This repository contains a curated list of papers related to distribution inference/property inference in machine learning. A code repository is provided when available by the authors. For corrections, suggestions, or missing papers, please either open an issue or submit a pull request.
- SoK: Let The Privacy Games Begin! A Unified Treatment of Data Inference Privacy in Machine Learning. Ahmed Salem, Giovanni Cherubin, David Evans, Boris Köpf, Andrew Paverd, Anshuman Suri, Shruti Tople, Santiago Zanella-Béguelin. IEEE S&P, 2023.
- Hacking Smart Machines with Smarter Ones: How to Extract Meaningful Data from Machine Learning Classifiers. Giuseppe Ateniese, Luigi V. Mancini, Angelo Spognardi, Antonio Villani, Domenico Vitali and Giovanni Felici. International Journal of Security and Networks, 2015.
- Property Inference Attacks on Fully Connected Neural Networks using Permutation Invariant Representations. Karan Ganju, Qi Wang, Wei Yang, Carl A. Gunter, Nikita Borisov. CCS, 2018.
- Formalizing and Estimating Distribution Inference Risks. Anshuman Suri and David Evans. PETS, 2022. (code)
- Dissecting Distribution Inference. Anshuman Suri, Yifu Lu, Yanjin Chen, David Evans. IEEE SaTML, 2023. (code)
- Leakage of Dataset Properties in Multi-Party Machine Learning. Wanrong Zhang, Shruti Tople, Olga Ohrimenko. USENIX Security 2021.
- Correlation Inference Attacks against Machine Learning Models. Ana-Maria Cretu*, Florent Guepin*, and Yves-Alexandre de Montjoye. arxiv, 2021.
- Property Inference from Poisoning. Saeed Mahloujifar, Esha Ghosh, Melissa Chase. IEEE S&P, 2022.
- SNAP: Efficient Extraction of Private Properties with Poisoning. Harsh Chaudhari, John Abascal, Alina Oprea, Matthew Jagielski, Florian Tramèr, Jonathan Ullman. IEEE SaTML, 2023. (code)
- Manipulating Transfer Learning for Property Inference. Yulong Tian, Fnu Suya, Anshuman Suri, Fengyuan Xu, David Evans. CVPR, 2023. (code)
- Subject Membership Inference Attacks in Federated Learning. Anshuman Suri, Pallika Kanani, Virendra J. Marathe, Daniel W. Peterson. arXiv, 2022.
- User Inference Attacks on Large Language Models. Nikhil Kandpal, Krishna Pillutla, Alina Oprea, Peter Kairouz, Christopher A. Choquette-Choo, Zheng Xu. arXiv, 2023.
- FACE-AUDITOR: Data Auditing in Facial Recognition Systems. Min Chen, Zhikun Zhang, Tianhao Wang, Michael Backes, Yang Zhang. USENIX, 2023. (code)
- User-Level Membership Inference Attack against Metric Embedding Learning. Guoyao Li, Shahbaz Rezaei, Xin Liu. ICLR PAIR^2Struct Workshop, 2022.
- Inference Attacks Against Face Recognition Model without Classification Layers. Yuanqing Huang, Huilong Chen, Yinggui Wang, Lei Wang. arXiv, 2024.
- SLMIA-SR: Speaker-Level Membership Inference Attacks against Speaker Recognition Systems. Guangke Chen, Yedi Zhang, Fu Song. arXiv, 2023.
- Formalizing and Estimating Distribution Inference Risks. Anshuman Suri and David Evans. PETS, 2022. (code)
- Protecting Global Properties of Datasets with Distribution Privacy Mechanisms. Michelle Chen and Olga Ohrimenko. AISTATS, 2023. (code)
- Distribution inference risks: Identifying and mitigating sources of leakage. Valentin Hartmann, Léo Meynent, Maxime Peyrard, Dimitrios Dimitriadis, Shruti Tople, Robert West. IEEE SaTML, 2023. (code)
- Black-Box Audits for Group Distribution Shifts. Marc Juarez, Samuel Yeom, Matt Fredrikson. arXiv, 2022.
- Attesting Distributional Properties of Training Data for Machine Learning. Vasisht Duddu, Anudeep Das, Nora Khayata, Hossein Yalame, Thomas Schneider, N. Asokan. arXiv, 2023.
- Inf2Guard: An Information-Theoretic Framework for Learning Privacy-Preserving Representations against Inference Attacks. Sayedeh Leila Noorbakhsh, Binghui Zhang, Yuan Hong, Binghui Wang. USENIX, 2024. (code)