Unveiling Privacy Risks in the Long Tail: Membership Inference in Class Skewness

Hu, Hailong; PANG, Jun; Li, Yantao; Qin, Huafeng

doi:10.1109/tifs.2025.3607261

Download

Article (Scientific journals)

Unveiling Privacy Risks in the Long Tail: Membership Inference in Class Skewness

Hu, Hailong; PANG, Jun; Li, Yantao et al.

2025 • In IEEE Transactions on Information Forensics and Security, 20, p. 9507-9522

Peer Reviewed verified by ORBi

Permalink
https://hdl.handle.net/10993/65858

DOI
10.1109/tifs.2025.3607261

Files (1)Send to Details Statistics Bibliography Similar publications

Files

Full Text

TIFS25.pdf

Author postprint (1.24 MB)

Download

All documents in ORBilu are protected by a user license.

Send to

RIS BibTex APA Chicago Permalink X Linkedin

Details

Disciplines :

Computer science

Author, co-author :

Hu, Hailong ; National Research Base of Intelligent Manufacturing Service, Chongqing Technology and Business University, Chongqing, China

PANG, Jun ; University of Luxembourg

Li, Yantao ; College of Computer Science, Chongqing University, Chongqing, China

Qin, Huafeng ; National Research Base of Intelligent Manufacturing Service, Chongqing Technology and Business University, Chongqing, China

External co-authors :

yes

Language :

English

Title :

Unveiling Privacy Risks in the Long Tail: Membership Inference in Class Skewness

Publication date :

2025

Journal title :

IEEE Transactions on Information Forensics and Security

ISSN :

1556-6013

eISSN :

1556-6021

Publisher :

Institute of Electrical and Electronics Engineers (IEEE)

Volume :

Pages :

9507-9522

Peer reviewed :

Peer Reviewed verified by ORBi

Additional URL :

http://xplorestaging.ieee.org/ielx8/10206/10810755/11153515.pdf?arnumber=11153515

Available on ORBilu :

since 18 September 2025

Statistics

Number of views

9 (0 by Unilu)

Number of downloads

25 (1 by Unilu)

More statistics

Scopus citations^®

Scopus citations^®
without self-citations

OpenCitations

OpenAlex citations

Bibliography

M. Abadi, A. Chu, I. Goodfellow, H. B. McMahan, I. Mironov, K. Talwar, and L. Zhang, "Deep learning with differential privacy, " in ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, 2016, pp. 308-318.
M. Aerni, J. Zhang, and F. Tramèr, "Evaluations of machine learning privacy defenses are misleading, " in ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, 2024, p. 1271-1284.
E. Bagdasaryan, O. Poursaeed, and V. Shmatikov, "Differential privacy has disparate impact on model accuracy, " in Advances in Neural Information Processing Systems (NeurIPS). Curran Associates, Inc., 2019.
K. Cao, C. Wei, A. Gaidon, N. Arechiga, and T. Ma, "Learning imbalanced datasets with label-distribution-aware margin loss, " in Advances in Neural Information Processing Systems (NeurIPS). Curran Associates, Inc., 2019.
N. Carlini, S. Chien, M. Nasr, S. Song, A. Terzis, and F. Tramer, "Membership inference attacks from first principles, " in IEEE Symposium on Security and Privacy (SP). IEEE, 2022, pp. 1519-1519.
N. Carlini, M. Jagielski, C. Zhang, N. Papernot, A. Terzis, and F. Tramer, "The privacy onion effect: Memorization is relative, " in Advances in Neural Information Processing Systems (NeurIPS). Curran Associates, Inc., 2022, pp. 13 263-13 276.
N. V. Chawla, K. W. Bowyer, L. O. Hall, and W. P. Kegelmeyer, "Smote: synthetic minority over-sampling technique, " Journal of Artificial Intelligence Research, vol. 16, pp. 321-357, 2002.
D. Chen, N. Yu, and M. Fritz, "Relaxloss: Defending membership inference attacks without losing utility, " in International Conference on Learning Representations (ICLR), 2022.
S. Chen, C. Ge, Z. Tong, J. Wang, Y. Song, J. Wang, and P. Luo, "Adaptformer: Adapting vision transformers for scalable visual recognition, " in Advances in Neural Information Processing Systems (NeurIPS). Curran Associates, Inc., 2022, pp. 16 664-16 678.
Z. Chen and K. Pattabiraman, "Overconfidence is a dangerous thing: Mitigating membership inference attacks by enforcing less confident prediction, " in Network and Distributed System Security Symposium (NDSS). Internet Society, 2023.
C. A. Choquette-Choo, F. Tramer, N. Carlini, and N. Papernot, "Labelonly membership inference attacks, " in International Conference on Machine Learning (ICML). PMLR, 2021, pp. 1964-1974.
Y. Cui, M. Jia, T.-Y. Lin, Y. Song, and S. Belongie, "Class-balanced loss based on effective number of samples, " in IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). IEEE, 2019, pp. 9260-9269.
S. De, L. Berrada, J. Hayes, S. L. Smith, and B. Balle, "Unlocking high-accuracy differentially private image classification through scale, " arXiv preprint arXiv:2204.13650, 2022.
B. Dong, P. Zhou, S. Yan, and W. Zuo, "Lpt: Long-tailed prompt tuning for image classification, " arXiv preprint arXiv:2210.01033, 2022.
A. Dosovitskiy, L. Beyer, A. Kolesnikov, D. Weissenborn, X. Zhai, T. Unterthiner, M. Dehghani, M. Minderer, G. Heigold, S. Gelly, J. Uszkoreit, and N. Houlsby, "An image is worth 16x16 words: Transformers for image recognition at scale, " in International Conference on Learning Representations (ICLR), 2021.
C. Dwork, "Differential privacy, " in International colloquium on automata, languages, and programming. Springer, 2006, pp. 1-12.
A. Estabrooks, T. Jo, and N. Japkowicz, "A multiple resampling method for learning from imbalanced data sets, " Computational Intelligence, vol. 20, no. 1, pp. 18-36, 2004.
V. Feldman, "Does learning require memorization? A short tale about a long tail, " in ACM SIGACT Symposium on Theory of Computing. ACM, 2020, p. 954-959.
V. Feldman and C. Zhang, "What neural networks memorize and why: Discovering the long tail via influence estimation, " in Advances in Neural Information Processing Systems (NeurIPS). Curran Associates, Inc., 2020, pp. 2881-2891.
Y. Hong, S. Han, K. Choi, S. Seo, B. Kim, and B. Chang, "Disentangling label distribution for long-tailed visual recognition, " in IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). IEEE, 2021, pp. 6622-6632.
N. Houlsby, A. Giurgiu, S. Jastrzebski, B. Morrone, Q. De Laroussilhe, A. Gesmundo, M. Attariyan, and S. Gelly, "Parameter-efficient transfer learning for nlp, " in International Conference on Machine Learning (ICML). PMLR, 2019, pp. 2790-2799.
E. J. Hu, P. Wallis, Z. Allen-Zhu, Y. Li, S. Wang, L. Wang, W. Chen et al., "Lora: Low-rank adaptation of large language models, " in International Conference on Learning Representations (ICLR), 2022.
J. Jia, A. Salem, M. Backes, Y. Zhang, and N. Z. Gong, "Memguard: Defending against black-box membership inference attacks via adversarial examples, " in ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, 2019, pp. 259-274.
M. Jia, L. Tang, B.-C. Chen, C. Cardie, S. Belongie, B. Hariharan, and S.-N. Lim, "Visual prompt tuning, " in European Conference on Computer Vision (ECCV). Springer, 2022, pp. 709-727.
R. Jia, F. Wu, X. Sun, J. Xu, D. Dao, B. Kailkhura, C. Zhang, B. Li, and D. Song, "Scalability vs. utility: Do we have to sacrifice one for the other in data importance quantification?" in IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). IEEE, 2021, pp. 8235-8243.
Kaggle, "Newsgroups20, " Kaggle, https://www.kaggle.com/datasets/crawford/20-newsgroups.
B. Kang, S. Xie, M. Rohrbach, Z. Yan, A. Gordo, J. Feng, and Y. Kalantidis, "Decoupling representation and classifier for long-tailed recognition, " in International Conference on Learning Representations (ICLR), 2020.
X. Li, Q. Li, Z. Hu, and X. Hu, "On the privacy effect of data enhancement via the lens of memorization, " IEEE Transactions on Information Forensics and Security, vol. 19, pp. 4686-4699, 2024.
Z. Li, Y. Liu, X. He, N. Yu, M. Backes, and Y. Zhang, "Auditing membership leakages of multi-exit networks, " in ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, 2022, pp. 1917-1931.
Z. Li and Y. Zhang, "Membership leakage in label-only exposures, " in ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, 2021, pp. 880-895.
X.-Y. Liu, J. Wu, and Z.-H. Zhou, "Exploratory undersampling for class-imbalance learning, " IEEE Transactions on Systems, Man, and Cybernetics, Part B, vol. 39, no. 2, pp. 539-550, 2008.
Y. Liu, Z. Zhao, M. Backes, and Y. Zhang, "Membership inference attacks by exploiting loss trajectory, " in ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, 2022, p. 2085-2098.
A. K. Menon, S. Jayasumana, A. S. Rawat, H. Jain, A. Veit, and S. Kumar, "Long-tail learning via logit adjustment, " in International Conference on Learning Representations (ICLR), 2021.
M. Nasr, R. Shokri, and A. Houmansadr, "Machine learning with membership privacy using adversarial regularization, " in ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, 2018, pp. 634-646.
M. Nasr, R. Shokri, and A. Houmansadr, "Comprehensive privacy analysis of deep learning: Passive and active white-box inference attacks against centralized and federated learning, " in IEEE Symposium on Security and Privacy (SP). IEEE, 2019, pp. 739-753.
M. Nasr, S. Songi, A. Thakurta, N. Papernot, and N. Carlin, "Adversary instantiation: Lower bounds for differentially private machine learning, " in IEEE Symposium on Security and Privacy (SP). IEEE, 2021, pp. 866-882.
A. Radford, J. W. Kim, C. Hallacy, A. Ramesh, G. Goh, S. Agarwal, G. Sastry, A. Askell, P. Mishkin, J. Clark et al., "Learning transferable visual models from natural language supervision, " in International Conference on Machine Learning (ICML). PMLR, 2021, pp. 8748-8763.
W. J. Reed, "The pareto, zipf and other power laws, " Economics Letters, vol. 74, no. 1, pp. 15-19, 2001.
J. Ren, C. Yu, X. Ma, H. Zhao, S. Yi et al., "Balanced meta-softmax for long-tailed visual recognition, " in Advances in Neural Information Processing Systems (NeurIPS). Curran Associates, Inc., 2020, pp. 4175-4186.
T.-Y. Ross and G. Dollár, "Focal loss for dense object detection, " in IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). IEEE, 2017, pp. 2980-2988.
A. Salem, Y. Zhang, M. Humbert, P. Berrang, M. Fritz, and M. Backes, "Ml-leaks: Model and data independent membership inference attacks and defenses on machine learning models, " in Network and Distributed System Security Symposium (NDSS). Internet Society, 2019.
T. Sander, P. Stock, and A. Sablayrolles, "Tan without a burn: Scaling laws of dp-sgd, " in International Conference on Machine Learning (ICML). PMLR, 2023, pp. 29 937-29 949.
J.-X. Shi, T. Wei, Z. Zhou, J.-J. Shao, X.-Y. Han, and Y.-F. Li, "Long-tail learning with foundation model: Heavy fine-tuning hurts, " in International Conference on Machine Learning (ICML). PMLR, 2024, pp. 45 014-45 039.
R. Shokri, M. Stronati, C. Song, and V. Shmatikov, "Membership inference attacks against machine learning models, " in IEEE Symposium on Security and Privacy (SP). IEEE, 2017, pp. 3-18.
T. Steinke, M. Nasr, and M. Jagielski, "Privacy auditing with one (1) training run, " in Advances in Neural Information Processing Systems (NeurIPS). Curran Associates, Inc., 2023, pp. 49 268-49 280.
S. Truex, L. Liu, M. E. Gursoy, W. Wei, and L. Yu, "Effects of differential privacy and data skewness on membership inference vulnerability, " in IEEE International Conference on Trust, Privacy and Security in Intelligent Systems and Applications. IEEE, 2019, pp. 82-91.
A. Vaswani, N. Shazeer, N. Parmar, J. Uszkoreit, L. Jones, A. N. Gomez, L. Kaiser, and I. Polosukhin, "Attention is all you need, " in Advances in Neural Information Processing Systems (NeurIPS). Curran Associates, Inc., 2017, p. 6000-6010.
B. Wang, P. Wang, W. Xu, X. Wang, Y. Zhang, K. Wang, and Y. Wang, "Kill two birds with one stone: Rethinking data augmentation for deep long-tailed learning, " in International Conference on Learning Representations (ICLR), 2024.
X. Wang, J. Zhao, E. Marostica, W. Yuan, J. Jin, J. Zhang, R. Li, H. Tang, K. Wang, Y. Li et al., "A pathology foundation model for cancer diagnosis and prognosis prediction, " Nature, pp. 1-9, 2024.
R. Wen, M. Backes, and Y. Zhang, "Understanding data importance in machine learning attacks: Does valuable data pose greater harm?" in Network and Distributed System Security Symposium (NDSS). Internet Society, 2025.
R. Wen, Z. Li, M. Backes, and Y. Zhang, "Membership inference attacks against in-context learning, " in ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, 2024, p. 3481-3495.
D. H. Wolpert and W. G. Macready, "No free lunch theorems for optimization, " IEEE Transactions on Evolutionary Computation, vol. 1, no. 1, pp. 67-82, 1997.
A. Yousefpour, I. Shilov, A. Sablayrolles, D. Testuggine, K. Prasad, M. Malek, J. Nguyen, S. Ghosh, A. Bharadwaj, J. Zhao, G. Cormode, and I. Mironov, "Opacus: User-friendly differential privacy library in PyTorch, " arXiv preprint arXiv:2109.12298, 2021.
S. Zagoruyko and N. Komodakis, "Wide residual networks, " in Proceedings of the British Machine Vision Conference, 2016.
E. B. Zaken, Y. Goldberg, and S. Ravfogel, "Bitfit: Simple parameterefficient fine-tuning for transformer-based masked language-models, " in Annual Meeting of the Association for Computational Linguistics (ACL), 2022, pp. 1-9.
H. Zhang, M. Cisse, Y. N. Dauphin, and D. Lopez-Paz, "mixup: Beyond empirical risk minimization, " in International Conference on Learning Representations (ICLR), 2018.
M. Zhang, Z. Ren, Z. Wang, P. Ren, Z. Chen, P. Hu, and Y. Zhang, "Membership inference attacks against recommender systems, " in ACM SIGSAC Conference on Computer and Communications Security (CCS). ACM, 2021, pp. 864-879.
Y. Zhang, B. Kang, B. Hooi, S. Yan, and J. Feng, "Deep long-tailed learning: A survey, " IEEE Transactions on Pattern Analysis and Machine Intelligence, vol. 45, no. 9, pp. 10 795-10 816, 2023.
D. Zhong, X. Wang, Z. Xu, J. Xu, and W. H. Wang, "Interaction-level membership inference attack against recommender systems with longtailed distribution, " in ACM International Conference on Information and Knowledge Management (CIKM). ACM, 2024, p. 3433-3442.
G. K. Zipf, Human Behavior and the Principle of Least Effort. Cambridge, MA: Addison-Wesley, 1949.