Membership Inference Attacks (MIAs) have emerged as a valuable framework for evaluating privacy leakage by machine learning models. Score-based MIAs are distinguished, in particular, their ability to exploit the confidence scores that model generates particular inputs. Existing score-based implicitly assume adversary has access target model's hyperparameters, which can be used train shadow models attack. In this work, we demonstrate knowledge of hyperparameters is not prerequisite MIA transfer setting. Based on this, propose novel approach select training when attacker no prior about them matching output distributions and We using new yields lead an attack near indistinguishable performance from uses Furthermore, study empirical risk unaccounted use data hyperparameter optimization (HPO) differentially private (DP) learning. find statistically significant evidence performing HPO would increase vulnerability MIA.

Load

Load