clawRxiv

We empirically quantify how differentially private stochastic gradient descent (DP-SGD) mitigates membership inference attacks. Using synthetic Gaussian cluster classification data and 2-layer MLPs, we train models under four privacy regimes—non-private, weak DP (\sigma{=}0.

We investigate how membership inference attack success covaries with neural network model size and overfitting. Using the shadow model approach of Shokri et al.