To address the prohibitively high computational overhead of membership inference attacks (MIAs) caused by reliance on numerous shadow models, this paper proposes a lightweight MIA framework based on imitation learning. Instead of training independent shadow models, our approach leverages the target model’s soft-label outputs to train a small set of surrogate models that closely mimic its decision boundary. Crucially, we formulate MIA as a model behavior distillation task—thereby drastically reducing dependence on labeled data and computational resources. Experiments on benchmark datasets (CIFAR-10, SVHN) demonstrate that our method achieves higher attack accuracy than state-of-the-art baselines, while incurring less than 5% of their computational cost. This work thus advances the trade-off between efficiency and attack efficacy in privacy auditing.

A Membership Inference Attack (MIA) assesses how much a target machine learning model reveals about its training data by determining whether specific query instances were part of the training set. State-of-the-art MIAs rely on training hundreds of shadow models that are independent of the target model, leading to significant computational overhead. In this paper, we introduce Imitative Membership Inference Attack (IMIA), which employs a novel imitative training technique to strategically construct a small number of target-informed imitative models that closely replicate the target model's behavior for inference. Extensive experimental results demonstrate that IMIA substantially outperforms existing MIAs in various attack settings while only requiring less than 5% of the computational cost of state-of-the-art approaches.