Membership Feature Aggregation Attack Against Knowledge Reasoning Models in Internet of Things

The rapid growth of Internet of Things (IoT) technology has heightened the requirement for effective data management and analysis. Knowledge graphs (KGs) and large pretrained language models (LLMs) play crucial roles in this scenario: KGs offer structured data management, while LLMs enhance data feature analysis. However, as data privacy concerns escalate, IoT machine learning models become more susceptible to membership inference attacks (MIAs). To tackle this challenge, we focus MIAs in knowledge reasoning models (KRMs) for IoT environments and propose two attack methods: 1) correlation attack (CA) and 2) feature aggregation attack (FAA). CA leverages the relational features of KGs to link member characteristics across different parameter spaces. It aggregates these features and maps them into a nonlinear space to identify linear relationships among members, thus improving membership recognition. In contrast, the FAA focuses on aggregating multiple member features, such as confidence scores, loss values, decision labels, and so on, within the KRM and projects them into a linear space. This method captures the interactions among different features, enhancing the differentiation between member and nonmember samples. The key difference is that CA explores correlations between features across member identities, while FAA aggregates various features to improve overall representation and identification. Experimental results show that both CA and FAA outperform existing methods, offering a more effective assessment of privacy risks in KRMs within IoT environments.