Privacy Backdoors: Enhancing Membership Inference through Poisoning Pre-trained Models

arXiv:2404.01231v1 Announce Type: cross
Abstract: It is commonplace to produce application-specific models by fine-tuning large pre-trained models using a small bespoke dataset. The widespread availability of foundation model checkpoints on the web poses considerable risks, including the vulnerability to backdoor attacks. In this paper, we unveil a new vulnerability: the privacy backdoor attack. This black-box privacy attack aims to amplify the privacy leakage that arises when fine-tuning a model: when a victim fine-tunes a backdoored model, their training data will …

abstract application arxiv attacks availability backdoor cs.cr cs.lg dataset fine-tuning foundation foundation model inference paper pre-trained models privacy risks small through type vulnerability web