Embedding-Space Data Augmentation to Prevent Membership Inference Attacks in Clinical Time Series Forecasting
This addresses privacy concerns for healthcare applications using Electronic Health Records, but it is incremental as it builds on existing augmentation methods.
The study tackled the problem of preventing Membership Inference Attacks in clinical time series forecasting by using data augmentation, showing that retraining with synthetic data reduces the attacker's true-positive to false-positive ratio.
Balancing strong privacy guarantees with high predictive performance is critical for time series forecasting (TSF) tasks involving Electronic Health Records (EHR). In this study, we explore how data augmentation can mitigate Membership Inference Attacks (MIA) on TSF models. We show that retraining with synthetic data can substantially reduce the effectiveness of loss-based MIAs by reducing the attacker's true-positive to false-positive ratio. The key challenge is generating synthetic samples that closely resemble the original training data to confuse the attacker, while also introducing enough novelty to enhance the model's ability to generalize to unseen data. We examine multiple augmentation strategies - Zeroth-Order Optimization (ZOO), a variant of ZOO constrained by Principal Component Analysis (ZOO-PCA), and MixUp - to strengthen model resilience without sacrificing accuracy. Our experimental results show that ZOO-PCA yields the best reductions in TPR/FPR ratio for MIA attacks without sacrificing performance on test data.