Membership Inference Attacks (MIAs) aim to estimate whether a specific data point was used in the training of a given model. Previous attacks often utilize multiple reference models to approximate the conditional score distribution, leading to significant computational overhead. While recent work leverages quantile regression to estimate conditional thresholds, it fails to capture epistemic uncertainty, resulting in bias in low-density regions. In this work, we propose a novel approach - Bayesian Membership Inference Attack (BMIA), which performs conditional attack through Bayesian inference. In particular, we transform a trained reference model into Bayesian neural networks by Laplace approximation, enabling the direct estimation of the conditional score distribution by probabilistic model parameters. Our method addresses both epistemic and aleatoric uncertainty with only a reference model, enabling efficient and powerful MIA. Extensive experiments on five datasets demonstrate the effectiveness and efficiency of BMIA.

本研究解决了传统成员推断攻击在计算开销上的问题，通过提出一种新颖的贝叶斯成员推断攻击方法（BMIA），利用贝叶斯推断进行条件攻击。实验表明，该方法在只需一个参考模型的情况下，有效地降低了计算消耗，并在处理不确定性方面表现出色，提升了成员推断的准确性和效率。

基于贝叶斯神经网络的高效成员推断攻击