A Critical Review on the Effectiveness and Privacy Threats of Membership Inference Attacks
arXiv: 2603.22987v1
发布: 2026-03-24
更新: 2026-03-24
AI 摘要
论文评估成员推断攻击(MIAs),发现其在现实条件下是较弱的隐私威胁,可能导致过度防御。
主要贡献
- 提出评估MIAs的框架,定义了真正的隐私威胁条件
- 评估了代表性的MIAs
- 指出MIAs作为隐私指标可能导致风险高估和模型效用牺牲
方法论
论文构建评估框架,并在框架下分析现有MIAs,进而评估其有效性和真实隐私威胁。
原文摘要
Membership inference attacks (MIAs) aim to determine whether a data sample was included in a machine learning (ML) model's training set and have become the de facto standard for measuring privacy leakages in ML. We propose an evaluation framework that defines the conditions under which MIAs constitute a genuine privacy threat, and review representative MIAs against it. We find that, under the realistic conditions defined in our framework, MIAs represent weak privacy threats. Thus, relying on them as a privacy metric in ML can lead to an overestimation of risk and to unnecessary sacrifices in model utility as a consequence of employing too strong defenses.