Notice: The reproducibility variables underlying each score are classified using an automated LLM-based pipeline, validated against a manually labeled dataset. LLM-based classification introduces uncertainty and potential bias; scores should be interpreted as estimates. Full accuracy metrics and methodology are described in Coakley et alK. L. Coakley, T. Snelleman, H. Hoos, and O. E. Gundersen, "The embrace of open science: An analysis of a decade of AI research and 56 800 conference papers," Under Review, 2026..
Toward Efficient Inference Attacks: Shadow Model Sharing via Mixture-of-Experts
Authors: Li Bai, Qingqing Ye, Xinwei Zhang, Sen Zhang, Zi Liang, Jianliang Xu, Haibo Hu
NeurIPS 2025 | Venue PDF | LLM Run Details
| Reproducibility Variable | Result | LLM Response |
|---|---|---|
| Research Type | Experimental | We conduct extensive experiments to evaluate SHAPOOL across various existing membership inference attacks (MIAs) [9, 16], demonstrating that it outperforms the conventional shadow models in both attack performance and training efficiency. On one hand, in a resource-limited scenario where only a limited number of shadow models can be trained [21], shared models can enhance the performance of existing attacks under a similar computational budget. On the other hand, in resource-abundant scenarios like data auditing and risk assessment [22, 23, 24], it achieves comparable performance while significantly reducing the computational cost of conventional methods. |
| Researcher Affiliation | Academia | Department of Electrical and Electronic Engineering, The Hong Kong Polytechnic University1 Poly U Research Centre for Privacy and Security Technologies in Future Smart Systems2 Department of Computer Science, Hong Kong Baptist University3 |
| Pseudocode | Yes | The pseudocode for shadow model-based inference attacks is provided in Appendix A.1, where more related works are discussed. [...] Algorithm 1: Shadow Model-based Inference Attacks [...] Algorithm 2: Model Augmentation-based Shadow Model Construction [...] Algorithm 3: SHAPOOL: Mo E-based Shadow Pool Training Framework [...] Algorithm 4: SHAPOOL-based Property Inference Attacks |
| Open Source Code | Yes | We report the average results over five independent runs with different random seeds and and release the source code at https://github.com/Bai Libl/Shadow Pool.git. |
| Open Datasets | Yes | Our evaluation is conducted on three benchmark datasets: CIFAR100 [46], CIFAR10 [46] and CINIC10, and three typical network architectures: Res Net18 [47], VGG16 [48], and Wide Res Net28-10 [49]. [...] Following prior works on PIAs [14], we conduct experiments on the Census dataset [69], focusing on two target properties: sex ( Female ) and race ( Black ). |
| Dataset Splits | Yes | We consider the conventional shadow model construction approach as the baseline (denoted by BASE), where each shadow model is independently trained on a randomly sampled subset of auxiliary data. Our proposed framework replaces the shadow model construction stage with shared models from the pool, while the other two stages remain unchanged. [...] Following previous settings [9, 52], we prepare 128 shadow models for Li RA-online (half IN and half OUT) and 64 for Li RA-offline (all OUT). |
| Hardware Specification | Yes | All experiments are implemented in Pytorch and performed on an NVIDIA RTX-3090 server with the Ubuntu operating system. |
| Software Dependencies | No | All experiments are implemented in Pytorch and performed on an NVIDIA RTX-3090 server with the Ubuntu operating system. |
| Experiment Setup | Yes | They are trained for 100 epochs with a batch size of 64 and an initial learning rate of 0.1. We use the SGD optimizer with a weight decay of 5 10 4 and a momentum of 0.9, along with a cosine learning rate schedule [65] for optimization. |