The vulnerability of the Lottery Ticket Hypothesis has not been studied from the purview of Membership Inference Attacks. Through this work, we are the first to empirically show that the lottery ticket networks are equally vulnerable to membership inference attacks. A Membership Inference Attack (MIA) is the process of determining whether a data sample belongs to a training set of a trained model or not. Membership Inference Attacks could leak critical information about the training data that can be used for targeted attacks. Recent deep learning models often have very large memory footprints and a high computational cost associated with training and drawing inferences. Lottery Ticket Hypothesis is used to prune the networks to find smaller sub-networks that at least match the performance of the original model in terms of test accuracy in a similar number of iterations. We used CIFAR-10, CIFAR-100, and ImageNet datasets to perform image classification tasks and observe that the attack accuracies are similar. We also see that the attack accuracy varies directly according to the number of classes in the dataset and the sparsity of the network. We demonstrate that these attacks are transferable across models with high accuracy.
翻译:通过这项工作,我们是第一个经验性地表明彩票网同样容易成为成员推论攻击的对象。一个成员推论攻击(MIA)是确定数据样本是否属于经过训练的模型的培训数据集的过程。 会员推论攻击可能泄露关于可用于定向攻击的培训数据的关键信息。最近的深层次学习模型往往有非常大的记忆足迹和与培训和绘图推论有关的高计算成本。彩票抽票网被用来利用小型子网络找到至少与类似迭代的原始模型的精确性至少相符的小型子网络。我们使用CIFAR-10、CIFAR-100和图像网络数据集来执行图像分类任务,并观察攻击的准确性相似。我们还看到攻击的准确性与数据集的班级数和网络的宽度直接不同。我们证明这些攻击是可转移式的。