Membership Inference Attacks Fueled by Few-Shot Learning to Detect Privacy Leakage and Address Data Integrity
Deep learning models have an intrinsic privacy issue as they memorize parts of their training data, creating a privacy leakage. Membership inference attacks (MIAs) exploit this to obtain confidential information about the data used for training, aiming to steal information. They can be repurposed as...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
MDPI AG
2025-05-01
|
| Series: | Machine Learning and Knowledge Extraction |
| Subjects: | |
| Online Access: | https://www.mdpi.com/2504-4990/7/2/43 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850167663113797632 |
|---|---|
| author | Daniel Jiménez-López Nuria Rodríguez-Barroso M. Victoria Luzón Javier Del Ser Francisco Herrera |
| author_facet | Daniel Jiménez-López Nuria Rodríguez-Barroso M. Victoria Luzón Javier Del Ser Francisco Herrera |
| author_sort | Daniel Jiménez-López |
| collection | DOAJ |
| description | Deep learning models have an intrinsic privacy issue as they memorize parts of their training data, creating a privacy leakage. Membership inference attacks (MIAs) exploit this to obtain confidential information about the data used for training, aiming to steal information. They can be repurposed as a measurement of data integrity by inferring whether the data were used to train a machine learning model. While state-of-the-art attacks achieve significant privacy leakage, their requirements render them infeasible, hindering their use as practical tools to assess the magnitude of the privacy risk. Moreover, the most appropriate evaluation metric of MIA, the true positive rate at a low false positive rate, lacks interpretability. We claim that the incorporation of few-shot learning techniques into the MIA field and a suitable qualitative and quantitative privacy evaluation measure should resolve these issues. In this context, our proposal is twofold. We propose a few-shot learning-based MIA, termed the FeS-MIA model, which eases the evaluation of the privacy breach of a deep learning model by significantly reducing the number of resources required for this purpose. Furthermore, we propose an interpretable quantitative and qualitative measure of privacy, referred to as the Log-MIA measure. Jointly, these proposals provide new tools to assess privacy leakages and to ease the evaluation of the training data integrity of deep learning models, i.e., to analyze the privacy breach of a deep learning model. Experiments carried out with MIA over image classification and language modeling tasks, and a comparison to the state of the art, show that our proposals excel in identifying privacy leakages in a deep learning model with little extra information. |
| format | Article |
| id | doaj-art-e2060896a7324642bbafe20c1a11b8cd |
| institution | OA Journals |
| issn | 2504-4990 |
| language | English |
| publishDate | 2025-05-01 |
| publisher | MDPI AG |
| record_format | Article |
| series | Machine Learning and Knowledge Extraction |
| spelling | doaj-art-e2060896a7324642bbafe20c1a11b8cd2025-08-20T02:21:10ZengMDPI AGMachine Learning and Knowledge Extraction2504-49902025-05-01724310.3390/make7020043Membership Inference Attacks Fueled by Few-Shot Learning to Detect Privacy Leakage and Address Data IntegrityDaniel Jiménez-López0Nuria Rodríguez-Barroso1M. Victoria Luzón2Javier Del Ser3Francisco Herrera4Department of Computer Science and Artificial Intelligence, Andalusian Research Institute in Data Science and Computational Intelligence (DaSCI), University of Granada, 18071 Granada, SpainDepartment of Computer Science and Artificial Intelligence, Andalusian Research Institute in Data Science and Computational Intelligence (DaSCI), University of Granada, 18071 Granada, SpainDepartment of Software Engineering, Andalusian Research Institute in Data Science and Computational Intelligence (DaSCI), University of Granada, 18071 Granada, SpainTECNALIA, Basque Research & Technology Alliance (BRTA), 20730 Azpeitia, SpainDepartment of Computer Science and Artificial Intelligence, Andalusian Research Institute in Data Science and Computational Intelligence (DaSCI), University of Granada, 18071 Granada, SpainDeep learning models have an intrinsic privacy issue as they memorize parts of their training data, creating a privacy leakage. Membership inference attacks (MIAs) exploit this to obtain confidential information about the data used for training, aiming to steal information. They can be repurposed as a measurement of data integrity by inferring whether the data were used to train a machine learning model. While state-of-the-art attacks achieve significant privacy leakage, their requirements render them infeasible, hindering their use as practical tools to assess the magnitude of the privacy risk. Moreover, the most appropriate evaluation metric of MIA, the true positive rate at a low false positive rate, lacks interpretability. We claim that the incorporation of few-shot learning techniques into the MIA field and a suitable qualitative and quantitative privacy evaluation measure should resolve these issues. In this context, our proposal is twofold. We propose a few-shot learning-based MIA, termed the FeS-MIA model, which eases the evaluation of the privacy breach of a deep learning model by significantly reducing the number of resources required for this purpose. Furthermore, we propose an interpretable quantitative and qualitative measure of privacy, referred to as the Log-MIA measure. Jointly, these proposals provide new tools to assess privacy leakages and to ease the evaluation of the training data integrity of deep learning models, i.e., to analyze the privacy breach of a deep learning model. Experiments carried out with MIA over image classification and language modeling tasks, and a comparison to the state of the art, show that our proposals excel in identifying privacy leakages in a deep learning model with little extra information.https://www.mdpi.com/2504-4990/7/2/43deep learningmembership inference attacksdata integrityprivacy evaluationfew-shot learning |
| spellingShingle | Daniel Jiménez-López Nuria Rodríguez-Barroso M. Victoria Luzón Javier Del Ser Francisco Herrera Membership Inference Attacks Fueled by Few-Shot Learning to Detect Privacy Leakage and Address Data Integrity Machine Learning and Knowledge Extraction deep learning membership inference attacks data integrity privacy evaluation few-shot learning |
| title | Membership Inference Attacks Fueled by Few-Shot Learning to Detect Privacy Leakage and Address Data Integrity |
| title_full | Membership Inference Attacks Fueled by Few-Shot Learning to Detect Privacy Leakage and Address Data Integrity |
| title_fullStr | Membership Inference Attacks Fueled by Few-Shot Learning to Detect Privacy Leakage and Address Data Integrity |
| title_full_unstemmed | Membership Inference Attacks Fueled by Few-Shot Learning to Detect Privacy Leakage and Address Data Integrity |
| title_short | Membership Inference Attacks Fueled by Few-Shot Learning to Detect Privacy Leakage and Address Data Integrity |
| title_sort | membership inference attacks fueled by few shot learning to detect privacy leakage and address data integrity |
| topic | deep learning membership inference attacks data integrity privacy evaluation few-shot learning |
| url | https://www.mdpi.com/2504-4990/7/2/43 |
| work_keys_str_mv | AT danieljimenezlopez membershipinferenceattacksfueledbyfewshotlearningtodetectprivacyleakageandaddressdataintegrity AT nuriarodriguezbarroso membershipinferenceattacksfueledbyfewshotlearningtodetectprivacyleakageandaddressdataintegrity AT mvictorialuzon membershipinferenceattacksfueledbyfewshotlearningtodetectprivacyleakageandaddressdataintegrity AT javierdelser membershipinferenceattacksfueledbyfewshotlearningtodetectprivacyleakageandaddressdataintegrity AT franciscoherrera membershipinferenceattacksfueledbyfewshotlearningtodetectprivacyleakageandaddressdataintegrity |