Black-box membership inference attacks based on shadow model

Membership inference attacks on machine learning models have drawn significant attention. While current research primarily utilizes shadow modeling techniques, which require knowledge of the target model and training data, practical scenarios involve black-box access to the target model with no available information. Limited training data further complicate the implementation of these attacks. In this paper, we experimentally compare common data enhancement schemes and propose a data synthesis framework based on the variational autoencoder generative adversarial network(VAE-GAN) to extend the training data for shadow models. Meanwhile, this paper proposes a shadow model training algorithm based on adversarial training to improve the shadow model's ability to mimic the predicted behavior of the target model when the target model's information is unknown. By conducting attack experiments on different models under the black-box access setting, this paper verifies the effectiveness of the VAE-GAN-based data synthesis framework for improving the accuracy of membership inference attack. Furthermore, we verify that the shadow model, trained by using the adversarial training approach, effectively improves the degree of mimicking the predicted behavior of the target model. Compared with existing research methods, the method proposed in this paper achieves a 2% improvement in attack accuracy and delivers better attack performance.