Label Only Membership Inference Attack

Label-only membership inference attacks (MIAs) aim to determine if a data point was used to train a machine learning model, using only the model's predicted label as input—a more realistic scenario than attacks requiring access to confidence scores. Current research focuses on improving the accuracy of these attacks, particularly at low false positive rates, often employing adaptive poisoning strategies and analyzing the relative distances to decision boundaries. This area is significant because it highlights the vulnerability of even seemingly secure models to privacy breaches, impacting the responsible deployment of machine learning in sensitive applications.