Deploying machine learning models in production may allow adversaries to infer sensitive information about training data. There is a vast literature analyzing different types of inference risks, ranging from membership inference to reconstruction attacks. Inspired by the success of games (i.e., probabilistic experiments) to study security properties in cryptography, some authors describe privacy inference risks in machine learning using a similar game-based style. However, adversary capabilities and goals are often stated in subtly different ways from one presentation to the other, which makes it hard to relate and compose results. In this paper, we present a game-based framework to systematize the body of knowledge on privacy inference risks in machine learning. We use this framework to (1) provide a unifying structure for definitions of inference risks, (2) formally establish known relations among definitions, and (3) to uncover hitherto unknown relations that would have been difficult to spot otherwise.

翻译：将机器学习模型部署到生产环境中可能使对手能够推断出训练数据中的敏感信息。现有大量文献分析了不同类型的推断风险，从成员推断到重构攻击。受密码学中利用游戏（即概率实验）研究安全属性成功的启发，一些作者采用类似的基于游戏的风格来描述机器学习中的隐私推断风险。然而，在不同表述中，对手的能力和目标往往以微妙的方式存在差异，这使得关联和组合结果变得困难。本文提出一个基于游戏的框架，用于系统化机器学习中隐私推断风险的知识体系。我们利用该框架：（1）为推断风险的定义提供统一结构，（2）正式建立定义间的已知关系，以及（3）揭示迄今为止难以察觉的未知关联。