一种新的基于影子模型成员推理攻击方法

With the development and application of machine learning, the privacy and security of training data of machine learning models face serious challenges. As a common privacy attack in the field of machine learning, the attacker uses this method to infer whether the data is involved in the training of machine learning models. Current research on member inference attacks has seen significant success in various fields with shadow model, but the technique requires the attacker to have sufficient data to train the shadow model. The target model in realistic scenarios is usually black-box accessible, and the attacker may only have access to a limited amount of data to support shadow model training by collecting data, which has a significant impact on the accuracy of membership inference attacks. In order to implement membership inference attacks in realistic scenarios, this paper uses CGAN models to generate data to expand training data for shadow models and improve the accuracy of membership inference attacks under the premise that the attacker has a small number of data sets with the same distribution as the training set of the target model, and filters them by querying the target model. Experiments show thatthe proposed method in this paper can improve the accuracy by up to 1.3% compared with Salem\'s data transferring attack.