AdaMixup: A Dynamic Defense Framework for Membership Inference Attack Mitigation
Ying Chen, Jiajing Chen, Yijie Weng, ChiaHua Chang, Dezhi Yu, Guanbiao Lin
TL;DR
AdaMixup addresses membership inference attacks by introducing a dynamic mixup defense that adapts the mixing weight over training and assigns labels based on the dominant sample. The method decouples regularization from convergence by linearly decaying the mixup coefficient and uses an adaptive label allocation to maintain label integrity. Across MNIST, CIFAR-10, LFW, and STL-10, AdaMixup markedly reduces attack success while preserving or matching strong classification performance, outperforming traditional defenses like differential privacy and MemGuard in several scenarios. This work demonstrates that carefully calibrated, time-varying data interpolation can enhance privacy protections without sacrificing practical utility, paving the way for more flexible mixup-based defenses.
Abstract
Membership inference attacks have emerged as a significant privacy concern in the training of deep learning models, where attackers can infer whether a data point was part of the training set based on the model's outputs. To address this challenge, we propose a novel defense mechanism, AdaMixup. AdaMixup employs adaptive mixup techniques to enhance the model's robustness against membership inference attacks by dynamically adjusting the mixup strategy during training. This method not only improves the model's privacy protection but also maintains high performance. Experimental results across multiple datasets demonstrate that AdaMixup significantly reduces the risk of membership inference attacks while achieving a favorable trade-off between defensive efficiency and model accuracy. This research provides an effective solution for data privacy protection and lays the groundwork for future advancements in mixup training methods.