Membership inference attacks (MIAs) aim to determine whether a sample was part of a model's training set, posing serious privacy risks for modern machine-learning systems. Existing MIAs primarily rely on static indicators, such as loss or confidence, and do not fully leverage the dynamic behavior of models when actively probed. We propose LeakBoost, a perceptual-loss-based interrogation framework that actively probes a model's internal representations to expose hidden membership signals. Given a candidate input, LeakBoost synthesizes an interrogation image by optimizing a perceptual (activation-space) objective, amplifying representational differences between members and non-members. This image is then analyzed by an off-the-shelf membership detector, without modifying the detector itself. When combined with existing membership inference methods, LeakBoost achieves substantial improvements at low false-positive rates across multiple image classification datasets and diverse neural network architectures. In particular, it raises AUC from near-chance levels (0.53-0.62) to 0.81-0.88, and increases TPR at 1 percent FPR by over an order of magnitude compared to strong baseline attacks. A detailed sensitivity analysis reveals that deeper layers and short, low-learning-rate optimization produce the strongest leakage, and that improvements concentrate in gradient-based detectors. LeakBoost thus offers a modular and computationally efficient way to assess privacy risks in white-box settings, advancing the study of dynamic membership inference.

翻译：成员推断攻击旨在判定某个样本是否属于模型训练集的一部分，这对现代机器学习系统构成了严重的隐私风险。现有成员推断攻击主要依赖静态指标（如损失值或置信度），未能充分利用主动探测时模型的动态行为。本文提出LeakBoost——一种基于感知损失的主动探测框架，通过主动探查模型的内部表征来揭示隐藏的成员信息。给定候选输入后，LeakBoost通过优化感知（激活空间）目标来合成探测图像，从而放大成员与非成员样本在表征层面的差异。该图像随后由现成的成员检测器进行分析，且无需修改检测器本身。当与现有成员推断方法结合时，LeakBoost在多个图像分类数据集及不同神经网络架构上，均能在较低误报率下实现显著性能提升。具体而言，该方法将AUC从接近随机水平（0.53-0.62）提升至0.81-0.88，并在1%误报率下将真正例率较基线攻击提升超过一个数量级。细致的敏感性分析表明：深层网络层配合短周期、低学习率的优化能产生最强的信息泄露，且性能提升主要集中在基于梯度的检测器中。因此，LeakBoost为白盒环境下的隐私风险评估提供了一种模块化且计算高效的方法，推动了动态成员推断研究的发展。