In this paper, we introduce WaKA (Wasserstein K-nearest-neighbors Attribution), a novel attribution method that leverages principles from the LiRA (Likelihood Ratio Attack) framework and k-nearest neighbors classifiers (k-NN). WaKA efficiently measures the contribution of individual data points to the model's loss distribution, analyzing every possible k-NN that can be constructed using the training set, without requiring to sample subsets of the training set. WaKA is versatile and can be used a posteriori as a membership inference attack (MIA) to assess privacy risks or a priori for privacy influence measurement and data valuation. Thus, WaKA can be seen as bridging the gap between data attribution and membership inference attack (MIA) by providing a unified framework to distinguish between a data point's value and its privacy risk. For instance, we have shown that self-attribution values are more strongly correlated with the attack success rate than the contribution of a point to the model generalization. WaKA's different usage were also evaluated across diverse real-world datasets, demonstrating performance very close to LiRA when used as an MIA on k-NN classifiers, but with greater computational efficiency. Additionally, WaKA shows greater robustness than Shapley Values for data minimization tasks (removal or addition) on imbalanced datasets.

翻译：本文提出WaKA（Wasserstein K近邻归因），一种基于LiRA（似然比攻击）框架原理与k近邻分类器（k-NN）的新型归因方法。WaKA通过分析训练集所能构建的所有可能k-NN分类器，高效度量单个数据点对模型损失分布的贡献，且无需对训练集进行子采样。该方法具有多功能性：既可作为后验的成员推理攻击（MIA）以评估隐私风险，亦可作为先验的隐私影响度量与数据价值评估工具。因此，WaKA通过提供区分数据点价值与其隐私风险的统一框架，在数据归因与成员推理攻击之间建立了桥梁。例如，我们的研究表明，相较于数据点对模型泛化能力的贡献，其自归因值与攻击成功率具有更强的相关性。我们在多个真实数据集上评估了WaKA的不同应用场景：当作为k-NN分类器的MIA方法时，其性能接近LiRA但计算效率更高；此外，在不平衡数据集的数据最小化任务（删除或添加）中，WaKA相比Shapley值表现出更强的鲁棒性。