A Critical Review on the Effectiveness and Privacy Threats of Membership Inference Attacks

Computer Science > Cryptography and Security [Submitted on 24 Mar 2026] A Critical Review on the Effectiveness and Privacy Threats of Membership Inference Attacks Najeeb Jebreel, David Sánchez, Josep Domingo-Ferrer Membership inference attacks (MIAs) aim to determine whether a data sample was included in a machine learning (ML) model's training set and have become the de facto standard for measuring privacy leakages in ML. We propose an evaluation framework that defines the conditions under which MIAs constitute a genuine privacy threat, and review representative MIAs against it. We find that, under the realistic conditions defined in our framework, MIAs represent weak privacy threats. Thus, relying on them as a privacy metric in ML can lead to an overestimation of risk and to unnecessary sacrifices in model utility as a consequence of employing too strong defenses. Comments: To appear in ESORICS 2026 Subjects: Cryptography and Security (cs.CR); Machine Learning (cs.LG) Cite as: arXiv:2603.22987 [cs.CR]   (or arXiv:2603.22987v1 [cs.CR] for this version)   https://doi.org/10.48550/arXiv.2603.22987 Focus to learn more Submission history From: Najeeb Jebreel [view email] [v1] Tue, 24 Mar 2026 09:23:57 UTC (89 KB) Access Paper: HTML (experimental) view license Current browse context: cs.CR < prev   |   next > new | recent | 2026-03 Change to browse by: cs cs.LG References & Citations NASA ADS Google Scholar Semantic Scholar Export BibTeX Citation Bookmark Bibliographic Tools Bibliographic and Citation Tools Bibliographic Explorer Toggle Bibliographic Explorer (What is the Explorer?) Connected Papers Toggle Connected Papers (What is Connected Papers?) Litmaps Toggle Litmaps (What is Litmaps?) scite.ai Toggle scite Smart Citations (What are Smart Citations?) Code, Data, Media Demos Related Papers About arXivLabs Which authors of this paper are endorsers? | Disable MathJax (What is MathJax?)