Pith. sign in

REVIEW 7 cited by

Not yet reviewed by Pith; the record is open.

This paper has not been read by Pith yet. Machine review is queued; the pith claim, tier, and objections will appear here once it completes.

SPECIMEN: schema-true, not a live event

T0 review · schema-true

One-sentence machine reading of the paper's core claim.

pith:XXXXXXXX · record.json · timestamp

arxiv 1705.07663 v4 pith:6ELPMYF5 submitted 2017-05-22 cs.CR cs.LG

LOGAN: Membership Inference Attacks Against Generative Models

classification cs.CR cs.LG
keywords generativeattacksmodelsmodeltrainingdatasetsdistributioninference
verification ladder T0 review T1 audit T2 compute T3 formal T4 reserved
0 comments
read the original abstract

Generative models estimate the underlying distribution of a dataset to generate realistic samples according to that distribution. In this paper, we present the first membership inference attacks against generative models: given a data point, the adversary determines whether or not it was used to train the model. Our attacks leverage Generative Adversarial Networks (GANs), which combine a discriminative and a generative model, to detect overfitting and recognize inputs that were part of training datasets, using the discriminator's capacity to learn statistical differences in distributions. We present attacks based on both white-box and black-box access to the target model, against several state-of-the-art generative models, over datasets of complex representations of faces (LFW), objects (CIFAR-10), and medical images (Diabetic Retinopathy). We also discuss the sensitivity of the attacks to different training parameters, and their robustness against mitigation strategies, finding that defenses are either ineffective or lead to significantly worse performances of the generative models in terms of training stability and/or sample quality.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 7 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Cross-Flow Correlations Survive Synthesis: Measuring Source-Level Privacy Leakage in Synthetic Network Traces

    cs.CR 2025-08 conditional novelty 8.0

    Synthetic network generators preserve cross-flow correlations enabling source-level membership inference, shown via the TraceBleed attack across five datasets and six generators.

  2. Single-Sample Black-Box Membership Inference Attack against Vision-Language Models via Cross-modal Semantic Alignment

    cs.CV 2026-05 unverdicted novelty 7.0

    A cross-modal alignment attack achieves AUC 0.821 for single-sample black-box membership inference on VLMs such as LLaVA-1.5 by quantifying image-generated caption similarity.

  3. FERMI: Exploiting Relations for Membership Inference Against Tabular Diffusion Models

    cs.LG 2026-05 unverdicted novelty 7.0

    FERMI improves membership inference on tabular diffusion models by mapping relational auxiliary information into attack features, raising TPR at 0.1 FPR by up to 53% white-box and 22% black-box over single-table baselines.

  4. Noise Aggregation Analysis Driven by Small-Noise Injection: Efficient Membership Inference for Diffusion Models

    cs.CV 2025-10 unverdicted novelty 7.0

    Introduces noise aggregation analysis with single-step small-noise injection to enable efficient and accurate membership inference attacks on diffusion models.

  5. Advancing the State-of-the-Art in Empirical Privacy Auditing

    cs.LG 2026-06 unverdicted novelty 6.0

    Proposes high-temperature synthetic canaries and auxiliary-model auditing to improve empirical privacy measurement for LLM fine-tuning and synthetic data generation.

  6. Hey, That's My Data! Token-Only Dataset Inference in Large Language Models

    cs.CL 2025-06 unverdicted novelty 6.0

    CatShift detects training data membership in LLMs by comparing output shifts induced by fine-tuning on member versus non-member data, relying on catastrophic forgetting without requiring logit access.

  7. Quantifying the Privacy of Counterfactuals by Leveraging Membership Inference Attacks Against Synthetic Data

    cs.LG 2026-06 unverdicted novelty 5.0

    Membership inference attacks adapted from synthetic data succeed on counterfactuals using only the counterfactuals themselves, without model access.