poster

Poster: Membership Inference Attacks via Contrastive Learning

Authors:

Depeng Chen,

Xiao Liu,

Jie Cui,

Hong ZhongAuthors Info & Claims

CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

Pages 3555 - 3557

https://doi.org/10.1145/3576915.3624384

Published: 21 November 2023 Publication History

Get Access

Abstract

Since machine learning model is often trained on a limited data set, the model is trained multiple times on the same data sample, which causes the model to memorize most of the training set data. Membership Inference Attacks (MIAs) exploit this feature to determine whether a data sample is used for training a machine learning model. However, in realistic scenarios, it is difficult for the adversary to obtain enough qualified samples that mark accurate identity information, especially since most samples are non-members in real world applications. To address this limitation, in this paper, we propose a new attack method called CLMIA, which uses unsupervised contrastive learning to train an attack model. Meanwhile, in CLMIA, we require only a small amount of data with known membership status to fine-tune the attack model. We evaluated the performance of the attack using ROC curves showing a higher TPR at low FPR compared to other schemes.

References

[1]

Nicholas Carlini, Steve Chien, Milad Nasr, Shuang Song, Andreas Terzis, and Florian Tramer. 2022. Membership inference attacks from first principles. In 2022 IEEE Symposium on Security and Privacy (SP). IEEE, 1897--1914.

Crossref

Google Scholar

[2]

Nicholas Carlini, Chang Liu, Úlfar Erlingsson, Jernej Kos, and Dawn Song. 2019. The secret sharer: Evaluating and testing unintended memorization in neural networks. In 28th USENIX Security Symposium (USENIX Security 19). 267--284.

Google Scholar

[3]

Ting Chen, Simon Kornblith, Mohammad Norouzi, and Geoffrey Hinton. 2020. A simple framework for contrastive learning of visual representations. In International conference on machine learning. PMLR, 1597--1607.

Google Scholar

[4]

Xi Chen, Yang Ha Cho, Yiwei Dou, and Baruch Lev. 2022. Predicting Future Earnings Changes Using Machine Learning and Detailed Financial Data. Journal of Accounting Research 60, 2 (2022), 467--515.

Crossref

Google Scholar

[5]

Hongsheng Hu, Zoran Salčić, Gillian Dobbie, Jinjun Chen, Lichao Sun, and Xuyun Zhang. 2022. Membership Inference via Backdooring. In Proceedings of the Thirty-First International Joint Conference on Artificial Intelligence, Vol. 23. 3832--3838.

Crossref

Google Scholar

[6]

Bo Hui, Yuchen Yang, Haolin Yuan, Philippe Burlina, Neil Zhenqiang Gong, and Yinzhi Cao. 2021. Practical Blind Membership Inference Attack via Differential Comparisons. In ISOC Network and Distributed System Security Symposium (NDSS).

Crossref

Google Scholar

[7]

Klas Leino and Matt Fredrikson. 2020. Stolen Memories: Leveraging Model Mem-orization for Calibrated {White-Box} Membership Inference. In 29th USENIX security symposium (USENIX Security 20). 1605--1622.

Google Scholar

[8]

Yiyong Liu, Zhengyu Zhao, Michael Backes, and Yang Zhang. 2022. Membership inference attacks by exploiting loss trajectory. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. 2085--2098.

Digital Library

Google Scholar

[9]

Ahmed Salem, Yang Zhang, Mathias Humbert, Mario Fritz, and Michael Backes. 2019. ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models. In Network and Distributed Systems Security Symposium 2019. Internet Society.

Google Scholar

[10]

Reza Shokri, Marco Stronati, Congzheng Song, and Vitaly Shmatikov. 2017. Mem-bership inference attacks against machine learning models. In 2017 IEEE symposium on security and privacy (SP). IEEE, 3--18.

Crossref

Google Scholar

[11]

Liwei Song and Prateek Mittal. 2021. Systematic evaluation of privacy risks of machine learning models. In 30th USENIX Security Symposium (USENIX Security. 2615--2632.

Google Scholar

[12]

Ziqi Zhang, Chao Yan, and Bradley A Malin. 2022. Membership inference attacks against synthetic health data. Journal of biomedical informatics 125 (2022), 103977.

Digital Library

Google Scholar

Cited By

View all

Zhang JXia YMa XJiang QXi NLu DFeng PGao SMa J(2024)DP-CLMI:Differentially Private Contrastive Learning Against Membership Inference AttackAlgorithms and Architectures for Parallel Processing10.1007/978-981-96-1548-3_4(41-60)Online publication date: 30-Oct-2024
https://dl.acm.org/doi/10.1007/978-981-96-1548-3_4

Index Terms

Poster: Membership Inference Attacks via Contrastive Learning
1. Computing methodologies
  1. Machine learning
2. Security and privacy

Recommendations

Membership Inference Attacks on Machine Learning: A Survey
Machine learning (ML) models have been widely applied to various applications, including image classification, text generation, audio recognition, and graph data analysis. However, recent studies have shown that ML models are vulnerable to membership ...
Quantifying and Mitigating Privacy Risks of Contrastive Learning
CCS '21: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security

Data is the key factor to drive the development of machine learning (ML) during the past decade. However, high-quality data, in particular labeled data, is often hard and expensive to collect. To leverage large-scale unlabeled data, self-supervised ...
Defending against membership inference attacks: RM Learning is all you need
Abstract
Large-capacity machine learning models are vulnerable to membership inference attacks that disclose the privacy of the training dataset. The privacy concerns posed by membership inference attacks have inspired many defense strategies. ...

Comments

Information & Contributors

Information

Published In

CCS '23: Proceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security

November 2023

3722 pages

ISBN:9798400700507

DOI:10.1145/3576915

General Chairs:
Weizhi Meng
Technical University of Denmark
,
Christian D. Jensen
Technical University of Denmark
,
Program Chairs:
Cas Cremers
CISPA Helmholtz Center for Information Security
,
Engin Kirda
Khoury College of Computer Sciences

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 21 November 2023

Check for updates

Author Tags

Qualifiers

Poster

Funding Sources

The University Synergy Innovation Program of Anhui Province

Conference

CCS '23

Sponsor:

SIGSAC

CCS '23: ACM SIGSAC Conference on Computer and Communications Security

November 26 - 30, 2023

Copenhagen, Denmark

Acceptance Rates

Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Sponsor:
sigsac

ACM SIGSAC Conference on Computer and Communications Security

October 13 - 17, 2025

Taipei , Taiwan

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
314
Total Downloads

Downloads (Last 12 months)168
Downloads (Last 6 weeks)10

Reflects downloads up to 08 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Zhang JXia YMa XJiang QXi NLu DFeng PGao SMa J(2024)DP-CLMI:Differentially Private Contrastive Learning Against Membership Inference AttackAlgorithms and Architectures for Parallel Processing10.1007/978-981-96-1548-3_4(41-60)Online publication date: 30-Oct-2024
https://dl.acm.org/doi/10.1007/978-981-96-1548-3_4

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Membership Inference Attacks on Machine Learning: A Survey

Quantifying and Mitigating Privacy Risks of Contrastive Learning

Defending against membership inference attacks: RM Learning is all you need

Comments

Information

Published In

Sponsors

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Acceptance Rates

Upcoming Conference

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations