Membership Privacy-Preserving GAN


Heonseok Ha (Seoul National University), Uiwon Hwang (Seoul National University), Jaehee Jang (Seoul National University), Ho Bae (Ewha Womans University), Sungroh Yoon (Seoul National University)*
The 33rd British Machine Vision Conference

Abstract

A membership inference attack (MIA) identifies if an instance was included in the victim model's train dataset. Without an appropriate defense mechanism, MIA can result in serious privacy breaches. Although several methods have been proposed to protect membership privacy in discriminative models, research into generative adversarial networks (GANs), remains insufficient despite their vulnerability to MIAs. In this study, we propose a membership privacy-preserving GAN (MP-GAN), which plays an additional adversarial game for membership privacy between an auxiliary membership inference network M and a GAN. M seeks to find out whether an instance belongs to the reference or train dataset, whereas the generator and discriminator of the GAN attempt to deceive M. Our theoretical analysis results demonstrate that the MP-GAN improves membership privacy by not learning sample-specific features. We perform extensive empirical evaluations to show that the MP-GAN can successfully defend against MIAs under advantageous scenarios to the attacker (for example, white-box access to networks and small training dataset size). Furthermore, we demonstrate that the MP-GAN has several advantages over other privacy-preserving GAN training techniques.

Video



Citation

@inproceedings{Ha_2022_BMVC,
author    = {Heonseok Ha and Uiwon Hwang and Jaehee Jang and Ho Bae and Sungroh Yoon},
title     = {Membership Privacy-Preserving GAN},
booktitle = {33rd British Machine Vision Conference 2022, {BMVC} 2022, London, UK, November 21-24, 2022},
publisher = {{BMVA} Press},
year      = {2022},
url       = {https://bmvc2022.mpi-inf.mpg.de/0576.pdf}
}


Copyright © 2022 The British Machine Vision Association and Society for Pattern Recognition
The British Machine Vision Conference is organised by The British Machine Vision Association and Society for Pattern Recognition. The Association is a Company limited by guarantee, No.2543446, and a non-profit-making body, registered in England and Wales as Charity No.1002307 (Registered Office: Dept. of Computer Science, Durham University, South Road, Durham, DH1 3LE, UK).

Imprint | Data Protection