Summary of Glira: Black-box Membership Inference Attack Via Knowledge Distillation, by Andrey V. Galichin et al.
GLiRA: Black-Box Membership Inference Attack via Knowledge Distillation
by Andrey V. Galichin, Mikhail Pautov, Alexey Zhavoronkin, Oleg Y. Rogov, Ivan Oseledets
First submitted to arxiv on: 13 May 2024
Categories
- Main: Machine Learning (cs.LG)
- Secondary: Artificial Intelligence (cs.AI)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary This paper investigates the connection between Membership Inference Attacks (MIAs) and distillation-based functionality stealing attacks on Deep Neural Networks (DNNs). The authors propose {GLiRA}, a distillation-guided approach to membership inference attack on black-box neural networks. They find that knowledge distillation significantly improves the efficiency of likelihood ratio-based membership inference attacks, particularly in the black-box setting where the target model’s architecture is unknown. The proposed method is evaluated across multiple image classification datasets and models, demonstrating improved performance compared to current state-of-the-art membership inference attacks. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary This paper looks at how safe it is to use Deep Neural Networks (DNNs) without knowing their training data. Some bad guys can hack into these networks and figure out what kind of data they were trained on. The researchers developed a new way, called {GLiRA}, to make it harder for hackers to do this. They tested their method on many different image classification datasets and found that it works better than other methods in keeping the training data private. |
Keywords
» Artificial intelligence » Distillation » Image classification » Inference » Knowledge distillation » Likelihood
