Abstract
A membership inference attack (MIA) identifies if an instance was included in the victim model's train dataset. Without an appropriate defense mechanism, MIA can result in serious privacy breaches. Although several methods have been proposed to protect membership privacy in discriminative models, research into generative adversarial networks (GANs), remains insufficient despite their vulnerability to MIAs. In this study, we propose a membership privacy-preserving GAN (MP-GAN), which plays an additional adversarial game for membership privacy between an auxiliary membership inference network M and a GAN. M seeks to find out whether an instance belongs to the reference or train dataset, whereas the generator and discriminator of the GAN attempt to deceive M. Our theoretical analysis results demonstrate that the MP-GAN improves membership privacy by not learning sample-specific features. We perform extensive empirical evaluations to show that the MP-GAN can successfully defend against MIAs under advantageous scenarios to the attacker (for example, white-box access to networks and small training dataset size). Furthermore, we demonstrate that the MP-GAN has several advantages over other privacy-preserving GAN training techniques.
Original language | English |
---|---|
State | Published - 2022 |
Event | 33rd British Machine Vision Conference Proceedings, BMVC 2022 - London, United Kingdom Duration: 21 Nov 2022 → 24 Nov 2022 |
Conference
Conference | 33rd British Machine Vision Conference Proceedings, BMVC 2022 |
---|---|
Country/Territory | United Kingdom |
City | London |
Period | 21/11/22 → 24/11/22 |
Bibliographical note
Publisher Copyright:© 2022. The copyright of this document resides with its authors. It may be distributed unchanged freely in print or electronic forms.