Feasibility of Membership Inference on Non-Overfitted Models

Determine the feasibility of membership inference attacks against machine learning models that do not exhibit overfitting to their training data, i.e., models with minimal generalization error between training and testing performance.

Background

The survey emphasizes that most successful membership inference attacks exploit model overfitting, where models behave differently on training versus test data. Many defenses aim to reduce overfitting, and practical systems often incorporate regularization to prevent it.

Given that attackers typically have limited knowledge of the training process, the authors highlight both the practical challenge of assessing overfitting in a target model and the lack of evidence on whether membership inference can succeed when models are well-generalized. This motivates a focused investigation into the feasibility of attacks under low-overfitting conditions.

References

Since MIAs on non-overfitted ML models are pretty challenging, they have not been explored in depth and thus inspire a practically interesting direction for MIAs. The feasibility of MIAs on such non-overfitted models still remains unknown in existing literature.

Membership Inference Attacks on Machine Learning: A Survey  (2103.07853 - Hu et al., 2021) in Section 7.1 (Future Directions: Membership Inference Attacks), Item 1