Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Automated Membership Inference Attacks: Discovering MIA Signal Computations using LLM Agents

Toan Tran, Olivera Kotevska, Li Xiong

Abstract

Membership inference attacks (MIAs), which enable adversaries to determine whether specific data points were part of a model's training dataset, have emerged as an important framework to understand, assess, and quantify the potential information leakage associated with machine learning systems. Designing effective MIAs is a challenging task that usually requires extensive manual exploration of model behaviors to identify potential vulnerabilities. In this paper, we introduce AutoMIA -- a novel framework that leverages large language model (LLM) agents to automate the design and implementation of new MIA signal computations. By utilizing LLM agents, we can systematically explore a vast space of potential attack strategies, enabling the discovery of novel strategies. Our experiments demonstrate AutoMIA can successfully discover new MIAs that are specifically tailored to user-configured target model and dataset, resulting in improvements of up to 0.18 in absolute AUC over existing MIAs. This work provides the first demonstration that LLM agents can serve as an effective and scalable paradigm for designing and implementing MIAs with SOTA performance, opening up new avenues for future exploration.

Automated Membership Inference Attacks: Discovering MIA Signal Computations using LLM Agents

Abstract

Membership inference attacks (MIAs), which enable adversaries to determine whether specific data points were part of a model's training dataset, have emerged as an important framework to understand, assess, and quantify the potential information leakage associated with machine learning systems. Designing effective MIAs is a challenging task that usually requires extensive manual exploration of model behaviors to identify potential vulnerabilities. In this paper, we introduce AutoMIA -- a novel framework that leverages large language model (LLM) agents to automate the design and implementation of new MIA signal computations. By utilizing LLM agents, we can systematically explore a vast space of potential attack strategies, enabling the discovery of novel strategies. Our experiments demonstrate AutoMIA can successfully discover new MIAs that are specifically tailored to user-configured target model and dataset, resulting in improvements of up to 0.18 in absolute AUC over existing MIAs. This work provides the first demonstration that LLM agents can serve as an effective and scalable paradigm for designing and implementing MIAs with SOTA performance, opening up new avenues for future exploration.
Paper Structure (89 sections, 29 equations, 10 figures, 3 tables, 3 algorithms)

This paper contains 89 sections, 29 equations, 10 figures, 3 tables, 3 algorithms.

Table of Contents

  1. Introduction
  2. Related Works
  3. Membership inference attacks.
  4. LLM-guided evolutionary search.
  5. Methodology: AutoMIA
  6. Problem Formulation.
  7. System Architecture and Overview.
  8. User Configuration.
  9. Explorer Agent.
  10. Exploiter Agent.
  11. Implementation and Execution Agents.
  12. Storage and Retrieval.
  13. Experiments & Results
  14. Overall Evaluation
  15. Experiment Setup.
  16. ...and 74 more sections

Figures (10)

  • Figure 1: General membership inference attack pipeline. AutoMIA employs LLM Agents to design and implement the signal computation strategy.
  • Figure 2: AutoMIA architecture. The agents design, implement, and perform experiments, then store attempts into a shared database for future retrieval. This iterative process allows the agents to learn from previous attempts and optimize the MIA designs over time.
  • Figure 3: Transferability of the MIA discovered on ArXiv to other datasets. Some datasets have good transferability, while others do not.
  • Figure 4: Discovered MIAs on the shared PCA space. Each point represents an MIA design. AutoMIA explores more broadly than OpenEvolve.
  • Figure 5: MIA performance on PCA space. Each point represents an MIA design by AutoMIA, and the color indicates its performance (AUC). Each high-performing MIA can be surrounded by low-performing MIAs.
  • ...and 5 more figures