Balancing Privacy and Attack Utility: Calibrating Sample Difficulty for Membership Inference Attacks in Transfer Learning

The growing prominence of transfer learning in domains such as healthcare and finance highlights its efficacy in enhancing machine learning models. However, conventional membership inference attacks (MIA) often struggle to perform well when applied to transfer learning models trained under normal fit. To address this challenge, we propose a novel approach called PC-MIA. This approach involves generating multiple poisoned reference models using toxic samples. These poisoned models are then utilized to calibrate the difficulty of samples and reveal their true hardness, thereby enhancing the accuracy of MIA. Through empirical evaluations conducted on real-world datasets and employing diverse model architectures, our approach demonstrates its ability to significantly improve the accuracy of membership inference.