cs.CRcs.PL
A Bayesian Approach to Membership Inference for Statistical Release
May 28, 2026
This paper proposes a Bayesian framework to enhance membership inference attacks against released statistics by incorporating prior knowledge about the population's attribute dependency structure, outperforming existing methods.
The membership inference problem for publicly released statistics from a private dataset is well-studied. When developing and formally analyzing attack strategies, however, the focus has been on attacks that model the population using only its marginals. In practice, these attacks can perform well on various populations, however most formal analysis is for populations that follow a product distribution. These strategies may fail to leverage useful information about the population that is important for understanding a realistic privacy threat. In this work, we explore the impact of providing an attacker with additional information about the attribute dependency structure of the population, motivated by examples where multiple parties may have access to similarly structured data, for example the US Census and the IRS. To model this scenario, we re-frame the membership inference problem with respect to a population represented as a Bayesian network (BN). We develop a framework based on Bayesian decision-making which can incorporate prior information about the population to launch more effective, specialized attacks. To evaluate our framework, we introduce a specific attack instantiation which computes the Bayesian posterior using a probabilistic program, and prove its equivalence to an optimal variant of the likelihood ratio test attack for two populations with strong attribute dependency. We implement our program in the Roulette probabilistic programming language and show experimentally that it outperforms the likelihood ratio test and inner product attacks on five commonly used BNs, where the population dependency structure is too complex for the existing attacks to be manually adapted.
A Critical Review on the Effectiveness and Privacy Threats of Membership Inference Attacks
The paper proposes a new evaluation framework showing that, under realistic cond…
AutoMIA: Improved Baselines for Membership Inference Attack via Agentic Self-Exploration
AutoMIA introduces an agentic framework that automates the process of Membership…
Learning the Signature of Memorization in Autoregressive Language Models
The paper introduces a novel, transferable learned attack (LT-MIA) that detects…
Evaluating Differential Privacy Against Membership Inference in Federated Learning: Insights from th…
This paper empirically evaluates the effectiveness of Differential Privacy (DP)…
Automated Membership Inference Attacks: Discovering MIA Signal Computations using LLM Agents
The paper introduces AutoMIA, a novel framework that uses LLM agents to automate…
ReproMIA: A Comprehensive Analysis of Model Reprogramming for Proactive Membership Inference Attacks
The paper introduces ReproMIA, a novel and efficient framework that uses model r…
Gyokuro: Source-assisted Private Membership Testing using Trusted Execution Environments
Gyokuro is a novel Source-assisted Private Membership Testing (SPMT) protocol th…
SERSEM: Selective Entropy-Weighted Scoring for Membership Inference in Code Language Models
SERSEM introduces a selective entropy-weighted scoring framework to significantl…