Ensemble Partitioning: A Defense Mechanism Against Membership Inference Attacks in ML Models

Zhao Lin Sun; Yan Er Li; Ding Yu Shi; Cen Chen

doi:10.1007/978-981-96-9872-1_36

Ensemble Partitioning: A Defense Mechanism Against Membership Inference Attacks in ML Models

Zhao Lin Sun, Yan Er Li, Ding Yu Shi, Cen Chen

School of Data Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

The risk of privacy leakage has emerged as a critical concern as machine learning models continue to achieve impressive results across various domains. Membership Inference Attacks (MIAs) pose a significant threat by enabling adversaries to determine whether specific samples were part of a model’s training data, leading to potential exposure of sensitive information. Existing defense mechanisms often struggle with the trade-off between preserving model accuracy and ensuring privacy. To address this issue, we propose a novel defense method, Ensemble Partitioning Defense (EPD), inspired by ensemble learning. EPD mitigates the risk of MIAs by partitioning the training data across multiple sub-models, reducing each model’s exposure to sensitive data. During inference, EPD combines the predictions of these sub-models and a master model, applying a uniform confidence mapping function to standardize confidence scores, thus preventing adversaries from exploiting differences in confidence vectors. Our experiments, conducted on multiple datasets, demonstrate that EPD not only effectively defends against various MIAs but also maintains high classification performance. Compared to existing defense methods, EPD offers a superior balance between privacy protection and model utility, making it a robust solution to the MIA problem.

Original language	English
Title of host publication	Advanced Intelligent Computing Technology and Applications - 21st International Conference, ICIC 2025, Proceedings
Editors	De-Shuang Huang, Yijie Pan, Wei Chen, Bo Li
Publisher	Springer Science and Business Media Deutschland GmbH
Pages	435-446
Number of pages	12
ISBN (Print)	9789819698714
DOIs	https://doi.org/10.1007/978-981-96-9872-1_36
State	Published - 2025
Event	21st International Conference on Intelligent Computing, ICIC 2025 - Ningbo, China Duration: 26 Jul 2025 → 29 Jul 2025

Publication series

Name	Lecture Notes in Computer Science
Volume	15845 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	21st International Conference on Intelligent Computing, ICIC 2025
Country/Territory	China
City	Ningbo
Period	26/07/25 → 29/07/25

Keywords

Deep Learning
Ensemble Learning
Membership Inference Attack Defense
Privacy Protection

Access to Document

10.1007/978-981-96-9872-1_36

Cite this

Sun, Z. L., Li, Y. E., Shi, D. Y., & Chen, C. (2025). Ensemble Partitioning: A Defense Mechanism Against Membership Inference Attacks in ML Models. In D.-S. Huang, Y. Pan, W. Chen, & B. Li (Eds.), Advanced Intelligent Computing Technology and Applications - 21st International Conference, ICIC 2025, Proceedings (pp. 435-446). (Lecture Notes in Computer Science; Vol. 15845 LNCS). Springer Science and Business Media Deutschland GmbH. https://doi.org/10.1007/978-981-96-9872-1_36

Sun, Zhao Lin ; Li, Yan Er ; Shi, Ding Yu et al. / Ensemble Partitioning : A Defense Mechanism Against Membership Inference Attacks in ML Models. Advanced Intelligent Computing Technology and Applications - 21st International Conference, ICIC 2025, Proceedings. editor / De-Shuang Huang ; Yijie Pan ; Wei Chen ; Bo Li. Springer Science and Business Media Deutschland GmbH, 2025. pp. 435-446 (Lecture Notes in Computer Science).

@inproceedings{d0fb6fbe39fc46b5bb82dd3b4ca477b8,

title = "Ensemble Partitioning: A Defense Mechanism Against Membership Inference Attacks in ML Models",

abstract = "The risk of privacy leakage has emerged as a critical concern as machine learning models continue to achieve impressive results across various domains. Membership Inference Attacks (MIAs) pose a significant threat by enabling adversaries to determine whether specific samples were part of a model{\textquoteright}s training data, leading to potential exposure of sensitive information. Existing defense mechanisms often struggle with the trade-off between preserving model accuracy and ensuring privacy. To address this issue, we propose a novel defense method, Ensemble Partitioning Defense (EPD), inspired by ensemble learning. EPD mitigates the risk of MIAs by partitioning the training data across multiple sub-models, reducing each model{\textquoteright}s exposure to sensitive data. During inference, EPD combines the predictions of these sub-models and a master model, applying a uniform confidence mapping function to standardize confidence scores, thus preventing adversaries from exploiting differences in confidence vectors. Our experiments, conducted on multiple datasets, demonstrate that EPD not only effectively defends against various MIAs but also maintains high classification performance. Compared to existing defense methods, EPD offers a superior balance between privacy protection and model utility, making it a robust solution to the MIA problem.",

keywords = "Deep Learning, Ensemble Learning, Membership Inference Attack Defense, Privacy Protection",

author = "Sun, \{Zhao Lin\} and Li, \{Yan Er\} and Shi, \{Ding Yu\} and Cen Chen",

note = "Publisher Copyright: {\textcopyright} The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2025.; 21st International Conference on Intelligent Computing, ICIC 2025 ; Conference date: 26-07-2025 Through 29-07-2025",

year = "2025",

doi = "10.1007/978-981-96-9872-1\_36",

language = "英语",

isbn = "9789819698714",

series = "Lecture Notes in Computer Science",

publisher = "Springer Science and Business Media Deutschland GmbH",

pages = "435--446",

editor = "De-Shuang Huang and Yijie Pan and Wei Chen and Bo Li",

booktitle = "Advanced Intelligent Computing Technology and Applications - 21st International Conference, ICIC 2025, Proceedings",

address = "德国",

}

Sun, ZL, Li, YE, Shi, DY & Chen, C 2025, Ensemble Partitioning: A Defense Mechanism Against Membership Inference Attacks in ML Models. in D-S Huang, Y Pan, W Chen & B Li (eds), Advanced Intelligent Computing Technology and Applications - 21st International Conference, ICIC 2025, Proceedings. Lecture Notes in Computer Science, vol. 15845 LNCS, Springer Science and Business Media Deutschland GmbH, pp. 435-446, 21st International Conference on Intelligent Computing, ICIC 2025, Ningbo, China, 26/07/25. https://doi.org/10.1007/978-981-96-9872-1_36

Ensemble Partitioning: A Defense Mechanism Against Membership Inference Attacks in ML Models. / Sun, Zhao Lin; Li, Yan Er; Shi, Ding Yu et al.
Advanced Intelligent Computing Technology and Applications - 21st International Conference, ICIC 2025, Proceedings. ed. / De-Shuang Huang; Yijie Pan; Wei Chen; Bo Li. Springer Science and Business Media Deutschland GmbH, 2025. p. 435-446 (Lecture Notes in Computer Science; Vol. 15845 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Ensemble Partitioning

T2 - 21st International Conference on Intelligent Computing, ICIC 2025

AU - Sun, Zhao Lin

AU - Li, Yan Er

AU - Shi, Ding Yu

AU - Chen, Cen

N1 - Publisher Copyright: © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2025.

PY - 2025

Y1 - 2025

N2 - The risk of privacy leakage has emerged as a critical concern as machine learning models continue to achieve impressive results across various domains. Membership Inference Attacks (MIAs) pose a significant threat by enabling adversaries to determine whether specific samples were part of a model’s training data, leading to potential exposure of sensitive information. Existing defense mechanisms often struggle with the trade-off between preserving model accuracy and ensuring privacy. To address this issue, we propose a novel defense method, Ensemble Partitioning Defense (EPD), inspired by ensemble learning. EPD mitigates the risk of MIAs by partitioning the training data across multiple sub-models, reducing each model’s exposure to sensitive data. During inference, EPD combines the predictions of these sub-models and a master model, applying a uniform confidence mapping function to standardize confidence scores, thus preventing adversaries from exploiting differences in confidence vectors. Our experiments, conducted on multiple datasets, demonstrate that EPD not only effectively defends against various MIAs but also maintains high classification performance. Compared to existing defense methods, EPD offers a superior balance between privacy protection and model utility, making it a robust solution to the MIA problem.

AB - The risk of privacy leakage has emerged as a critical concern as machine learning models continue to achieve impressive results across various domains. Membership Inference Attacks (MIAs) pose a significant threat by enabling adversaries to determine whether specific samples were part of a model’s training data, leading to potential exposure of sensitive information. Existing defense mechanisms often struggle with the trade-off between preserving model accuracy and ensuring privacy. To address this issue, we propose a novel defense method, Ensemble Partitioning Defense (EPD), inspired by ensemble learning. EPD mitigates the risk of MIAs by partitioning the training data across multiple sub-models, reducing each model’s exposure to sensitive data. During inference, EPD combines the predictions of these sub-models and a master model, applying a uniform confidence mapping function to standardize confidence scores, thus preventing adversaries from exploiting differences in confidence vectors. Our experiments, conducted on multiple datasets, demonstrate that EPD not only effectively defends against various MIAs but also maintains high classification performance. Compared to existing defense methods, EPD offers a superior balance between privacy protection and model utility, making it a robust solution to the MIA problem.

KW - Deep Learning

KW - Ensemble Learning

KW - Membership Inference Attack Defense

KW - Privacy Protection

UR - https://www.scopus.com/pages/publications/105012473922

U2 - 10.1007/978-981-96-9872-1_36

DO - 10.1007/978-981-96-9872-1_36

M3 - 会议稿件

AN - SCOPUS:105012473922

SN - 9789819698714

T3 - Lecture Notes in Computer Science

SP - 435

EP - 446

BT - Advanced Intelligent Computing Technology and Applications - 21st International Conference, ICIC 2025, Proceedings

A2 - Huang, De-Shuang

A2 - Pan, Yijie

A2 - Chen, Wei

A2 - Li, Bo

PB - Springer Science and Business Media Deutschland GmbH

Y2 - 26 July 2025 through 29 July 2025

ER -

Sun ZL, Li YE, Shi DY, Chen C. Ensemble Partitioning: A Defense Mechanism Against Membership Inference Attacks in ML Models. In Huang DS, Pan Y, Chen W, Li B, editors, Advanced Intelligent Computing Technology and Applications - 21st International Conference, ICIC 2025, Proceedings. Springer Science and Business Media Deutschland GmbH. 2025. p. 435-446. (Lecture Notes in Computer Science). doi: 10.1007/978-981-96-9872-1_36

Ensemble Partitioning: A Defense Mechanism Against Membership Inference Attacks in ML Models

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this