Bayes-Nash Generative Privacy Against Membership Inference Attacks

TL;DR

This paper introduces a game-theoretic, neural network-based framework called Bayes-Nash Generative Privacy that models privacy as a strategic game, improving privacy-utility tradeoffs against membership inference attacks without relying on traditional differential privacy guarantees.

Contribution

It proposes a novel Bayesian game framework with neural network generators and discriminators to enhance privacy protection against membership inference attacks, overcoming limitations of differential privacy.

Findings

Outperforms state-of-the-art methods in empirical tests.

Generates stronger attacks and better privacy-utility tradeoffs.

Supports correlated mechanism compositions and heterogeneous attacker preferences.

Abstract

Membership inference attacks (MIAs) pose significant privacy risks by determining whether individual data is in a dataset. While differential privacy (DP) mitigates these risks, it has limitations including limited resolution in expressing privacy-utility tradeoffs and intractable sensitivity calculations for tight guarantees. We propose a game-theoretic framework modeling privacy protection as a Bayesian game between defender and attacker, where privacy loss corresponds to the attacker's membership inference ability. To address strategic complexity, we represent the defender's mixed strategy as a neural network generator mapping private datasets to public representations (e.g., noisy statistics) and the attacker's strategy as a discriminator making membership claims. This \textit{general-sum Generative Adversarial Network} trains iteratively through alternating updates, yielding \textit{Bayes-Nash Generative Privacy (BNGP)} strategies. BNGP avoids worst-case privacy proofs such as sensitivity calculations, supports correlated mechanism compositions, handles heterogeneous attacker preferences. Empirical studies on sensitive dataset summary statistics show our approach significantly outperforms state-of-the-art methods by generating stronger attacks and achieving better privacy-utility tradeoffs.