Membership inference attacks (MIAs) are currently considered one of the main privacy attack strategies, and their defense mechanisms have also been extensively explored. However, there is still a gap between the existing defense approaches and ideal models in performance and deployment costs. In particular, we observed that the privacy vulnerability of the model is closely correlated with the gap between the model's data-memorizing ability and generalization ability. To address this, we propose a new architecture-agnostic training paradigm called center-based relaxed learning (CRL), which is adaptive to any classification model and provides privacy preservation by sacrificing a minimal or no loss of model generalizability. We emphasize that CRL can better maintain the model's consistency between member and non-member data. Through extensive experiments on standard classification datasets, we empirically show that this approach exhibits comparable performance without requiring additional model capacity or data costs.

翻译：成员推理攻击（MIAs）目前被视为主要的隐私攻击策略之一，其防御机制也已得到广泛探索。然而，现有防御方法在性能与部署成本方面仍与理想模型存在差距。特别地，我们观察到模型的隐私脆弱性与模型的数据记忆能力和泛化能力之间的差距密切相关。为此，我们提出一种新的架构无关训练范式——基于中心的松弛学习（CRL），该范式适用于任何分类模型，并通过牺牲极小或无需牺牲模型泛化能力来提供隐私保护。我们强调，CRL能更好地保持模型在成员数据与非成员数据间的一致性。通过在标准分类数据集上的大量实验，我们经验性地证明该方法在不增加额外模型容量或数据成本的情况下，展现出可比的性能。