cispa_all_3797.pdf (2.65 MB)

Membership Inference Attacks by Exploiting Loss Trajectory

Download (2.65 MB)
Version 2 2023-12-11, 20:15
Version 1 2023-11-29, 18:22
conference contribution
posted on 2023-12-11, 20:15 authored by Yiyong LiuYiyong Liu, Zhengyu Zhao, Michael BackesMichael Backes, Yang ZhangYang Zhang
Machine learning models are vulnerable to membership inference attacks in which an adversary aims to predict whether or not a particular sample was contained in the target model’s training dataset. Existing attack methods have commonly exploited the output information (mostly, losses) solely from the given target model. As a result, in practical scenarios where both the member and nonmember samples yield similarly small losses, these methods are naturally unable to differentiate between them. To address this limitation, in this paper, we propose a new attack method, called TrajectoryMIA, which can exploit the membership information from the whole training process of the target model for improving the attack performance. To mount the attack in the common blackbox setting, we leverage knowledge distillation, and represent the membership information by the losses evaluated on a sequence of intermediate models at different distillation epochs, namely distilled loss trajectory, together with the loss from the given target model. Experimental results over different datasets and model architectures demonstrate the great advantage of our attack in terms of different metrics. For example, on CINIC-10, our attack achieves at least 6× higher true-positive rate at a low false-positive rate of 0.1% than existing methods. Further analysis demonstrates the general effectiveness of our attack in more strict scenarios.


Preferred Citation

Yiyong Liu, Zhengyu Zhao, Michael Backes and Yang Zhang. Membership Inference Attacks by Exploiting Loss Trajectory. In: ACM Conference on Computer and Communications Security (CCS). 2022.

Primary Research Area

  • Trustworthy Information Processing

Name of Conference

ACM Conference on Computer and Communications Security (CCS)

Legacy Posted Date


Open Access Type

  • Unknown


@inproceedings{cispa_all_3797, title = "Membership Inference Attacks by Exploiting Loss Trajectory", author = "Liu, Yiyong and Zhao, Zhengyu and Backes, Michael and Zhang, Yang", booktitle="{ACM Conference on Computer and Communications Security (CCS)}", year="2022", }

Usage metrics


    No categories selected


    Ref. manager