Home

Awesome

Membership Inference Attacks and Defenses on Machine Learning Models Literature

A curated list of membership inference attacks and defenses papers on machine learning models.

Papers are sorted by their released dates in descending order.

This repository serves as a complement to the survey below.

Membership Inference Attacks on Machine Learning: A Survey (More than 100 papers reviewed).

@article{hu2022membership,
  title={Membership inference attacks on machine learning: A survey},
  author={Hu, Hongsheng and Salcic, Zoran and Sun, Lichao and Dobbie, Gillian and Yu, Philip S and Zhang, Xuyun},
  journal={ACM Computing Surveys (CSUR)},
  volume={54},
  number={11s},
  pages={1--37},
  year={2022},
  publisher={ACM New York, NY}
}

If you feel this repository is helpful, please cite the survey above.

How to Search?

Search keywords like conference name (e.g., CCS), adversarial knowledge (e.g., Black-box), or target model (e.g., Classification Model) over the webpage to quickly locate related papers. Because we are in the age of generative AI, we highlight the target model of Large Language Model (LLM).

Quick Links

Attack papers sorted by year: | 2024 |2023 |2022 |2021 | 2020 | 2019 | 2018 | 2017 |

Defense papers sorted by year: | 2024 | 2023 |2022 | 2021 | 2020 | 2019 | 2018 |

Membership Inference Attack

Attack Papers 2024

YearTitleAdversarial KnowledgeTarget ModelVenuePaper LinkCode Link
2024Membership Inference Attacks against Fine-tuned Large Language Models via Self-prompt CalibrationBlack-box:sparkles: LLM :sparkles:NeurIPSLinkLink
2024Scaling Up Membership Inference: When and How Attacks Succeed on Large Language ModelsBlack-box:sparkles: LLM :sparkles:ArxivLinkLink
2024Interaction-level Membership Inference Attack against Recommender Systems with Long-tailed DistributionBlack-boxRecommender SystemCIKMLinkLink
2024Noisy Neighbors: Efficient membership inference attacks against LLMsBlack-box:sparkles: LLM :sparkles:ArxivLink
2024SoK: Membership Inference Attacks on LLMs are Rushing Nowhere (and How to Fix It)White-box; Black-box:sparkles: LLM :sparkles:ArxivLinkLink
2024ReCaLL: Membership Inference via Relative Conditional Log-LikelihoodsBlack-box:sparkles: LLM :sparkles:ArxivLink
2024Blind Baselines Beat Membership Inference Attacks for Foundation ModelsNo Access:sparkles: LLM :sparkles:ArxivLink
2024Generating Is Believing: Membership Inference Attacks against Retrieval-Augmented GenerationBlack-box:sparkles: LLM :sparkles:ArxivLink
2024Semantic Membership Inference Attack against Large Language ModelsBlack-box:sparkles: LLM :sparkles:ArxivLink
2024GCL-Leak: Link Membership Inference Attacks against Graph Contrastive LearningWhite-boxGraph Contrastive LearningPoPETsLinkLink
2024Unveiling the Unseen: Exploring Whitebox Membership Inference through the Lens of ExplainabilityWhite-boxClassification ModelsArxivLink
2024Do Parameters Reveal More than Loss for Membership Inference?White-boxClassification ModelsICML WorkshopLinkLink
2024Low-Cost High-Power Membership Inference AttacksBlack-boxClassification ModelsICMLLinkLink
2024LLM Dataset Inference Did you train on my dataset?Black-box:sparkles: LLM :sparkles:ArxivLinkLink
2024Shadow-Free Membership Inference Attacks: Recommender Systems Are More Vulnerable Than You ThoughtBlack-boxRecommender SystemIJCAILinkLink
2024Is My Data in Your Retrieval Database? Membership Inference Attacks Against Retrieval Augmented GenerationBlack-boxGenerative ModelsArxivLink
2024A Comprehensive Analysis of Factors Impacting Membership InferenceWhite-box; Black-boxClassification ModelsCVPR workshopLink
2024Lost in the Averages: A New Specific Setup to Evaluate Membership Inference Attacks Against Machine Learning ModelsBlack-boxClassification ModelsArxivLink
2024Better Membership Inference Privacy Measurement through DiscrepancyBlack-boxClassification ModelsArxivLink
2024OSLO: One-Shot Label-Only Membership Inference AttacksBlack-boxClassification ModelsArxivLink
2024Please Tell Me More: Privacy Impact of Explainability through the Lens of Membership Inference AttackBlack-boxClassification ModelsS&PLink
2024Is my Data in your AI Model? Membership Inference Test with Application to Face ImagesWhite-box; Black-boxClassification ModelsArxivLink
2024Understanding Practical Membership Privacy of Deep LearningBlack-boxClassification ModelsArxivLink
2024Evaluating Membership Inference Attacks and Defenses in Federated LearningWhite-boxClassification ModelsArxivLinkLink
2024Uncertainty, Calibration, and Membership Inference Attacks: An Information-Theoretic PerspectiveBlack-boxClassification ModelsArxivLink
2024Do Membership Inference Attacks Work on Large Language Models?Black-box:sparkles: LLM :sparkles:ArxivLinkLink
2024Learning-Based Difficulty Calibration for Enhanced Membership Inference AttacksBlack-boxClassification ModelsArxivLinkLink
2024Scalable Membership Inference Attacks via Quantile RegressionBlack-boxClassification ModelsNeurIPSLinkLink

Attack Papers 2023

YearTitleAdversarial KnowledgeTarget ModelVenuePaper LinkCode Link
2023Link Membership Inference Attacks against Unsupervised Graph Representation LearningWhite-box/Black-boxGraph Embedding ModelsACSACLinkLink
2023Low-Cost High-Power Membership Inference by Boosting RelativityBlack-boxClassification ModelsArxivLinkLink
2023A Probabilistic Fluctuation based Membership Inference Attack for Diffusion ModelsBlack-boxGenerative ModelsArxivLink
2023Practical Membership Inference Attacks Against Large-Scale Multi-Modal Models: A Pilot StudyBlack-boxClassification ModelsICCVLinkLink
2023Privacy Side Channels in Machine Learning SystemsBlack-boxClassification ModelsArxivLink
2023White-box Membership Inference Attacks against Diffusion ModelsWhite-boxGenerative ModelsArxivLinkLink
2023Scalable Membership Inference Attacks via Quantile RegressionBlack-boxClassification ModelsArxivLink
2023Synthetic is all you need: removing the auxiliary data assumption for membership inference attacks against synthetic dataBlack-boxClassification ModelsArxivLink
2023Towards More Realistic Membership Inference Attacks on Large Diffusion ModelsBlack-boxGenerative ModelsArxivLink
2023Fortifying Federated Learning against Membership Inference Attacks via Client-level Input PerturbationWhite-boxClassification ModelsArxivLink
2023Gaussian Membership Inference PrivacyWhite-boxClassification ModelsNeurIPSLinkLink
2023TMI! Finetuned Models Leak Private Information from their Pretraining DataBlack-boxClassification ModelsArxivLink
2023SoK: Membership Inference is Harder Than Previously ThoughtBlack-boxClassification ModelsArxivLinkLink
2023Re-aligning Shadow Models can Improve White-box Membership Inference AttacksWhite-boxClassification ModelsArxivLink
2023Membership inference attack with relative decision boundary distanceBlack-boxClassification ModelsArxivLink
2023Membership Inference Attacks against Language Models via Neighbourhood ComparisonBlack-boxLanguage ModelsACLLinkLink & Link
2023How to Combine Membership-Inference Attacks on Multiple Updated Machine Learning ModelsBlack-boxClassification ModelsPoPETsLinkLink
2023AgrEvader: Poisoning Membership Inference against Byzantine-robust Federated LearningWhite-boxClassification ModelsWWWLinkLink
2023Membership Inference Attacks Against Sequential Recommender SystemsBlack-boxRecommender SystemWWWLink
2023A Blessing of Dimensionality in Membership Inference through RegularizationBlack-boxClassification ModelsAISTATSLinkLink
2023Active Membership Inference Attack under Local Differential Privacy in Federated LearningWhite-boxClassification ModelsAISTATSLinkLink
2023Membership Inference Attacks against Synthetic Data through Overfitting DetectionBlack-boxGenerative modelsAISTATSLinkLink
2023Students Parrot Their Teachers: Membership Inference on Model DistillationBlack-boxClassification ModelsArxivLink
2023Membership Inference Attacks against Diffusion ModelsWhite-box; Black-boxGenerative ModelsArxivLink
2023Interaction-level Membership Inference Attack Against Federated Recommender SystemsWhite-boxRecommender SystemWWWLink
2023Are Diffusion Models Vulnerable to Membership Inference Attacks?Black-boxGenerative ModelsArxivLink
2023Accuracy-Privacy Trade-off in Deep Ensemble: A Membership Inference PerspectiveBlack-boxClassification ModelsS&PLinkLink
2023Membership Inference of Diffusion ModelsBlack-boxGenerative ModelsArxivLink
2023MiDA: Membership inference attacks against domain adaptationBlack-boxClassification ModelsISA TransactionsLink

Attack Papers 2022

YearTitleAdversarial KnowledgeTarget ModelVenuePaper LinkCode Link
2022On the Discredibility of Membership Inference AttacksBlack-boxClassification ModelsArxivLink
2022Membership Inference Attacks Against Semantic Segmentation ModelsBlack-boxSemantic Segmentation ModelsArxivLinkLink
2022Similarity Distribution based Membership Inference Attack on Person Re-identificationBlack-boxPerson Re-identificationAAAILink
2022Amplifying Membership Exposure via Data PoisoningBlack-boxClassification ModelsNeurIPSLinkLink
2022Canary in a Coalmine: Better Membership Inference with Ensembled Adversarial QueriesBlack-boxClassification ModelsArxivLinkLink
2022Membership Inference Attacks Against Text-to-image Generation ModelsBlack-boxText-to-image ModelsArxivLink
2022Membership Inference Attacks Against Robust Graph Neural NetworkBlack-boxClassification ModelsCSSLink
2022No-Label User-Level Membership Inference for ASR Model AuditingBalck-boxAutomatic Speech Recognition ModelESORICSLink
2022Membership Inference Attacks and Generalization: A Causal PerspectiveBlack-box; White-boxClassification ModelsCCSLink
2022M^4I: Multi-modal Models Membership InferenceBlack-boxMulti-modal ModelsNeurIPSLinkLink
2022Membership Inference Attacks by Exploiting Loss TrajectoryBlack-boxClassification ModelsCCSLinkLink
2022Auditing Membership Leakages of Multi-Exit NetworksWhite-box; Black-boxClassification ModelsCCSLinkLink
2022Label-Only Membership Inference Attack against Node-Level Graph Neural NetworksBlack-boxClassification ModelsArxivLink
2022Membership-Doctor: Comprehensive Assessment of Membership Inference Against Machine Learning ModelsBlack-boxClassification ModelsArxivLink
2022On the Privacy Effect of Data Enhancement via the Lens of MemorizationBlack-boxClassification ModelsArxivLink
2022Membership Inference Attacks via Adversarial ExamplesWhite-boxClassification ModelsArxivLink
2022Label-Only Membership Inference Attack against Node-Level Graph Neural NetworksBlack-boxClassification ModelsArxivLink
2022Semi-Leak: Membership Inference Attacks Against Semi-supervised LearningBlack-boxSemi-supervised Learning ModelsECCVLinkLink
2022Debiasing Learning for Membership Inference Attacks Against Recommender SystemsBlack-boxRecommender SystemKDDLink
2022Membership Inference via BackdooringBlack-boxClassification ModelsIJCAILinkLink
2022Membership Inference Attacks Against Machine Learning Models via Prediction SensitivityBlack-boxClassification ModelsIEEE Trans Dependable Secure ComputLinkLink
2022Subject Membership Inference Attacks in Federated LearningWhite-boxClassification ModelsArxivLink
2022Membership Feature Disentanglement NetworkWhite-boxClassification ModelsASIA CCSLink
2022Understanding Disparate Effects of Membership Inference Attacks and their CountermeasuresBlack-boxClassification ModelsASIA CCSLink
2022l-Leaks:Membership Inference Attacks with LogitsBlack-boxClassification ModelsArxivLink
2022CS-MIA: Membership inference attack based on prediction confidence series in federated learningWhite-boxClassification ModelsJ. Inf. Secur. ApplLink
2022Evaluating Membership Inference Through Adversarial RobustnesWhite-boxClassfication ModelsThe Computer JournalLinkLink
2022How to Combine Membership-Inference Attacks on Multiple Updated ModelsBlack-boxClassification ModelsArxivLinkLink
2022An Efficient Subpopulation-based Membership Inference AttackBlack-boxClassification ModelsArxivLink
2022Assessing the Impact of Membership Inference Attacks on Classical Machine Learning AlgorithmsBlack-boxClassification ModelsDRCNLinkLink
2022Optimal Membership Inference Bounds for Adaptive Composition of Sampled Gaussian MechanismsWhite-box; Black-boxClassification ModelsArxivLink
2022Perfectly Accurate Membership Inference by a Dishonest Central Server in Federated LearningWhite-boxClassification ModelsArxivLinkLink
2022Leveraging Adversarial Examples to Quantify Membership Information LeakageWhite-box; Black-boxClassification ModelsCVPRLinkLink
2022Quantifying Privacy Risks of Masked Language Models Using Membership Inference AttacksBlack-boxMasked Language ModelsArxivLink
2022User-Level Membership Inference Attack against Metric Embedding LearningBlack-boxMetric Embedding ModelsArxivLink
2022Label-Only Membership Inference Attacks and Defenses In Semantic Segmentation ModelsBlack-boxSegmentation ModelsIEEE Trans Dependable Secure ComputLink
2022Membership Inference Attacks and Defenses in Neural Network PruningBlack-boxClassification ModelsUSENIX SecurityLinkLink
2022Parameters or Privacy: A Provable Tradeoff Between Overparameterization and Membership InferenceBlack-boxRegression ModelsArxivLink
2022LTU Attacker for Membership InferenceWhite-box; Black-boxClassification ModelsAAAI WorkshopLinkLink

Attack Papers 2021

YearTitleAdversarial KnowledgeTarget ModelVenuePaper LinkCode Link
2021Membership Inference Attacks From First PrinciplesWhite-box; Black-boxClassification ModelsS&PLinkLink
2021SHAPr: An Efficient and Versatile Membership Privacy Risk Metric for Machine LearningBlack-boxClassification ModelsArxivLink
2021Enhanced Membership Inference Attacks against Machine Learning ModelsBlack-boxClassification ModelsArxivLinkLink
2021Do Not Trust Prediction Scores for Membership Inference AttacksBlack-boxClassification ModelsIJCAILinkLink
2021On the Importance of Difficulty Calibration in Membership Inference AttacksWhite-boxClassification ModelsArxivLink
2021Membership Inference Attacks against GANs by Leveraging Over-representation RegionsWhite-boxGenerative ModelsCCSLink
2021Membership Inference Attacks Against Recommender SystemsBlack-boxRecommender SystemsCCSLinkLink
2021Source Inference Attacks in Federated LearningBlack-boxClassifcation ModelsICDMLinkLink
2021Adapting Membership Inference Attacks to GNN for Graph Classification: Approaches and ImplicationsBlack-boxClassification ModelsICDMLinkLink
2021On The Vulnerability of Recurrent Neural Networks to Membership Inference AttacksBlack-boxText Generation ModelsArxivLinkLink
2021On the Difficulty of Membership Inference AttacksWhite-boxClassification ModelsCVPRLinkLink
2021Quantifying Privacy Leakage in Graph EmbeddingWhite-box; Black-boxGraph Embedding ModelsNeurIPS WorkshopLinkLink
2021Label-only membership inference attacksBlack-boxClassification ModelsICMLLinkLink
2021On the Privacy Risks of Model ExplanationsBlack-boxClassification ModelsAIESLink
2021Systematic evaluation of privacy risks of machine learning modelsWhite-box; Black-boxClassification ModelsUSENIX SecurityLinkLink
2021Practical blind membership inference attack via differential comparisonsBlack-boxClassification ModelsNDSSLinkLink
2021On the (In) Feasibility of Attribute Inference Attacks on Machine Learning ModelsWhite-box; Black-boxClassification ModelsEuroS&PLink
2021Bounding Information Leakage in Machine LearningWhite-boxClassification ModelsArxivLink
2021How Does Data Augmentation Affect Privacy in Machine Learning?Black-boxClassification ModelsAAAILinkLink
2021Node-Level Membership Inference Attacks Against Graph Neural NetworksBlack-boxClassification ModelsArxivLink
2021The Audio Auditor: User-Level Membership Inference in Internet of Things Voice ServicesBlack-boxAutomatic Speech Recognition ModelPoPETsLink
2021Reconstruction-Based Membership Inference Attacks are Easier on Difficult ProblemsBlack-boxImage Translation Models; Image Segmentation ModelsICCVLinkLink
2021This Person (Probably) Exists. Identity Membership Attacks Against GAN Generated FacesBlack-boxGenerative ModelsArxivlink
2021Membership Inference Attack Susceptibility of Clinical Language ModelsWhite-box; Black-boxClinical Language ModelsArxivLink
2021Killing four birds with one Gaussian process: the relation between different test-time attacksBlack-boxClassification ModelsICPRLink
2021Evaluating the Vulnerability of End-to-End Automatic Speech Recognition Models To Membership Inference AttacksBlack-boxSpeech Recognition ModelsInterspeechLink
2021Membership Inference Attacks on Knowledge GraphsBlack-boxKnowledge Graph Embedding ModelsArxivLink
2021Membership Leakage in Label-Only ExposuresBlack-boxClassification ModelsCCSLink
2021Membership inference attack on graph neural networksBlack-boxClassification ModelsArxivLink
2021Membership Inference Attacks on Deep Regression Models for NeuroimagingBlack-boxRegression ModelsMIDLLink
2021Membership Inference Attacks on Lottery Ticket NetworksBlack-boxClassification ModelsICML WorkshopLink
2021Membership Inference on Word Embedding and BeyondBlack-boxWord Embedding ModelsArxivLink
2021EncoderMI: Membership Inference against Pre-trained Encoders in Contrastive LearningBlack-boxImage Encoder ModelsCCSLink

Attack Papers 2020 [Back to Top]

YearTitleAdversarial KnowledgeTarget ModelVenuePaper LinkCode Link
2020GECKO: Reconciling Privacy, Accuracy and Efficiency in Embedded Deep LearningBlack-boxClassification ModelsNeurIPS WorkshopLink
2020Gan-leaks: A taxonomy of membership inference attacks against generative modelsWhite-box; Black-boxGenerative ModelsCCSLinkLink
2020Stolen Memories: Leveraging Model Memorization for Calibrated White-Box Membership InferenceWhite-boxClassification ModelsUSENIX SecurityLink
2020Information leakage in embedding modelsBlack-boxText Embedding ModelsCCSLink
2020When machine unlearning jeopardizes privacyBlack-boxClassification ModelsArxivLink
2020Revisiting membership inference under realistic assumptionsBlack-boxClassification ModelsPoPETsLinkLink
2020Membership inference attacks on sequence-to-sequence models: Is my data in your machine translation system?Black-boxText Generation ModelsTACLLinkLink
2020Segmentations-leak: Membership inference attacks and defenses in semantic image segmentationBlack-boxImage Segmentation ModelsECCVLinkLink
2020Performing co-membership attacks against deep generative modelsWhite-boxGenerative ModelsICDMLink
2020On the privacy risks of algorithmic fairnessBlack-boxClassification ModelsEuroS&PLink
2020A Comprehensive Analysis of Information Leakage in Deep Transfer LearningBlack-boxClassification ModelsArxivLink
2020Gan enhanced membership inference: A passive local attack in federated learningWhite-boxClassification ModelsICCLink
2020Privacy analysis of deep learning in the wild: Membership inference attacks against transfer learningBlack-boxClassification ModelsArxivLink
2020Data and model dependencies of membership inference attackBlack-boxClassification ModelsArxivLink
2020A Pragmatic Approach to Membership Inferences on Machine Learning ModelsBlack-boxClassification ModelsEuroS&PLink
2020Quantifying Membership Inference Vulnerability via Generalization Gap and Other Model MetricsBlack-boxClassification ModelsArxivLink
2020Investigating the Impact of Pre-trained Word Embeddings on Memorization in Neural NetworksBlack-boxWord Embedding ModelsTSDLink
2020Beyond Model-Level Membership Privacy Leakage: an Adversarial Approach in Federated LearningWhite-boxClassification ModelsICCCNLink
2020Practical Membership Inference Attack Against Collaborative Inference in Industrial IoTWhite-boxClassification ModelsIEEE Trans. Industr. Inform.Link

Attack Papers 2019 [Back to Top]

YearTitleAdversarial KnowledgeTarget ModelVenuePaper LinkCode Link
2019Exploiting unintended feature leakage in collaborative learningWhite-boxClassification ModelsS&PLinkLink
2019Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference Attacks against Centralized and Federated LearningBlack-box; White-boxClassification ModelsS&PlinkLink
2019ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning ModelsBlack-boxClassification ModelsNDSSLinkLink
2019LOGAN: Membership Inference Attacks Against Generative ModelsBlack-box; White-boxGenerative ModelsPoPETsLinkLink
2019White-box vs Black-box: Bayes Optimal Strategies for Membership InferenceBlack-boxClassification ModelsICMLLink
2019Auditing data provenance in text-generation modelsBlack-boxText Generation ModelsKDDLinkLink
2019Socinf: Membership inference attacks on social media health data with machine learningBlack-boxClassification ModelsIEEE Trans. Comput. Soc. Syst.Link
2019Monte Carlo and Reconstruction Membership Inference Attacks against Generative Models.White-box; Black-boxGenerative ModelsPoPETsLinkLink
2019Disparate Vulnerability: on the Unfairness of Privacy Attacks Against Machine LearningBlack-boxClassification ModelsArxivLink
2019Demystifying the membership inference attackBlack-boxClassification ModelsCMILink
2019Differential Privacy Defenses and Sampling Attacks for Membership InferenceBlack-boxClassification ModelsNeurIPS WorkshopLink
2019Privacy Risks of Securing Machine Learning Models against Adversarial ExamplesBlack-boxClassification ModelsCCSLinkLink
2019Membership Inference Attacks against Adversarially Robust Deep Learning ModelsBlack-boxClassification ModelsS&P WorkshopLink
2019Demystifying Membership Inference Attacks in Machine Learning as a ServiceBlack-boxClassification ModelsIEEE Trans. Serv. Comput.Link

Attack Papers 2018 [Back to Top]

YearTitleAdversarial KnowledgeTarget ModelVenuePaper LinkCode Link
2018Privacy Risk in Machine Learning: Analyzing the Connection to OverfittingBlack-boxClassification ModelsCSFLinkLink
2018Understanding membership inferences on well-generalized learning modelsBlack-boxClassification ModelsArxivlink

Attack Papers 2017 [Back to Top]

YearTitleAdversarial KnowledgeTarget ModelVenuePaper LinkCode Link
2017Membership inference attacks against machine learning modelsBlack-boxClassification ModelsS&PlinkLink

Membership Inference Defense

Defense Papers 2024 [Back to Top]

YearTitleAdversarial KnowledgeTarget ModelVenuePaper LinkCode Link
2024Dual-Model Defense: Safeguarding Diffusion Models from Membership Inference Attacks through Disjoint Data SplittingBlack-boxGenerative ModelsArxivLink

Defense Papers 2023 [Back to Top]

YearTitleAdversarial KnowledgeTarget ModelVenuePaper LinkCode Link
2023Mitigating Membership Inference Attacks via Weighted SmoothingBlack-boxClassification ModelsACSACLinkLink
2023MIST: Defending Against Membership Inference Attacks Through Membership-Invariant Subspace TrainingBlack-boxClassification ModelsArxivLink
2023Overconfidence is a Dangerous Thing: Mitigating Membership Inference Attacks by Enforcing Less Confident PredictionBlack-boxClassification ModelsNDSSLinkLink
2023LoDen: Making Every Client in Federated Learning a Defender Against the Poisoning Membership Inference AttacksWhite-box; Black-boxClassification ModelsAsia CCSLinkLink

Defense Papers 2022 [Back to Top]

YearTitleAdversarial KnowledgeTarget ModelVenuePaper LinkCode Link
2022Defense against membership inference attack in graph neural networks through graph perturbationWhite-boxGraph Embedding ModelsInt. J. Inf. Secur.Link
2022Provable Membership Inference PrivacyWhite-box; Black-boxClassification ModelsArxivLink
2022Repeated Knowledge Distillation with Confidence Masking to Mitigate Membership Inference AttacksWhite-box; Black-boxClassification ModelsAISecLink
2022NeuGuard: Lightweight Neuron-Guided Defense against Membership Inference AttacksBlack-boxClassification ModelsArxivLink
2022Defending against Membership Inference Attacks with High Utility by GANWhite-box; Black-boxClassification ModelsTDSCLink
2022RelaxLoss: Defending Membership Inference Attacks without Losing UtilityWhite-box; Black-boxClassification ModelsICLRLinkLink
2022Assessing Differentially Private Variational Autoencoders under Membership InferenceBlack-boxGenerative ModelsArxivLinkLink
2022Membership Privacy Protection for Image Translation Models via Adversarial Knowledge DistillationBlack-boxImage Translation ModelsArxivLink
2022MIAShield: Defending Membership Inference Attacks via Preemptive Exclusion of MembersBlack-boxClassification ModelsArxivLink
2022Privacy-preserving Generative Framework Against Membership Inference AttacksWhite-box; Black-boxClassification ModelsArxivLink

Defense Papers 2021 [Back to Top]

YearTitleAdversarial KnowledgeTarget ModelVenuePaper LinkCode Link
2021Enhanced Mixup Training: a Defense Method Against Membership Inference AttackBlack-boxClassification ModelsISPECLink
2021Mitigating Membership Inference Attacks by Self-Distillation Through a Novel Ensemble ArchitectureWhite-box; Black-boxClassification ModelsArxivLink
2021On the privacy-utility trade-off in differentially private hierarchical text classificationWhite-boxClassification ModelsArxivLink
2021MLCapsule: Guarded Offline Deployment of Machine Learning as a ServiceBlack-boxClassification ModelsCVPRLink
2021Comparing Local and Central Differential Privacy Using Membership Inference AttacksWhite-boxClassification ModelsDBSecLinkLink
2021Adversary Instantiation: Lower Bounds for Differentially Private Machine LearningWhite-boxClassification ModelsS&PLink
2021When Does Data Augmentation Help With Membership Inference Attacks?Black-boxClassification ModelsICMLLinkLink
2021Against Membership Inference Attack: Pruning is All You NeedBlack-boxClassification ModelsIJCAILink
2021Membership Privacy for Machine Learning Models Through Knowledge TransferWhite-box; Black-boxClassification ModelsAAAILink
2021Quantifying Membership Privacy via Information LeakageBlack-boxClassification ModelsIEEE Trans. Inf. Forensics Secur.Link
2021Membership Inference Attacks and Defenses in Classification ModelsBlack-boxClassification ModelsCODASPYLink
2021Digestive Neural Networks: A Novel Defense Strategy Against Inference Attacks in Federated LearningWhite-boxClassification ModelsComputers & SecurityLink
2021Resisting Membership Inference Attacks through Knowledge DistillationBlack-boxClassification ModelsNeurocomputingLink
2021privGAN: Protecting GANs from membership inference attacks at low cost to utilityWhite-boxGenerative ModelsPoPETsLink
2021Generating Private Data Surrogates for Vision Related TasksWhite-boxGenerative ModelsICPRLink
2021Membership Inference Attack with Multi-Grade Service Models in Edge IntelligenceBlack-boxClassification ModelsIEEE NetworkLink
2021PAR-GAN: Improving the Generalization of Generative Adversarial Networks Against Membership Inference AttacksWhite-boxGenerative ModelsKDDLinkLink
2021Defending Medical Image Diagnostics against Privacy Attacks using Generative Methods: Application to Retinal DiagnosticsBlack-boxClassification ModelsMICCAI WorkshopLink
2021Defending Privacy Against More Knowledgeable Membership Inference AttackersWhite-box; Black-boxClassification ModelsKDDLinkLink

Defense Papers 2020 [Back to Top]

YearTitleAdversarial KnowledgeTarget ModelVenuePaper LinkCode Link
2020Privacy for All: Demystify Vulnerability Disparity of Differential Privacy against Membership Inference AttackBlack-boxClassification ModelsArxivLink
2020Privacy for All: Demystify Vulnerability Disparity of Differential Privacy against Membership Inference AttackBlack-boxClassification ModelsArxivLink
2020Differential Privacy Protection Against Membership Inference Attack on Machine Learning for Genomic DataBlack-boxClassification ModelsBiocomputingLink
2020A Secure Federated Learning Framework for 5G NetworksWhite-boxClassification ModelsIEEE Wireless CommunicationsLink
2020Auditing Differentially Private Machine Learning: How Private is Private SGD?Black-boxClassification ModelsNeurIPSLinkLink
2020Toward Robustness and Privacy in Federated Learning: Experimenting with Local and Central Differential PrivacyWhite-boxClassification ModelsArxivLink
2020Defending Model Inversion and Membership Inference Attacks via Prediction PurificationBlack-boxClassificationArxivLink
2020Alleviating Privacy Attacks via Causal LearningBlack-boxClassification ModelsICMLLinkLink
2020On the Effectiveness of Regularization Against Membership Inference AttacksBlack-boxClassification ModelsArxivLink
2020Characterizing Membership Privacy in Stochastic Gradient Langevin DynamicsBlack-boxClassification ModelsAAAILink
2020Differentially Private Learning Does Not Bound Membership InferenceBlack-boxClassification ModelsArxivLink
2020Privacy-Preserving in Defending against Membership Inference AttacksBlack-boxClassification ModelsPPMLPLink

Defense Papers 2019 [Back to Top]

YearTitleAdversarial KnowledgeTarget ModelVenuePaper LinkCode Link
2019Evaluating Differentially Private Machine Learning in PracticeBlack-boxClassification ModelsUSENIX SecurityLinkLink
2019MemGuard: Defending against Black-Box Membership Inference Attacks via Adversarial ExamplesBlack-boxClassification ModelsCCSLinkLink
2019Generalization in Generative Adversarial Networks: A Novel Perspective from Privacy ProtectionWhite-box; Black-boxGenerative ModelsNeurIPSLink
2019Cronus: Robust and Heterogeneous Collaborative Learning with Black-Box Knowledge TransferBlack-boxClassification ModelsArxivLink
2019ML Defense: Against Prediction API Threats in Cloud-Based Machine Learning ServiceBlack-boxClassification ModelsIWQoSLink
2019Effects of Differential Privacy and Data Skewness on Membership Inference VulnerabilityBlack-boxClassification ModelsTPS-ISALink
2019Generating Artificial Data for Private Deep LearningBlack-boxGenerative ModelsPALLink

Defense Papers 2018 [Back to Top]

YearTitleAdversarial KnowledgeTarget ModelVenuePaper LinkCode Link
2018Machine Learning with Membership Privacy using Adversarial RegularizationBlack-boxClassification ModelsCCSLinkLink
2018Privacy-preserving Machine Learning through Data ObfuscationBlack-boxClassification ModelsArxivLink
2018Differentially Private Data Generative ModelsBlack-boxClassification ModelsArxivLink
2018Membership Inference Attack against Differentially Private Deep Learning ModelBlack-boxClassification ModelsTransactions on Data PrivacyLink