Likelihood Ratio Attack

Likelihood ratio attacks are a class of membership inference attacks designed to determine if a specific data point was used to train a machine learning model, primarily focusing on deep neural networks and diffusion models. Current research explores variations of the likelihood ratio attack, including those leveraging knowledge distillation and adversarial perturbations to improve accuracy, particularly at low false positive rates. These attacks highlight vulnerabilities in model training data privacy and are crucial for evaluating and improving the security and robustness of machine learning systems across various applications, including biometric protection and sensitive data analysis.

Papers

November 2, 2024

WaKA: Data Attribution using K-Nearest Neighbors and Membership Privacy Principles
Patrick Mesana, Clément Bénesse, Hadrien Lautraite, Gilles Caporossi, Sébastien Gambs
Membership Inference Attack General Principle Inference Attack K Nearest Neighbor Membership Privacy Data Attribution Likelihood Ratio Attack

September 19, 2024

Hypersphere Secure Sketch Revisited: Probabilistic Linear Regression Attack on IronMask in Multiple Usage
Pengxu Zhu, Lei Wang
Security Related Likelihood Ratio Attack Biometric Template

May 13, 2024

GLiRA: Black-Box Membership Inference Attack via Knowledge Distillation
Andrey V. Galichin, Mikhail Pautov, Alexey Zhavoronkin, Oleg Y. Rogov, Ivan Oseledets
Knowledge Distillation Membership Inference Attack Distillation Framework Box Membership Inference Attack Likelihood Ratio Attack

February 16, 2024

Uncertainty, Calibration, and Membership Inference Attacks: An Information-Theoretic Perspective
Meiyi Zhu, Caili Guo, Chunyan Feng, Osvaldo Simeone
High Uncertainty Anticipation Membership Inference Attack Calibration Performance Epistemic Uncertainty Information Theoretic Aleatoric Uncertainty Likelihood Ratio Attack

October 10, 2023

Investigating the Adversarial Robustness of Density Estimation Using the Probability Flow ODE
Marius Arvinte, Cory Cornelius, Jason Martin, Nageen Himayat
Adversarial Robustness Density Estimation Score Based Diffusion Model Probability Flow ODE Unbiased Estimator Likelihood Ratio Attack

July 11, 2023

Membership Inference Attacks on DNNs using Adversarial Perturbations
Hassan Ali, Adnan Qayyum, Ala Al-Fuqaha, Junaid Qadir
Adversarial Perturbation Membership Inference Attack DNN Framework Membership Inference Likelihood Ratio Attack

January 24, 2023

Membership Inference of Diffusion Models
Hailong Hu, Jun Pang
Diffusion Model Differential Privacy Membership Inference Attack Membership Inference Privacy Sensitive Likelihood Ratio Attack

October 24, 2022

Generalised Likelihood Ratio Testing Adversaries through the Differential Privacy Lens
Georgios Kaissis, Alexander Ziller, Stefan Kolek Martinez de Azagra, Daniel Rueckert
Differential Privacy Privacy Guarantee Likelihood Ratio Attack Neyman Pearson

December 7, 2021

Membership Inference Attacks From First Principles
Nicholas Carlini, Steve Chien, Milad Nasr, Shuang Song, Andreas Terzis, Florian Tramer
Membership Inference Attack First Principle Adversary Agent Untargeted Attack False Positive Rate Likelihood Ratio Attack

Likelihood Ratio Attack

Papers

WaKA: Data Attribution using K-Nearest Neighbors and Membership Privacy Principles

Hypersphere Secure Sketch Revisited: Probabilistic Linear Regression Attack on IronMask in Multiple Usage

GLiRA: Black-Box Membership Inference Attack via Knowledge Distillation

Uncertainty, Calibration, and Membership Inference Attacks: An Information-Theoretic Perspective

Investigating the Adversarial Robustness of Density Estimation Using the Probability Flow ODE

Membership Inference Attacks on DNNs using Adversarial Perturbations

Membership Inference of Diffusion Models

Generalised Likelihood Ratio Testing Adversaries through the Differential Privacy Lens

Membership Inference Attacks From First Principles