![[2510.10625] ImpMIA: Leveraging Implicit Bias for Membership Inference Attack](https://arxiv.org/static/browse/0.3.4/images/arxiv-logo-fb.png){kind=logo}
[2510.10625] ImpMIA: Leveraging Implicit Bias for Membership Inference Attack
Summary
The paper introduces ImpMIA, a novel Membership Inference Attack that leverages implicit bias in neural networks to identify training samples without requiring extensive assumptions about the attacked model.
Why It Matters
Understanding Membership Inference Attacks is crucial for data privacy, especially as machine learning models become more accessible. ImpMIA offers a new approach that could enhance security measures against potential data leaks in real-world applications.
Key Takeaways
- ImpMIA exploits implicit bias in neural networks for membership inference.
- It requires no training of auxiliary models, simplifying the attack process.
- The method achieves state-of-the-art performance in both black and white box scenarios.
Computer Science > Machine Learning arXiv:2510.10625 (cs) [Submitted on 12 Oct 2025 (v1), last revised 25 Feb 2026 (this version, v3)] Title:ImpMIA: Leveraging Implicit Bias for Membership Inference Attack Authors:Yuval Golbari, Navve Wasserman, Gal Vardi, Michal Irani View a PDF of the paper titled ImpMIA: Leveraging Implicit Bias for Membership Inference Attack, by Yuval Golbari and 3 other authors View PDF HTML (experimental) Abstract:Determining which data samples were used to train a model, known as Membership Inference Attack (MIA), is a well-studied and important problem with implications on data privacy. SotA methods (which are black-box attacks) rely on training many auxiliary reference models to imitate the behavior of the attacked model. As such, they rely on assumptions which rarely hold in real-world settings: (i) the attacker knows the training hyperparameters; (ii) all available non-training samples come from the same distribution as the training data; and (iii) the fraction of training data in the evaluation set is known. We show that removing these assumptions significantly harms the performance of black-box attacks. We introduce ImpMIA, a Membership Inference Attack that exploits the Implicit Bias of neural networks. Building on the maximum-margin implicit bias theory, ImpMIA uses the Karush-Kuhn-Tucker (KKT) optimality conditions to identify training samples -- those whose gradients most strongly reconstruct the trained model's parameters. Our approach i...
