A Method to Facilitate Membership Inference Attacks in Deep Learning Models
Zitao Chen
Network and Distributed System Security (NDSS) Symposium 2025 · Day 3 · Membership Inference
In an era increasingly reliant on machine learning, the privacy of training data has become a paramount concern. This talk by Zitao Chen at the NDSS Symposium introduces a groundbreaking and stealthy method to facilitate **membership inference attacks (MIA)** against deep learning models. Unlike previous attacks that often degrade model utility, making them easily detectable, this novel approach achieves "extremely high privacy leakage" while maintaining the model's normal performance, effectively bypassing the long-standing privacy-utility trade-off. The research highlights a critical, often overlooked, vulnerability stemming from the use of untrusted machine learning codebases, which are prevalent on platforms like GitHub and Hugging Face.
AI review
Solid, original research that cracks open a genuinely underexplored attack surface: supply-chain-poisoned training code enabling stealthy membership inference that bypasses existing auditing tools entirely. The divide-and-conquer framing — encoding membership through secret samples with a dedicated normalization path — is a clean, non-obvious insight that invalidates a whole class of current defenses.