Ensembling Membership Inference Attacks Against Tabular Generative Models
By: Joshua Ward , Yuxuan Yang , Chi-Hua Wang and more
Potential Business Impact:
Finds if fake data reveals real secrets.
Membership Inference Attacks (MIAs) have emerged as a principled framework for auditing the privacy of synthetic data generated by tabular generative models, where many diverse methods have been proposed that each exploit different privacy leakage signals. However, in realistic threat scenarios, an adversary must choose a single method without a priori guarantee that it will be the empirically highest performing option. We study this challenge as a decision theoretic problem under uncertainty and conduct the largest synthetic data privacy benchmark to date. Here, we find that no MIA constitutes a strictly dominant strategy across a wide variety of model architectures and dataset domains under our threat model. Motivated by these findings, we propose ensemble MIAs and show that unsupervised ensembles built on individual attacks offer empirically more robust, regret-minimizing strategies than individual attacks.
Similar Papers
Membership Inference Attacks as Privacy Tools: Reliability, Disparity and Ensemble
Machine Learning (CS)
Finds hidden privacy leaks in smart computer programs.
Membership Inference Attacks on Large-Scale Models: A Survey
Machine Learning (CS)
Finds if your private info trained AI.
Evaluating Membership Inference Attacks in heterogeneous-data setups
Cryptography and Security
Protects private data from being guessed by computers.