An Empirical Study on the Membership Inference Attack against Tabular Data Synthesis Models

TL;DR

This study investigates the vulnerability of tabular data synthesis models to membership inference attacks and evaluates the effectiveness of differential privacy algorithms in mitigating this privacy risk.

Contribution

It provides the first empirical analysis of membership inference attacks on tabular data synthesis models and assesses privacy protections using DP-SGD and DP-GAN.

Findings

Membership inference attacks can significantly threaten tabular data synthesis models.

Differential privacy algorithms can reduce attack success but at the cost of data quality.

Both DP-SGD and DP-GAN mitigate privacy risks effectively.

Abstract

Tabular data typically contains private and important information; thus, precautions must be taken before they are shared with others. Although several methods (e.g., differential privacy and k-anonymity) have been proposed to prevent information leakage, in recent years, tabular data synthesis models have become popular because they can well trade-off between data utility and privacy. However, recent research has shown that generative models for image data are susceptible to the membership inference attack, which can determine whether a given record was used to train a victim synthesis model. In this paper, we investigate the membership inference attack in the context of tabular data synthesis. We conduct experiments on 4 state-of-the-art tabular data synthesis models under two attack scenarios (i.e., one black-box and one white-box attack), and find that the membership inference attack can seriously jeopardize these models. We next conduct experiments to evaluate how well two popular differentially-private deep learning training algorithms, DP-SGD and DP-GAN, can protect the models against the attack. Our key finding is that both algorithms can largely alleviate this threat by sacrificing the generation quality.