This study challenges the prevailing assumption that a model’s generalization capability is unrelated to its vulnerability to membership inference attacks. Through large-scale controlled experiments, we systematically investigate the true relationship between these two properties by training over a thousand models within a unified framework, incorporating standard generalization techniques such as data augmentation and early stopping, and evaluating multiple membership inference attack strategies. Our work provides the first empirical evidence that stronger generalization directly suppresses the success of membership inference attacks. Moreover, we demonstrate that the training randomness introduced by combining generalization-enhancing strategies can drastically reduce attack effectiveness—by up to two orders of magnitude. These findings establish improved generalization as both an effective and practical defense against membership inference attacks.

With the emergence of new evaluation metrics and attack methodologies for Membership Inference Attacks (MIA), it becomes essential to reevaluate previously accepted assumptions. In this paper, we revisit the longstanding debate regarding the correlation between MIA success rates and model generalization using an empirical approach. We focused on employing augmentation techniques and early stopping to enhance model generalization and examined their impact on MIA success rates. We found that utilizing advanced generalization techniques can significantly decrease attack performance, potentially by up to 100 times. Moreover, combining these methods not only improves model generalization but also reduces attack effectiveness by introducing randomness during training. Additionally, our study confirmed the direct impact of generalization on MIA performance through an analysis of over 1K models in a controlled environment.