Uncovering Memorization in Timeseries Imputation Models: LBRM Membership Inference and its Link to Attribute Leakage
Summary: arXiv:2603.24213v1 Announce Type: cross
Deep learning models for time series imputation have become crucial in various domains, including healthcare, the Internet of Things (IoT), and finance. However, the deployment of these models introduces significant privacy concerns that cannot be ignored. While the problem of unintended memorization has been widely recognized in generative models, our research highlights that time series models are equally susceptible to inference attacks, particularly in black-box scenarios.
Abstract
This study presents a two-stage attack framework that reveals the vulnerabilities of time series models in the context of membership and attribute inference attacks. The first component of the framework is a novel membership inference attack that utilizes a reference model, which enhances detection accuracy, even against models that are designed to be robust against overfitting-based attacks. The second component introduces the first-ever attribute inference attack aimed at predicting sensitive characteristics of the training data used in time series imputation models.
Methodology
To evaluate the effectiveness of our attacks, we implemented them on attention-based and autoencoder architectures under two different scenarios:
- Models that are trained from scratch.
- Fine-tuned models where the adversary has access to the initial weights.
Findings
Our experimental findings reveal that the proposed membership inference attack successfully retrieves a significant portion of the training data. The results indicate that the attack achieves a true positive rate at the top 25% (tpr@top25%) that is markedly higher than that of a naive attack baseline. Additionally, our membership attack serves as a reliable indicator of the potential success of attribute inference, achieving a precision score of 90%, compared to just 78% in general cases.
Implications
The implications of these findings are profound, especially in fields where sensitive data is processed. As time series models become more integrated into critical applications, understanding their vulnerabilities is essential for developing effective countermeasures. Our research underscores the necessity for practitioners to be aware of the risks associated with deploying deep learning models for time series imputation, particularly in terms of privacy and data leakage.
Conclusion
In conclusion, this work sheds light on the critical privacy concerns surrounding time series imputation models. By introducing a dual-attack framework, we provide a comprehensive analysis of the vulnerabilities these models face concerning membership and attribute inference attacks. As the landscape of AI continues to evolve, it is imperative for researchers and practitioners alike to prioritize privacy considerations in their model development and deployment strategies.