, Adam
Schleiss, Philipp
Burton, Simon
[J]. 2022 IEEE INTERNATIONAL SYMPOSIUM ON SOFTWARE RELIABILITY ENGINEERING WORKSHOPS (ISSREW 2022), 2022, : 295 - 300
[5] Accelerate Black-Box Attack with White-Box Prior Knowledge
Cai, Jinghui
Wang, Boyang
Wang, Xiangfeng
Jin, Bo
[J]. INTELLIGENCE SCIENCE AND BIG DATA ENGINEERING: BIG DATA AND MACHINE LEARNING, PT II, 2019, 11936 : 394 - 405
[6] Transferring Black-Box Decision Making to a White-Box Model
Zlahtic, Bojan
Zavrsnik, Jernej
Vosner, Helena Blazun
Kokol, Peter
[J]. ELECTRONICS, 2024, 13 (10)
[7] Persistent Fault Injection Attack From White-box to Black-box
Mesbah, Abdelhak
Mezghiche, Mohamed
Lanet, Jean-louis
[J]. 2017 5TH INTERNATIONAL CONFERENCE ON ELECTRICAL ENGINEERING - BOUMERDES (ICEE-B), 2017,
[8] Comparing white-box, black-box, and glass-box composition of a spect mechanisms
Kojarski, Sergei
Lorenz, David H.
[J]. REUSE OF OFF-THE-SHELF COMPONENTS, PROCEEDINGS, 2006, 4039 : 246 - 259
[9] White-Box vs. Black-Box Complexity of Search Problems: Ramsey and Graph Property Testing
Komargodski, Ilan
Naor, Moni
Yogev, Eylon
[J]. 2017 IEEE 58TH ANNUAL SYMPOSIUM ON FOUNDATIONS OF COMPUTER SCIENCE (FOCS), 2017, : 622 - 632
[10] White-Box vs. Black-Box Complexity of Search Problems: Ramsey and Graph Property Testing
Komargodski, Ilan
Naor, Moni
Yogev, Eylon
[J]. JOURNAL OF THE ACM, 2019, 66 (05)

← 1 2 3 4 5 →