Membership Inference Attacks on Lottery Ticket Networks

TL;DR

This paper empirically demonstrates that lottery ticket networks are vulnerable to membership inference attacks, revealing privacy risks in pruned models across multiple datasets and conditions.

Contribution

First to analyze and show the vulnerability of lottery ticket networks to membership inference attacks, highlighting privacy concerns in model pruning techniques.

Findings

Attack accuracy increases with dataset class count.

Attack transferability across models is high.

Sparsity influences attack success.

Abstract

The vulnerability of the Lottery Ticket Hypothesis has not been studied from the purview of Membership Inference Attacks. Through this work, we are the first to empirically show that the lottery ticket networks are equally vulnerable to membership inference attacks. A Membership Inference Attack (MIA) is the process of determining whether a data sample belongs to a training set of a trained model or not. Membership Inference Attacks could leak critical information about the training data that can be used for targeted attacks. Recent deep learning models often have very large memory footprints and a high computational cost associated with training and drawing inferences. Lottery Ticket Hypothesis is used to prune the networks to find smaller sub-networks that at least match the performance of the original model in terms of test accuracy in a similar number of iterations. We used CIFAR-10, CIFAR-100, and ImageNet datasets to perform image classification tasks and observe that the attack accuracies are similar. We also see that the attack accuracy varies directly according to the number of classes in the dataset and the sparsity of the network. We demonstrate that these attacks are transferable across models with high accuracy.