English

Formalizing Distribution Inference Risks

Machine Learning 2021-09-28 v4 Artificial Intelligence Cryptography and Security

Abstract

Property inference attacks reveal statistical properties about a training set but are difficult to distinguish from the primary purposes of statistical machine learning, which is to produce models that capture statistical properties about a distribution. Motivated by Yeom et al.'s membership inference framework, we propose a formal and generic definition of property inference attacks. The proposed notion describes attacks that can distinguish between possible training distributions, extending beyond previous property inference attacks that infer the ratio of a particular type of data in the training data set. In this paper, we show how our definition captures previous property inference attacks as well as a new attack that reveals the average degree of nodes of a training graph and report on experiments giving insight into the potential risks of property inference attacks.

Keywords

Cite

@article{arxiv.2106.03699,
  title  = {Formalizing Distribution Inference Risks},
  author = {Anshuman Suri and David Evans},
  journal= {arXiv preprint arXiv:2106.03699},
  year   = {2021}
}

Comments

ICML 2021 Workshop on Theory and Practice of Differential Privacy. Longer version of work available at arXiv:2109.06024 Update: Labelling error for Census[Race], where graphs were mirror-images because of 1-ratio being used instead of the ratio. Comparison with SOTA also updated; conclusions remain unchanged

R2 v1 2026-06-24T02:55:05.921Z