Membership Inference via Backdooring
Authors: Hongsheng Hu, Zoran Salčić, Gillian Dobbie, Jinjun Chen, Lichao Sun, Xuyun Zhang
IJCAI 2022 | Conference PDF | Archive PDF | Plain Text | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We perform extensive experiments on various datasets and deep neural network architectures, and the results validate the efficacy of our approach, e.g., marking only 0.1% of the training dataset is practically sufficient for effective membership inference. |
| Researcher Affiliation | Academia | Hongsheng Hu1 , Zoran Salcic1 , Gillian Dobbie1 , Jinjun Chen2 , Lichao Sun3 , Xuyun Zhang4 1University of Auckland 2Swinburne University of Technology 3Lehigh University 4Macquarie University |
| Pseudocode | No | The paper describes the approach in text and with a flow diagram, but does not include any explicit pseudocode or algorithm blocks. |
| Open Source Code | Yes | The source code is available at: https://github.com/HongshengHu/membership-inference-via-backdooring. |
| Open Datasets | Yes | We evaluate MIB on benchmark datasets, i.e., CIFAR-10 [Krizhevsky et al., 2009], Location-30 [Shokri et al., 2017], and Purchase-100 [Shokri et al., 2017], which are widely used in existing research on MIAs [Hu et al., 2021]. |
| Dataset Splits | No | The paper mentions total sample counts for datasets and ratios of marked samples within the training data but does not explicitly provide percentages or counts for distinct training, validation, and test splits within the main text. |
| Hardware Specification | No | The paper does not provide specific hardware details such as GPU models, CPU types, or memory specifications used for running the experiments. |
| Software Dependencies | No | The paper does not provide specific software dependencies with version numbers (e.g., library names like PyTorch or TensorFlow with their versions). |
| Experiment Setup | Yes | We use Resnet-18 [He et al., 2016] as the target model for CIFAR-10 and fully-connected (FC) neural network with two hidden layers (256 units and 128 units) for Location-30 and Purchase-100. The data owner uses a 3x3 white square (i.e., ϵ 9) as the trigger pattern... For Location-30 and Purchase-100, the data owner uses a 20-length binary array (i.e., ϵ 20) as the trigger pattern... We set the target backdoor label as 1 for all dataset. We set the number of queries to its minimum value, i.e., 30... We set the significance level at 0.05... |