Table of Contents
Fetching ...

Assessing the Effectiveness of Membership Inference on Generative Music

Kurtis Chow, Omar Samiullah, Vinesh Sridhar, Hewen Zhang

TL;DR

The paper investigates membership inference attacks on generative music, addressing privacy and copyright concerns in GAN-based music generation.It evaluates two attack types—white-box discriminator attacks and black-box Monte Carlo attacks—on MuseGAN under two training regimes (default and overfitted) using the LPD-5 Cleansed dataset.Results indicate that music data in this setting is surprisingly resilient to MIAs: white-box attacks perform near random, Monte Carlo single MI remains around baseline, and Set MI effects arise from the methodology rather than genuine signal, likely due to high-dimensional, sparse symbolic representations.The authors discuss possible reasons for this resilience and outline future directions, including music-specific similarity metrics, broader model evaluations, efficiency improvements, and privacy defenses.

Abstract

Generative AI systems are quickly improving, now able to produce believable output in several modalities including images, text, and audio. However, this fast development has prompted increased scrutiny concerning user privacy and the use of copyrighted works in training. A recent attack on machine-learning models called membership inference lies at the crossroads of these two concerns. The attack is given as input a set of records and a trained model and seeks to identify which of those records may have been used to train the model. On one hand, this attack can be used to identify user data used to train a model, which may violate their privacy especially in sensitive applications such as models trained on medical data. On the other hand, this attack can be used by rights-holders as evidence that a company used their works without permission to train a model. Remarkably, it appears that no work has studied the effect of membership inference attacks (MIA) on generative music. Given that the music industry is worth billions of dollars and artists would stand to gain from being able to determine if their works were being used without permission, we believe this is a pressing issue to study. As such, in this work we begin a preliminary study into whether MIAs are effective on generative music. We study the effect of several existing attacks on MuseGAN, a popular and influential generative music model. Similar to prior work on generative audio MIAs, our findings suggest that music data is fairly resilient to known membership inference techniques.

Assessing the Effectiveness of Membership Inference on Generative Music

TL;DR

The paper investigates membership inference attacks on generative music, addressing privacy and copyright concerns in GAN-based music generation.It evaluates two attack types—white-box discriminator attacks and black-box Monte Carlo attacks—on MuseGAN under two training regimes (default and overfitted) using the LPD-5 Cleansed dataset.Results indicate that music data in this setting is surprisingly resilient to MIAs: white-box attacks perform near random, Monte Carlo single MI remains around baseline, and Set MI effects arise from the methodology rather than genuine signal, likely due to high-dimensional, sparse symbolic representations.The authors discuss possible reasons for this resilience and outline future directions, including music-specific similarity metrics, broader model evaluations, efficiency improvements, and privacy defenses.

Abstract

Generative AI systems are quickly improving, now able to produce believable output in several modalities including images, text, and audio. However, this fast development has prompted increased scrutiny concerning user privacy and the use of copyrighted works in training. A recent attack on machine-learning models called membership inference lies at the crossroads of these two concerns. The attack is given as input a set of records and a trained model and seeks to identify which of those records may have been used to train the model. On one hand, this attack can be used to identify user data used to train a model, which may violate their privacy especially in sensitive applications such as models trained on medical data. On the other hand, this attack can be used by rights-holders as evidence that a company used their works without permission to train a model. Remarkably, it appears that no work has studied the effect of membership inference attacks (MIA) on generative music. Given that the music industry is worth billions of dollars and artists would stand to gain from being able to determine if their works were being used without permission, we believe this is a pressing issue to study. As such, in this work we begin a preliminary study into whether MIAs are effective on generative music. We study the effect of several existing attacks on MuseGAN, a popular and influential generative music model. Similar to prior work on generative audio MIAs, our findings suggest that music data is fairly resilient to known membership inference techniques.
Paper Structure (16 sections, 1 equation, 3 figures, 3 tables)

This paper contains 16 sections, 1 equation, 3 figures, 3 tables.

Figures (3)

  • Figure 1: An example of a GAN. A GAN is composed of two main actors, the generator and discriminator. The generator's goal is to produce samples that are similar to the training database and the discriminator's goal is to accurately distinguish between them.
  • Figure 2: A simplified depiction of the MuseGAN composer model, adapted from dong2018musegan. Their main contribution is to preprocess music 5-track pianorolls such that they can be input into the generator and discriminator while also being able to be recovered as MIDI files. Care is made to ensure the five tracks cohere musically. To this end, they introduce harmony-based methods to measure loss.
  • Figure 3: Attack Success Rate Across Training