Membership Privacy-preserving GAN

Heonseok Ha, Uiwon Hwang, Jaehee Jang, Ho Bae, Sungroh Yoon

Research output: Contribution to conferencePaperpeer-review

1 Scopus citations

Abstract

A membership inference attack (MIA) identifies if an instance was included in the victim model's train dataset. Without an appropriate defense mechanism, MIA can result in serious privacy breaches. Although several methods have been proposed to protect membership privacy in discriminative models, research into generative adversarial networks (GANs), remains insufficient despite their vulnerability to MIAs. In this study, we propose a membership privacy-preserving GAN (MP-GAN), which plays an additional adversarial game for membership privacy between an auxiliary membership inference network M and a GAN. M seeks to find out whether an instance belongs to the reference or train dataset, whereas the generator and discriminator of the GAN attempt to deceive M. Our theoretical analysis results demonstrate that the MP-GAN improves membership privacy by not learning sample-specific features. We perform extensive empirical evaluations to show that the MP-GAN can successfully defend against MIAs under advantageous scenarios to the attacker (for example, white-box access to networks and small training dataset size). Furthermore, we demonstrate that the MP-GAN has several advantages over other privacy-preserving GAN training techniques.

Original languageEnglish
StatePublished - 2022
Event33rd British Machine Vision Conference Proceedings, BMVC 2022 - London, United Kingdom
Duration: 21 Nov 202224 Nov 2022

Conference

Conference33rd British Machine Vision Conference Proceedings, BMVC 2022
Country/TerritoryUnited Kingdom
CityLondon
Period21/11/2224/11/22

Bibliographical note

Publisher Copyright:
© 2022. The copyright of this document resides with its authors. It may be distributed unchanged freely in print or electronic forms.

Fingerprint

Dive into the research topics of 'Membership Privacy-preserving GAN'. Together they form a unique fingerprint.

Cite this