English
Related papers

Related papers: Bootstrap Aggregation for Point-based Generalized …

200 papers

A surprising phenomenon in modern machine learning is the ability of a highly overparameterized model to generalize well (small error on the test data) even when it is trained to memorize the training data (zero error on the training data).…

Machine Learning · Statistics 2022-12-01 Jasper Tan , Blake Mason , Hamid Javadi , Richard G. Baraniuk

We introduce a new class of attacks on machine learning models. We show that an adversary who can poison a training dataset can cause models trained on this dataset to leak significant private details of training points belonging to other…

Cryptography and Security · Computer Science 2022-10-07 Florian Tramèr , Reza Shokri , Ayrton San Joaquin , Hoang Le , Matthew Jagielski , Sanghyun Hong , Nicholas Carlini

With the wide-spread application of machine learning models, it has become critical to study the potential data leakage of models trained on sensitive data. Recently, various membership inference (MI) attacks are proposed to determine if a…

Cryptography and Security · Computer Science 2023-05-01 Shahbaz Rezaei , Xin Liu

Collaborative machine learning and related techniques such as federated learning allow multiple participants, each with his own training dataset, to build a joint model by training locally and periodically exchanging model updates. We…

Cryptography and Security · Computer Science 2018-11-02 Luca Melis , Congzheng Song , Emiliano De Cristofaro , Vitaly Shmatikov

Machine learning models are vulnerable to membership inference attack, which can be used to determine whether a given sample appears in the training data. Most existing methods assume the attacker has full access to the features of the…

Machine Learning · Computer Science 2025-12-24 Xurun Wang , Guangrui Liu , Xinjie Li , Haoyu He , Lin Yao , Zhongyun Hua , Weizhe Zhang

Differentially private training algorithms provide protection against one of the most popular attacks in machine learning: the membership inference attack. However, these privacy algorithms incur a loss of the model's classification…

Cryptography and Security · Computer Science 2021-10-13 Jiaxiang Liu , Simon Oya , Florian Kerschbaum

Diffusion models have achieved tremendous success in image generation, but they also raise significant concerns regarding privacy and copyright issues. Membership Inference Attacks (MIAs) are designed to ascertain whether specific data was…

Cryptography and Security · Computer Science 2026-05-29 Puwei Lian , Yujun Cai , Songze Li , Bingkun Bao

As collaborative learning allows joint training of a model using multiple sources of data, the security problem has been a central concern. Malicious users can upload poisoned data to prevent the model's convergence or inject hidden…

Cryptography and Security · Computer Science 2021-01-21 Ximing Qiao , Yuhua Bai , Siping Hu , Ang Li , Yiran Chen , Hai Li

Sequence models, such as Large Language Models (LLMs) and autoregressive image generators, have a tendency to memorize and inadvertently leak sensitive information. While this tendency has critical legal implications, existing tools are…

Cryptography and Security · Computer Science 2025-06-06 Lorenzo Rossi , Michael Aerni , Jie Zhang , Florian Tramèr

Membership inference attack is one of the most popular privacy attacks in machine learning, which aims to predict whether a given sample was contained in the target model's training set. Label-only membership inference attack is a variant…

Machine Learning · Computer Science 2023-06-08 JiaCheng Xu , ChengXiang Tan

Federated learning enables training high-utility models across several clients without directly sharing their private data. As a downside, the federated setting makes the model vulnerable to various adversarial attacks in the presence of…

Machine Learning · Computer Science 2024-03-12 Xiaoyang Wang , Dimitrios Dimitriadis , Sanmi Koyejo , Shruti Tople

As industrial applications are increasingly automated by machine learning models, enforcing personal data ownership and intellectual property rights requires tracing training data back to their rightful owners. Membership inference…

Machine Learning · Computer Science 2023-06-02 Yuxin Wen , Arpit Bansal , Hamid Kazemi , Eitan Borgnia , Micah Goldblum , Jonas Geiping , Tom Goldstein

Malicious clients can attack federated learning systems using malicious data, including backdoor samples, during the training phase. The compromised global model will perform well on the validation dataset designed for the task, but a small…

Cryptography and Security · Computer Science 2021-01-18 Chen Wu , Xian Yang , Sencun Zhu , Prasenjit Mitra

While location data is extremely valuable for various applications, disclosing it prompts serious threats to individuals' privacy. To limit such concerns, organizations often provide analysts with aggregate time-series that indicate, e.g.,…

Cryptography and Security · Computer Science 2020-04-28 Apostolos Pyrgelis , Carmela Troncoso , Emiliano De Cristofaro

Recently, recommender systems have achieved promising performances and become one of the most widely used web applications. However, recommender systems are often trained on highly sensitive user data, thus potential data leakage from…

Cryptography and Security · Computer Science 2021-09-17 Minxing Zhang , Zhaochun Ren , Zihan Wang , Pengjie Ren , Zhumin Chen , Pengfei Hu , Yang Zhang

As in-the-wild data are increasingly involved in the training stage, machine learning applications become more susceptible to data poisoning attacks. Such attacks typically lead to test-time accuracy degradation or controlled misprediction.…

Cryptography and Security · Computer Science 2022-11-02 Yufei Chen , Chao Shen , Yun Shen , Cong Wang , Yang Zhang

Current federated backdoor attacks focus on collaboratively training backdoor triggers, where multiple compromised clients train their local trigger patches and then merge them into a global trigger during the inference phase. However,…

Cryptography and Security · Computer Science 2025-02-25 Lingguag Hao , Kuangrong Hao , Bing Wei , Xue-song Tang

It has been widely recognized that adversarial examples can be easily crafted to fool deep networks, which mainly root from the locally non-linear behavior nearby input examples. Applying mixup in training provides an effective mechanism to…

Machine Learning · Computer Science 2020-02-21 Tianyu Pang , Kun Xu , Jun Zhu

Authentication systems are vulnerable to model inversion attacks where an adversary is able to approximate the inverse of a target machine learning model. Biometric models are a prime candidate for this type of attack. This is because…

Computer Vision and Pattern Recognition · Computer Science 2022-09-23 Sohaib Ahmad , Benjamin Fuller , Kaleel Mahmood

Neural networks are susceptible to data inference attacks such as the model inversion attack and the membership inference attack, where the attacker could infer the reconstruction and the membership of a data sample from the confidence…

Cryptography and Security · Computer Science 2020-08-21 Ziqi Yang , Bin Shao , Bohan Xuan , Ee-Chien Chang , Fan Zhang