中圖分類號(hào)：TP181
文獻(xiàn)標(biāo)識(shí)碼：A
DOI:10.19358/j.issn.2097-1788.2023.05.008
引用格式：楊盼盼，張信明.基于標(biāo)簽的無(wú)數(shù)據(jù)的成員推理攻擊［J］.網(wǎng)絡(luò)安全與數(shù)據(jù)治理，2023，42（5）：44-49.

Label-based data-free membership inference attack

Abstract： Membership inference attack infers whether a specific record is a training data member of a model based on the model′s prediction results, which has important application significance in the field of privacy protection. Existing labelbased datafree membership inference attack methods mainly use adversarial sample technology, which has a high query and computation cost. This paper proposed a new membership inference attack method that uses a shadow model to reduce the query cost of multiple attacks, and proposed data filtering and optimization strategies to improve the performance of the attack model. Experiments were conducted on two commonly used image datasets, and the results showed that the proposed method has both a high attack success rate and a low query cost.

Key words : membership inference attack; datafree; labelbased