Membership inference attacks against transfer learning for generalized model

Jinyin CHEN; Wenchang SHANGGUAN; Jingjing ZHANG; Haibin ZHENG; Yayu ZHENG; Xuhong ZHANG

Tongxin xuebao (Oct 2021)

Membership inference attacks against transfer learning for generalized model

Jinyin CHEN,
Wenchang SHANGGUAN,
Jingjing ZHANG,
Haibin ZHENG,
Yayu ZHENG,
Xuhong ZHANG

Affiliations

Jinyin CHEN
Wenchang SHANGGUAN
Jingjing ZHANG
Haibin ZHENG
Yayu ZHENG
Xuhong ZHANG

Journal volume & issue: Vol. 42
pp. 197 – 210

Abstract

Read online

For the problem of poor performance of exciting membership inference attack (MIA) when facing the transfer learning model that is generalized, the MIA for the transfer learning model that is generalized was first systematically studied, the anomaly detection was designed to obtain vulnerable data samples, and MIA was carried out against individual samples.Finally, the proposed method was tested on four image data sets, which shows that the proposed MIA has great attack performance.For example, on the Flowers102 classifier migrated from VGG16 (pretraining with Caltech101), the proposed MIA achieves 83.15% precision, which reveals that in the environment of transfer learning, even without access to the teacher model, the MIA for the teacher model can be achieved by visiting the student model.

membership inference attack;deep learning;transfer learning;privacy risk;generalized model

Published in Tongxin xuebao

ISSN: 1000-436X (Print)
Publisher: Editorial Department of Journal on Communications
Country of publisher: China
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering: Telecommunication
Website: http://www.infocomm-journal.com/txxb/EN/1000-436X/home.shtml

About the journal

Abstract

Keywords