Membership inference attacks (MIAs) are currently considered one of the main privacy attack strategies, and their defense mechanisms have also been extensively explored. However, there is still a gap between the existing defense approaches and ideal models in performance and deployment costs. In particular, we observed that the privacy vulnerability of the model is closely correlated with the gap between the model's data-memorizing ability and generalization ability. To address this, we propose a new architecture-agnostic training paradigm called center-based relaxed learning (CRL), which is adaptive to any classification model and provides privacy preservation by sacrificing a minimal or no loss of model generalizability. We emphasize that CRL can better maintain the model's consistency between member and non-member data. Through extensive experiments on standard classification datasets, we empirically show that this approach exhibits comparable performance without requiring additional model capacity or data costs.

翻译：成员推断攻击（MIAs）当前被认为是主要的隐私攻击策略之一，其防御机制也已得到广泛研究。然而，现有防御方法与理想模型在性能和部署成本之间仍存在差距。特别地，我们观察到模型的隐私脆弱性与其数据记忆能力和泛化能力之间的差距密切相关。为解决这一问题，我们提出了一种新的架构无关训练范式——基于中心的松弛学习（CRL），该方法可自适应于任何分类模型，通过牺牲最小化甚至不损失模型泛化能力来实现隐私保护。我们强调CRL能更好地维持模型对成员数据与非成员数据的一致性。在标准分类数据集上的大量实验表明，该方法在无需额外模型容量或数据成本的情况下展现出可比较的性能。