TL;DR
This paper introduces GP-MIA, a novel, efficient, and interpretable Gaussian process-based method for membership inference attacks that requires only post-hoc metrics from a single trained model, enhancing practicality and accuracy.
Contribution
The paper presents GP-MIA, a new Gaussian process meta-modeling approach for membership inference that avoids shadow models and heavy queries, providing calibrated uncertainty estimates.
Findings
Achieves high accuracy across synthetic and real datasets
Offers a practical alternative to existing MIAs
Provides well-calibrated uncertainty estimates
Abstract
Membership inference attacks (MIAs) test whether a data point was part of a model's training set, posing serious privacy risks. Existing methods often depend on shadow models or heavy query access, which limits their practicality. We propose GP-MIA, an efficient and interpretable approach based on Gaussian process (GP) meta-modeling. Using post-hoc metrics such as accuracy, entropy, dataset statistics, and optional sensitivity features (e.g. gradients, NTK measures) from a single trained model, GP-MIA trains a GP classifier to distinguish members from non-members while providing calibrated uncertainty estimates. Experiments on synthetic data, real-world fraud detection data, CIFAR-10, and WikiText-2 show that GP-MIA achieves high accuracy and generalizability, offering a practical alternative to existing MIAs.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
