In many cases, neural networks perform well on test data, but tend to overestimate their confidence on out-of-distribution data. This has led to adoption of Bayesian neural networks, which better capture uncertainty and therefore more accurately reflect the model's confidence. For machine learning security researchers, this raises the natural question of how making a model Bayesian affects the security of the model. In this work, we explore the interplay between Bayesianism and two measures of security: model privacy and adversarial robustness. We demonstrate that Bayesian neural networks are more vulnerable to membership inference attacks in general, but are at least as robust as their non-Bayesian counterparts to adversarial examples.

中文翻译：

---

谁害怕托马斯贝叶斯？

在许多情况下，神经网络在测试数据上表现良好，但往往高估了它们对分布外数据的信心。这导致采用贝叶斯神经网络，它可以更好地捕捉不确定性，因此更准确地反映模型的置信度。对于机器学习安全研究人员来说，这提出了一个自然的问题，即建立贝叶斯模型如何影响模型的安全性。在这项工作中，我们探索了贝叶斯主义与两种安全措施之间的相互作用：模型隐私和对抗性鲁棒性。我们证明贝叶斯神经网络一般更容易受到成员推理攻击，但至少与对抗样本的非贝叶斯神经网络一样强大。