TableGAN-MCA: Evaluating Membership Collisions of GAN-Synthesized Tabular Data Releasing

Hu, Aoting, Xie, Renjie, Lu, Zhigang, Hu, Aiqun, and Xue, Minhui (2021) TableGAN-MCA: Evaluating Membership Collisions of GAN-Synthesized Tabular Data Releasing. In: Proceedings of the 2021 ACM SIGSAC Conference on Computer and Communications Security. pp. 2096-2112. From: CCS'21: 2021 ACM SIGSAC Conference on Computer and Communications Security, 15-19 November 2021, Virtual Event.

[img] PDF (Pubished Version) - Published Version
Restricted to Repository staff only

View at Publisher Website: https://doi.org/10.1145/3460120.3485251


Abstract

Generative Adversarial Networks (GAN)-synthesized table publishing lets people privately learn insights without access to the private table. However, existing studies on Membership Inference (MI) Attacks show promising results on disclosing membership of training datasets of GAN-synthesized tables. Different from those works focusing on discovering membership of a given data point, in this paper, we propose a novel Membership Collision Attack against GANs (TableGAN-MCA), which allows an adversary given only synthetic entries randomly sampled from a black-box generator to recover partial GAN training data. Namely, a GAN-synthesized table immune to state-of-the-art MI attacks is vulnerable to the TableGAN-MCA. The success of TableGAN-MCA is boosted by an observation that GAN-synthesized tables potentially collide with the training data of the generator.

Our experimental evaluations on TableGAN-MCA have five main findings. First, TableGAN-MCA has a satisfying training data recovery rate on three commonly used real-world datasets against four generative models. Second, factors, including the size of GAN training data, GAN training epochs and the number of synthetic samples available to the adversary, are positively correlated to the success of TableGAN-MCA. Third, highly frequent data points have high risks of being recovered by TableGAN-MCA. Fourth, some unique data are exposed to unexpected high recovery risks in TableGAN-MCA, which may attribute to GAN’s generalization. Fifth, as expected, differential privacy, without the consideration of the correlations between features, does not show commendable mitigation effect against the TableGAN-MCA. Finally, we propose two mitigation methods and show promising privacy and utility trade-offs when protecting against TableGAN-MCA.

Item ID: 77408
Item Type: Conference Item (Research - E1)
ISBN: 978-1-4503-8454-4
Copyright Information: © 2021 Association for Computing Machinery.
Date Deposited: 14 Feb 2023 00:54
FoR Codes: 46 INFORMATION AND COMPUTING SCIENCES > 4604 Cybersecurity and privacy > 460402 Data and information privacy @ 100%
SEO Codes: 22 INFORMATION AND COMMUNICATION SERVICES > 2204 Information systems, technologies and services > 220405 Cybersecurity @ 100%
More Statistics

Actions (Repository Staff Only)

Item Control Page Item Control Page