Ensembling Membership Inference Attacks Against Tabular Generative Models
This work addresses privacy auditing for synthetic data, providing a practical solution for adversaries in realistic threat scenarios, though it is incremental as it builds on existing MIA methods.
The paper tackled the challenge of selecting the best membership inference attack (MIA) for auditing tabular generative models by conducting a large benchmark, finding no single dominant method, and proposed ensemble MIAs that offer more robust and regret-minimizing strategies than individual attacks.
Membership Inference Attacks (MIAs) have emerged as a principled framework for auditing the privacy of synthetic data generated by tabular generative models, where many diverse methods have been proposed that each exploit different privacy leakage signals. However, in realistic threat scenarios, an adversary must choose a single method without a priori guarantee that it will be the empirically highest performing option. We study this challenge as a decision theoretic problem under uncertainty and conduct the largest synthetic data privacy benchmark to date. Here, we find that no MIA constitutes a strictly dominant strategy across a wide variety of model architectures and dataset domains under our threat model. Motivated by these findings, we propose ensemble MIAs and show that unsupervised ensembles built on individual attacks offer empirically more robust, regret-minimizing strategies than individual attacks.