Generalization and Membership Inference Attack a Practical Perspective

arXiv cs.LG / 4/23/2026

📰 NewsIdeas & Deep AnalysisModels & Research

共有:

Key Points

The paper re-examines the relationship between Membership Inference Attack (MIA) success rates and model generalization using updated metrics and attack methodologies.
It experimentally shows that stronger generalization techniques—such as data augmentation and early stopping—can dramatically reduce MIA attack performance, potentially by as much as 100×.
The study finds that combining generalization methods not only improves generalization but also makes attacks less effective by injecting randomness during training.
Using a controlled setup with over 1,000 models, the authors provide evidence that generalization directly influences MIA outcomes.

Abstract

With the emergence of new evaluation metrics and attack methodologies for Membership Inference Attacks (MIA), it becomes essential to reevaluate previously accepted assumptions. In this paper, we revisit the longstanding debate regarding the correlation between MIA success rates and model generalization using an empirical approach. We focused on employing augmentation techniques and early stopping to enhance model generalization and examined their impact on MIA success rates. We found that utilizing advanced generalization techniques can significantly decrease attack performance, potentially by up to 100 times. Moreover, combining these methods not only improves model generalization but also reduces attack effectiveness by introducing randomness during training. Additionally, our study confirmed the direct impact of generalization on MIA performance through an analysis of over 1K models in a controlled environment.