Membership Inference

释义 Definition

成员推断（攻击）：一种隐私攻击/分析方法，旨在判断某个特定样本（例如一条用户数据）是否被用于训练某个机器学习模型。常见于对模型隐私泄露风险的评估语境中。（在安全领域也常说 membership inference attack。）

发音 Pronunciation (IPA)

/mm.brp n.fr.ns/

例句 Examples

The auditor ran membership inference to check whether the model had seen a user’s record.
审计人员进行了成员推断，以检查模型是否见过某位用户的记录。

Even with only black-box access, attackers can use membership inference by exploiting differences in confidence scores between training and non-training examples.
即使只有黑盒访问权限，攻击者也能利用训练样本与非训练样本在置信度分数上的差异来进行成员推断。

词源 Etymology

membership 源自 member（成员）+ -ship（表示“身份/状态/关系”的后缀），表示“成员身份/隶属关系”；inference 来自拉丁语 inferre（带来、推断）。合起来的核心含义就是：推断某个数据点是否“属于”训练集。

相关词 Related Words

• Inference
• Privacy
• Attack
• Black-Box
• Overfitting
• Generalization
• Differential Privacy
• Model Extraction

文献/作品中的用例 Notable Works

• Shokri, Stronati, Song, Shmatikov (2017), Membership Inference Attacks Against Machine Learning Models
• Yeom, Giacomelli, Fredrikson, Jha (2018), Privacy Risk in Machine Learning: Analyzing the Connection to Overfitting（讨论并形式化成员推断风险）
• Salem et al. (2019), ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models
• Carlini et al. (2022), Membership Inference Attacks From First Principles