Uncovering Memorization in Timeseries Imputation models: LBRM Membership Inference and its link to attribute Leakage

Deep learning models for time series imputation are now essential in fields such as healthcare, the Internet of Things (IoT), and finance. However, their deployment raises critical privacy concerns. Beyond the well-known issue of unintended memorization, which has been extensively studied in generative models, we demonstrate that time series models are vulnerable to inference attacks in a black-box setting. In this work, we introduce a two-stage attack framework comprising: (1) a novel membership inference attack based on a reference model that improves detection accuracy, even for models robust to overfitting-based attacks, and (2) the first attribute inference attack that predicts sensitive characteristics of the training data for timeseries imputation model. We evaluate these attacks on attention-based and autoencoder architectures in two scenarios: models that are trained from scratch, and fine-tuned models where the adversary has access to the initial weights. Our experimental results demonstrate that the proposed membership attack retrieves a significant portion of the training data with a tpr@top25% score significantly higher than a naive attack baseline. We show that our membership attack also provides a good insight of whether attribute inference will work (with a precision of 90% instead of 78% in the genral case).

Key Contributions

• Novel Loss-Based Reference Model (LBRM) membership inference attack that achieves AUROC 0.90 by comparing target model with matched reference model
• First attribute inference attack for time-series imputation models that recovers sensitive temporal patterns (peaks) with 0.87-0.92 recall
• Demonstrates operational link between membership and attribute inference: LBRM identifies sequences vulnerable to attribute leakage, improving AIA precision from 78% to 90%

🛡️ Threat Analysis

Details

Similar Papers