Privacy-preserving Generative Framework Against Membership Inference Attacks
This addresses privacy risks in AI/ML for data owners and users, but it is incremental as it builds on existing generative and differential privacy methods.
The paper tackles the problem of training data privacy leakage via membership inference attacks by proposing a privacy-preserving generative framework that uses a variational autoencoder to generate synthetic data with differential privacy guarantees. The result shows that models trained on this synthetic data effectively resist attacks while maintaining high utility.
Artificial intelligence and machine learning have been integrated into all aspects of our lives and the privacy of personal data has attracted more and more attention. Since the generation of the model needs to extract the effective information of the training data, the model has the risk of leaking the privacy of the training data. Membership inference attacks can measure the model leakage of source data to a certain degree. In this paper, we design a privacy-preserving generative framework against membership inference attacks, through the information extraction and data generation capabilities of the generative model variational autoencoder (VAE) to generate synthetic data that meets the needs of differential privacy. Instead of adding noise to the model output or tampering with the training process of the target model, we directly process the original data. We first map the source data to the latent space through the VAE model to get the latent code, then perform noise process satisfying metric privacy on the latent code, and finally use the VAE model to reconstruct the synthetic data. Our experimental evaluation demonstrates that the machine learning model trained with newly generated synthetic data can effectively resist membership inference attacks and still maintain high utility.