Abstract

In this chapter, we explain why and how machine learning models may be vulnerable to inference attacks that exploit the privacy vulnerabilities of the models (Section 5.2). We then discuss how to design a privacy auditing framework based on the performance of inference attacks. In particular, we present membership inference attacks as a fundamental tool to measure how much a model (and more precisely the learning algorithm) leaks information about every data point in its training set (Section 5.3. In order to have an accurate privacy risk estimation, we then present techniques to construct powerful membership inference attacks. We also discuss the metrics that we should use to measure the attack performance. Then, in Section 5.4, we explain the practical meanings of these privacy risk estimates under different settings, and connect them with differential privacy. Finally, in Section 5.5, we review the ML Privacy Meter, a Python library designed to quantify the privacy risks of machine learning models.