Membership inference attacks against transfer learning for generalized model

For the problem of poor performance of exciting membership inference attack (MIA) when facing the transfer learning model that is generalized, the MIA for the transfer learning model that is generalized was first systematically studied, the anomaly detection was designed to obtain vulnerable data samples, and MIA was carried out against individual samples.Finally, the proposed method was tested on four image data sets, which shows that the proposed MIA has great attack performance.For example, on the Flowers102 classifier migrated from VGG16 (pretraining with Caltech101), the proposed MIA achieves 83.15% precision, which reveals that in the environment of transfer learning, even without access to the teacher model, the MIA for the teacher model can be achieved by visiting the student model.