Uncertainty, Calibration, and Membership Inference Attacks: An Information-Theoretic Perspective

arXiv:2402.10686v1 Announce Type: cross
Abstract: In a membership inference attack (MIA), an attacker exploits the overconfidence exhibited by typical machine learning models to determine whether a specific data point was used to train a target model. In this paper, we analyze the performance of the state-of-the-art likelihood ratio attack (LiRA) within an information-theoretical framework that allows the investigation of the impact of the aleatoric uncertainty in the true data generation process, of the epistemic uncertainty caused by a limited training …

abstract analyze art arxiv attacks cs.cr cs.it cs.lg data eess.sp exploits inference information likelihood machine machine learning machine learning models math.it paper performance perspective state train type uncertainty