As a long-term threat to the privacy of training data, membership inference attacks (MIAs) emerge ubiquitously in machine learning models.
Existing works evidence strong connection between the distinguishability of the training and testing loss distributions and the model's vulnerability to MIAs. Motivated by existing results, we propose a novel training framework based on a relaxed loss (RelaxLoss) with a more achievable learning target, which leads to narrowed generalization gap and reduced privacy leakage. RelaxLoss is applicable to any classification model with added benefits of easy implementation and negligible overhead. Through extensive evaluations on five datasets with diverse modalities (images, medical data, transaction records), our approach consistently outperforms state-of-the-art defense mechanisms in terms of resilience against MIAs as well as model utility. Our defense is the first that can withstand a wide range of attacks while preserving (or even improving) the target model's utility.
History
Preferred Citation
Dingfan Chen, Ning Yu and Mario Fritz. RelaxLoss: Defending Membership Inference Attacks without Losing Utility. In: International Conference on Learning Representations (ICLR). 2022.
Primary Research Area
Trustworthy Information Processing
Name of Conference
International Conference on Learning Representations (ICLR)
Legacy Posted Date
2022-03-11
Open Access Type
Gold
BibTeX
@inproceedings{cispa_all_3583,
title = "RelaxLoss: Defending Membership Inference Attacks without Losing Utility",
author = "Chen, Dingfan and Yu, Ning and Fritz, Mario",
booktitle="{International Conference on Learning Representations (ICLR)}",
year="2022",
}