Common Information
Type | Value |
---|---|
Value |
Infer Training Data Membership |
Category | Attack-Pattern |
Type | Mitre-Atlas-Attack-Pattern |
Misp Type | Cluster |
Description | Adversaries may infer the membership of a data sample in its training set, which raises privacy concerns. Some strategies make use of a shadow model that could be obtained via [Train Proxy via Replication](/techniques/AML.T0005.001), others use statistics of model prediction scores. This can cause the victim model to leak private information, such as PII of those in the training set or other forms of protected IP. |