[FR]: Membership inference attacks in recommender systems #13
Description
Willingness to contribute
Yes. I can contribute this feature independently.
Proposal Summary
This addition to the privacy estimation tool extends its capabilities to include membership
inference attacks specifically tailored for recommender systems. Similar to traditional membership inference attacks, the recommender system attacks analyze the prediction patterns of the model to infer membership status.
Motivation
What is the use case for this feature?
This enhancement extends the tool's applicability to privacy analysis in recommendation systems, ensuring a more comprehensive assessment of potential information leakage.
Why is this use case valuable to support for OCI DataScience users in general?
Any analysis done of recommender systems in OCI could utilize this tool to analyze a recommender's privacy protection capabilities.
Why is this use case valuable to support for your project(s) or organization?
As part of a recommender team, it is extremely important to understand how protected user data is. This tool will allow us to measure that privacy level.
Why is it currently difficult to achieve this use case?
The implementation of a membership inference attack in a recommender system relies upon the creation of a shadow model that is supposed to mimic the target model as closely as possible. Without direct access to training data, it is difficult to achieve this.
Details
This contribution will follow the format of the paper Zhang et al. Membership Inference Attacks Against Recommender Systems paper and will be contributed by Animesh Agarwal and Ian Hanus.