Membership Inference Attacks and Generalization: A Causal Perspective

Teodora Baluta; Shiqi Shen; S. Hitarth; Shruti Tople; Prateek Saxena

doi:10.1145/3548606.3560694

Membership Inference Attacks and Generalization: A Causal Perspective

Teodora Baluta, Shiqi Shen, S. Hitarth, Shruti Tople, Prateek Saxena

Department of Computer Science and Engineering

Research output: Chapter in Book/Conference Proceeding/Report › Conference Paper published in a book › peer-review

15 Citations (Scopus)

Abstract

Membership inference (MI) attacks highlight a privacy weakness in present stochastic training methods for neural networks. It is not well understood, however, why they arise. Are they a natural consequence of imperfect generalization only? Which underlying causes should we address during training to mitigate these attacks? Towards answering such questions, we propose the first approach to explain MI attacks and their connection to generalization based on principled causal reasoning. We offer causal graphs that quantitatively explain the observed MI attack performance achieved for 6 attack variants. We refute several prior non-quantitative hypotheses that over-simplify or over-estimate the influence of underlying causes, thereby failing to capture the complex interplay between several factors. Our causal models also show a new connection between generalization and MI attacks via their shared causal factors. Our causal models have high predictive power (0.90), i.e., their analytical predictions match with observations in unseen experiments often, which makes analysis via them a pragmatic alternative.

Original language	English
Title of host publication	CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security
Publisher	Association for Computing Machinery
Pages	249-262
Number of pages	14
ISBN (Electronic)	9781450394505
DOIs	https://doi.org/10.1145/3548606.3560694
Publication status	Published - 7 Nov 2022
Event	28th ACM SIGSAC Conference on Computer and Communications Security, CCS 2022 - Los Angeles, United States Duration: 7 Nov 2022 → 11 Nov 2022

Publication series

Name	Proceedings of the ACM Conference on Computer and Communications Security
ISSN (Print)	1543-7221

Conference

Conference	28th ACM SIGSAC Conference on Computer and Communications Security, CCS 2022
Country/Territory	United States
City	Los Angeles
Period	7/11/22 → 11/11/22

Bibliographical note

Publisher Copyright:
© 2022 Owner/Author.

Keywords

membership inference attacks
generalization
causal reasoning

Access to Document

10.1145/3548606.3560694Licence: CC BY

Cite this

Baluta, T., Shen, S., Hitarth, S., Tople, S., & Saxena, P. (2022). Membership Inference Attacks and Generalization: A Causal Perspective. In CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (pp. 249-262). (Proceedings of the ACM Conference on Computer and Communications Security). Association for Computing Machinery. https://doi.org/10.1145/3548606.3560694

@inproceedings{8209b56b3d904843afa1b3f9ab6eb858,

title = "Membership Inference Attacks and Generalization: A Causal Perspective",

abstract = "Membership inference (MI) attacks highlight a privacy weakness in present stochastic training methods for neural networks. It is not well understood, however, why they arise. Are they a natural consequence of imperfect generalization only? Which underlying causes should we address during training to mitigate these attacks? Towards answering such questions, we propose the first approach to explain MI attacks and their connection to generalization based on principled causal reasoning. We offer causal graphs that quantitatively explain the observed MI attack performance achieved for 6 attack variants. We refute several prior non-quantitative hypotheses that over-simplify or over-estimate the influence of underlying causes, thereby failing to capture the complex interplay between several factors. Our causal models also show a new connection between generalization and MI attacks via their shared causal factors. Our causal models have high predictive power (0.90), i.e., their analytical predictions match with observations in unseen experiments often, which makes analysis via them a pragmatic alternative.",

keywords = "membership inference attacks, generalization, causal reasoning",

author = "Teodora Baluta and Shiqi Shen and S. Hitarth and Shruti Tople and Prateek Saxena",

note = "Publisher Copyright: {\textcopyright} 2022 Owner/Author.; 28th ACM SIGSAC Conference on Computer and Communications Security, CCS 2022 ; Conference date: 07-11-2022 Through 11-11-2022",

year = "2022",

month = nov,

day = "7",

doi = "10.1145/3548606.3560694",

language = "English",

series = "Proceedings of the ACM Conference on Computer and Communications Security",

publisher = "Association for Computing Machinery",

pages = "249--262",

booktitle = "CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security",

}

Baluta, T, Shen, S, Hitarth, S, Tople, S & Saxena, P 2022, Membership Inference Attacks and Generalization: A Causal Perspective. in CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. Proceedings of the ACM Conference on Computer and Communications Security, Association for Computing Machinery, pp. 249-262, 28th ACM SIGSAC Conference on Computer and Communications Security, CCS 2022, Los Angeles, United States, 7/11/22. https://doi.org/10.1145/3548606.3560694

Membership Inference Attacks and Generalization: A Causal Perspective. / Baluta, Teodora; Shen, Shiqi; Hitarth, S. et al.
CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery, 2022. p. 249-262 (Proceedings of the ACM Conference on Computer and Communications Security).

Research output: Chapter in Book/Conference Proceeding/Report › Conference Paper published in a book › peer-review

TY - GEN

T1 - Membership Inference Attacks and Generalization: A Causal Perspective

AU - Baluta, Teodora

AU - Shen, Shiqi

AU - Hitarth, S.

AU - Tople, Shruti

AU - Saxena, Prateek

PY - 2022/11/7

Y1 - 2022/11/7

N2 - Membership inference (MI) attacks highlight a privacy weakness in present stochastic training methods for neural networks. It is not well understood, however, why they arise. Are they a natural consequence of imperfect generalization only? Which underlying causes should we address during training to mitigate these attacks? Towards answering such questions, we propose the first approach to explain MI attacks and their connection to generalization based on principled causal reasoning. We offer causal graphs that quantitatively explain the observed MI attack performance achieved for 6 attack variants. We refute several prior non-quantitative hypotheses that over-simplify or over-estimate the influence of underlying causes, thereby failing to capture the complex interplay between several factors. Our causal models also show a new connection between generalization and MI attacks via their shared causal factors. Our causal models have high predictive power (0.90), i.e., their analytical predictions match with observations in unseen experiments often, which makes analysis via them a pragmatic alternative.

AB - Membership inference (MI) attacks highlight a privacy weakness in present stochastic training methods for neural networks. It is not well understood, however, why they arise. Are they a natural consequence of imperfect generalization only? Which underlying causes should we address during training to mitigate these attacks? Towards answering such questions, we propose the first approach to explain MI attacks and their connection to generalization based on principled causal reasoning. We offer causal graphs that quantitatively explain the observed MI attack performance achieved for 6 attack variants. We refute several prior non-quantitative hypotheses that over-simplify or over-estimate the influence of underlying causes, thereby failing to capture the complex interplay between several factors. Our causal models also show a new connection between generalization and MI attacks via their shared causal factors. Our causal models have high predictive power (0.90), i.e., their analytical predictions match with observations in unseen experiments often, which makes analysis via them a pragmatic alternative.

KW - membership inference attacks

KW - generalization

KW - causal reasoning

UR - https://www.scopus.com/pages/publications/85142779592

U2 - 10.1145/3548606.3560694

DO - 10.1145/3548606.3560694

M3 - Conference Paper published in a book

AN - SCOPUS:85142779592

T3 - Proceedings of the ACM Conference on Computer and Communications Security

SP - 249

EP - 262

BT - CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security

PB - Association for Computing Machinery

T2 - 28th ACM SIGSAC Conference on Computer and Communications Security, CCS 2022

Y2 - 7 November 2022 through 11 November 2022

ER -

Baluta T, Shen S, Hitarth S, Tople S, Saxena P. Membership Inference Attacks and Generalization: A Causal Perspective. In CCS 2022 - Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security. Association for Computing Machinery. 2022. p. 249-262. (Proceedings of the ACM Conference on Computer and Communications Security). doi: 10.1145/3548606.3560694

Membership Inference Attacks and Generalization: A Causal Perspective

Abstract

Publication series

Conference

Bibliographical note

Keywords

Access to Document

Other files and links

Fingerprint

Cite this