In this paper, we introduce WaKA (Wasserstein K-nearest neighbors Attribution), a novel attribution method that leverages principles from the LiRA (Likelihood Ratio Attack) framework and applies them to \( k \)-nearest neighbors classifiers (\( k \)-NN). WaKA efficiently measures the contribution of individual data points to the model's loss distribution, analyzing every possible \( k \)-NN that can be constructed using the training set, without requiring sampling or shadow model training. WaKA can be used \emph{a posteriori} as a membership inference attack (MIA) to assess privacy risks, and \emph{a priori} for data minimization and privacy influence measurement. Thus, WaKA can be seen as bridging the gap between data attribution and membership inference attack (MIA) literature by distinguishing between the value of a data point and its privacy risk. For instance, we show that self-attribution values are more strongly correlated with the attack success rate than the contribution of a point to model generalization. WaKA's different usages were also evaluated across diverse real-world datasets, demonstrating performance very close to LiRA when used as an MIA on \( k \)-NN classifiers, but with greater computational efficiency.

翻译：本文提出WaKA（Wasserstein K近邻归因），这是一种新颖的归因方法，它借鉴LiRA（似然比攻击）框架的原理并将其应用于k近邻分类器（k-NN）。WaKA能高效衡量单个数据点对模型损失分布的贡献，通过分析训练集可构建的所有可能k-NN模型实现该目标，且无需采样或影子模型训练。WaKA可被后验地用作成员推理攻击（MIA）以评估隐私风险，也可先验地用于数据最小化与隐私影响度量。因此，WaKA通过区分数据点的价值与其隐私风险，在数据归因与成员推理攻击（MIA）研究领域间建立了桥梁。例如，我们证明数据点的自归因值与其对模型泛化能力的贡献相比，与攻击成功率具有更强的相关性。WaKA的不同应用场景在多个真实数据集上进行了评估，结果表明当其在k-NN分类器上作为MIA使用时，性能与LiRA非常接近，但具有更高的计算效率。