Abstract:
|
A membership inference attack on a fitted model g is any procedure which answers the following question (with a reasonable error rate): Was the feature vector x used to train g? We develop some theory which determines why such attacks are feasible, how attacks exploit local over-fitting, and how they can be defeated.
|