{"id":"https://openalex.org/W7148550179","doi":"https://doi.org/10.48550/arxiv.2604.01014","title":"AutoMIA: Improved Baselines for Membership Inference Attack via Agentic Self-Exploration","display_name":"AutoMIA: Improved Baselines for Membership Inference Attack via Agentic Self-Exploration","publication_year":2026,"publication_date":"2026-04-01","ids":{"openalex":"https://openalex.org/W7148550179","doi":"https://doi.org/10.48550/arxiv.2604.01014"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2604.01014","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.01014","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2604.01014","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5132766988","display_name":"Ruhao Liu","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Liu, Ruhao","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5132787365","display_name":"Weiqi Huang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Huang, Weiqi","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5132788391","display_name":"Qi Li","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Li, Qi","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5132813618","display_name":"Xinchao Wang","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Wang, Xinchao","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":4,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9581000208854675,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9581000208854675,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10764","display_name":"Privacy-Preserving Technologies in Data","score":0.007300000172108412,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10883","display_name":"Ethics and Social Impacts of AI","score":0.005400000140070915,"subfield":{"id":"https://openalex.org/subfields/3311","display_name":"Safety Research"},"field":{"id":"https://openalex.org/fields/33","display_name":"Social Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.694599986076355},{"id":"https://openalex.org/keywords/tree-traversal","display_name":"Tree traversal","score":0.6164000034332275},{"id":"https://openalex.org/keywords/executable","display_name":"Executable","score":0.5131999850273132},{"id":"https://openalex.org/keywords/heuristics","display_name":"Heuristics","score":0.5022000074386597},{"id":"https://openalex.org/keywords/feature","display_name":"Feature (linguistics)","score":0.44920000433921814},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.44350001215934753},{"id":"https://openalex.org/keywords/flagging","display_name":"Flagging","score":0.40459999442100525},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.3239000141620636}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7215999960899353},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.694599986076355},{"id":"https://openalex.org/C140745168","wikidata":"https://www.wikidata.org/wiki/Q1210082","display_name":"Tree traversal","level":2,"score":0.6164000034332275},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.6140000224113464},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5803999900817871},{"id":"https://openalex.org/C160145156","wikidata":"https://www.wikidata.org/wiki/Q778586","display_name":"Executable","level":2,"score":0.5131999850273132},{"id":"https://openalex.org/C127705205","wikidata":"https://www.wikidata.org/wiki/Q5748245","display_name":"Heuristics","level":2,"score":0.5022000074386597},{"id":"https://openalex.org/C2776401178","wikidata":"https://www.wikidata.org/wiki/Q12050496","display_name":"Feature (linguistics)","level":2,"score":0.44920000433921814},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.44350001215934753},{"id":"https://openalex.org/C2777548347","wikidata":"https://www.wikidata.org/wiki/Q5456937","display_name":"Flagging","level":2,"score":0.40459999442100525},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3797999918460846},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.3239000141620636},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.30059999227523804},{"id":"https://openalex.org/C51632099","wikidata":"https://www.wikidata.org/wiki/Q3985153","display_name":"Training set","level":2,"score":0.29739999771118164},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.2912999987602234},{"id":"https://openalex.org/C2983787585","wikidata":"https://www.wikidata.org/wiki/Q93586","display_name":"Feature matching","level":3,"score":0.2761000096797943},{"id":"https://openalex.org/C84525736","wikidata":"https://www.wikidata.org/wiki/Q831366","display_name":"Decision tree","level":2,"score":0.27559998631477356},{"id":"https://openalex.org/C65856478","wikidata":"https://www.wikidata.org/wiki/Q3991682","display_name":"Attack model","level":2,"score":0.275299996137619},{"id":"https://openalex.org/C95167961","wikidata":"https://www.wikidata.org/wiki/Q4483495","display_name":"Fiducial inference","level":5,"score":0.26579999923706055},{"id":"https://openalex.org/C158600405","wikidata":"https://www.wikidata.org/wiki/Q5054566","display_name":"Causal inference","level":2,"score":0.26570001244544983}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2604.01014","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.01014","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2604.01014","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.01014","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"article"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Membership":[0],"Inference":[1],"Attacks":[2],"(MIAs)":[3],"serve":[4],"as":[5,55],"a":[6,97],"fundamental":[7],"auditing":[8],"tool":[9],"for":[10,121],"evaluating":[11],"training":[12],"data":[13],"leakage":[14],"in":[15],"machine":[16],"learning":[17],"models.":[18,41],"However,":[19],"existing":[20],"methodologies":[21],"predominantly":[22],"rely":[23],"on":[24],"static,":[25],"handcrafted":[26],"heuristics":[27],"that":[28,51,109],"lack":[29],"adaptability,":[30],"often":[31],"leading":[32],"to":[33],"suboptimal":[34],"performance":[35],"when":[36],"transferred":[37],"across":[38],"different":[39],"large":[40],"In":[42],"this":[43],"work,":[44],"we":[45],"propose":[46],"AutoMIA,":[47],"an":[48,56],"agentic":[49],"framework":[50,95],"reformulates":[52],"membership":[53],"inference":[54],"automated":[57],"process":[58],"of":[59,101],"self-exploration":[60],"and":[61,78],"strategy":[62,89],"evolution.":[63],"Given":[64],"high-level":[65],"scenario":[66],"specifications,":[67],"AutoMIA":[68,110],"self-explores":[69],"the":[70,102,119],"attack":[71,103],"space":[72],"by":[73],"generating":[74],"executable":[75],"logits-level":[76],"strategies":[77],"progressively":[79],"refining":[80],"them":[81],"through":[82],"closed-loop":[83],"evaluation":[84],"feedback.":[85],"By":[86],"decoupling":[87],"abstract":[88],"reasoning":[90],"from":[91],"low-level":[92],"execution,":[93],"our":[94],"enables":[96],"systematic,":[98],"model-agnostic":[99],"traversal":[100],"search":[104],"space.":[105],"Extensive":[106],"experiments":[107],"demonstrate":[108],"consistently":[111],"matches":[112],"or":[113],"outperforms":[114],"state-of-the-art":[115],"baselines":[116],"while":[117],"eliminating":[118],"need":[120],"manual":[122],"feature":[123],"engineering.":[124]},"counts_by_year":[],"updated_date":"2026-06-11T09:08:48.828518","created_date":"2026-04-03T00:00:00"}