cispa_all_3486.pdf (2.61 MB)

Membership Leakage in Label-Only Exposures

Download (2.61 MB)
conference contribution
posted on 2023-11-29, 18:17 authored by Zheng LiZheng Li, Yang ZhangYang Zhang
Machine learning (ML) has been widely adopted in various privacy-critical applications, e.g., face recognition and medical image analysis. However, recent research has shown that ML models are vulnerable to attacks against their training data. Membership inference is one major attack in this domain: Given a data sample and model, an adversary aims to determine whether the sample is part of the model's training set. Existing membership inference attacks leverage the confidence scores returned by the model as their inputs (score-based attacks). However, these attacks can be easily mitigated if the model only exposes the predicted label, i.e., the final model decision. In this paper, we propose decision-based membership inference attacks and demonstrate that label-only exposures are also vulnerable to membership leakage. In particular, we develop two types of decision-based attacks, namely transfer attack, and boundary attack. Empirical evaluation shows that our decision-based attacks can achieve remarkable performance, and even outperform the previous score-based attacks in some cases. We further present new insights on the success of membership inference based on quantitative and qualitative analysis, i.e., member samples of a model are more distant to the model's decision boundary than non-member samples. Finally, we evaluate multiple defense mechanisms against our decision-based attacks and show that our two types of attacks can bypass most of these defenses.


Preferred Citation

Zheng Li and Yang Zhang. Membership Leakage in Label-Only Exposures. In: ACM Conference on Computer and Communications Security (CCS). 2021.

Primary Research Area

  • Trustworthy Information Processing

Name of Conference

ACM Conference on Computer and Communications Security (CCS)

Legacy Posted Date


Open Access Type

  • Unknown


@inproceedings{cispa_all_3486, title = "Membership Leakage in Label-Only Exposures", author = "Li, Zheng and Zhang, Yang", booktitle="{ACM Conference on Computer and Communications Security (CCS)}", year="2021", }

Usage metrics


    No categories selected


    Ref. manager