Please use this identifier to cite or link to this item:
https://hdl.handle.net/2440/135640
Citations | ||
Scopus | Web of Science® | Altmetric |
---|---|---|
?
|
?
|
Type: | Conference paper |
Title: | TableGAN-MCA: Evaluating Membership Collisions of GAN-Synthesized Tabular Data Releasing |
Author: | Hu, A. Xie, R. Lu, Z. Hu, A. Xue, M. |
Citation: | Proceedings of the ACM Conference on Computer and Communications Security, 2021, pp.2096-2112 |
Publisher: | Association for Computing Machinery (ACM) |
Publisher Place: | New York, NY, United States |
Issue Date: | 2021 |
ISBN: | 9781450384544 |
ISSN: | 1543-7221 |
Conference Name: | ACM SIGSAC Conference on Computer and Communications Security (15 Nov 2021 - 19 Nov 2021 : Virtual Online (Republic of Korea)) |
Statement of Responsibility: | Aoting Hu, Renjie Xie, Zhigang Lu, Aiqun Hu, Minhui Xue |
Abstract: | Generative Adversarial Networks (GAN)-synthesized table publishing lets people privately learn insights without access to the private table. However, existing studies on Membership Inference (MI) Attacks show promising results on disclosing membership of training datasets of GAN-synthesized tables. Different from those works focusing on discovering membership of a given data point, in this paper, we propose a novel Membership Collision Attack against GANs (TableGAN-MCA), which allows an adversary given only synthetic entries randomly sampled from a black-box generator to recover partial GAN training data. Namely, a GAN-synthesized table immune to state-of-the-art MI attacks is vulnerable to the TableGAN-MCA. The success of TableGAN-MCA is boosted by an observation that GAN-synthesized tables potentially collide with the training data of the generator. Our experimental evaluations on TableGAN-MCA have five main findings. First, TableGAN-MCA has a satisfying training data recovery rate on three commonly used real-world datasets against four generative models. Second, factors, including the size of GAN training data, GAN training epochs and the number of synthetic samples available to the adversary, are positively correlated to the success of TableGAN-MCA. Third, highly frequent data points have high risks of being recovered by TableGAN-MCA. Fourth, some unique data are exposed to unexpected high recovery risks in TableGAN-MCA, which may attribute to GAN’s generalization. Fifth, as expected, differential privacy, without the consideration of the correlations between features, does not show commendable mitigation effect against the TableGAN-MCA. Finally, we propose two mitigation methods and show promising privacy and utility trade-offs when protecting against TableGAN-MCA. |
Keywords: | Security and privacy; Computing methodologies; Machine learning |
Rights: | © 2021 Association for Computing Machinery. |
DOI: | 10.1145/3460120.3485251 |
Grant ID: | http://purl.org/au-research/grants/arc/DP210102670 |
Published version: | https://dl.acm.org/doi/proceedings/10.1145/3460120 |
Appears in Collections: | Computer Science publications |
Files in This Item:
There are no files associated with this item.
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.