ML Anthology

PANORAMIA: Privacy Auditing of Machine Learning Models Without Retraining

Mishaal Kazmi, Hadrien Lautraite, Alireza Akbari, Qiaoyue Tang, Mauricio Soroco, Tao Wang, Sébastien Gambs, Mathias Lécuyer
NeurIPS 2024
doi:10.52202/079017-1825 /neurips/2024/kazmi2024neurips-panoramia/

Abstract

We present PANORAMIA, a privacy leakage measurement framework for machine learning models that relies on membership inference attacks using generated data as non-members. By relying on generated non-member data, PANORAMIA eliminates the common dependency of privacy measurement tools on in-distribution non-member data. As a result, PANORAMIA does not modify the model, training data, or training process, and only requires access to a subset of the training data. We evaluate PANORAMIA on ML models for image and tabular data classification, as well as on large-scale language models.

PDF NeurIPS OpenReview Semantic Scholar

Cite

Text

Kazmi et al. "PANORAMIA: Privacy Auditing of Machine Learning Models Without Retraining." Neural Information Processing Systems, 2024. doi:10.52202/079017-1825

Markdown

[Kazmi et al. "PANORAMIA: Privacy Auditing of Machine Learning Models Without Retraining." Neural Information Processing Systems, 2024.](https://mlanthology.org/neurips/2024/kazmi2024neurips-panoramia/) doi:10.52202/079017-1825

BibTeX

@inproceedings{kazmi2024neurips-panoramia,
  title     = {{PANORAMIA: Privacy Auditing of Machine Learning Models Without Retraining}},
  author    = {Kazmi, Mishaal and Lautraite, Hadrien and Akbari, Alireza and Tang, Qiaoyue and Soroco, Mauricio and Wang, Tao and Gambs, Sébastien and Lécuyer, Mathias},
  booktitle = {Neural Information Processing Systems},
  year      = {2024},
  doi       = {10.52202/079017-1825},
  url       = {https://mlanthology.org/neurips/2024/kazmi2024neurips-panoramia/}
}