Black-Box Based Limited Query Membership Inference Attack

Abstract

Conventional membership inference attacks usually require a large number of queries of the target model when training shadow models, and this task becomes extremely difficult when the number of queries is limited. Aiming at the problem of insufficient training data for shadow models due to the limited number of queries, we propose a membership inference attack method based on generative adversarial networks (GAN). First, we use generative adversarial networks to augment the samples obtained by a small number of queries to expand the training data of the model; Secondly, we use the improved CNN to obtain shadow models that have a higher degree of fitting on different target model structures; Finally, we evaluate the accuracy of the proposed algorithm on XgBoost, Logistic, and neural network models using public datasets MNIST and CIFAR10 in a black-box setting, and the results show that our model has an average attack accuracy of 62% and 83%, respectively. It can be seen that, compared with the existing research methods, our model can obtain better attack effects under the condition of significantly reducing the number of queries, which shows the feasibility of our proposed method in membership inference attacks.