Finding Connections: Membership Inference Attacks for the Multi-Table Synthetic Data Setting

TL;DR

This paper introduces a new membership inference attack for synthetic relational data, revealing privacy vulnerabilities at the user level that existing item-level attacks underestimate, especially in multi-table settings.

Contribution

It proposes the Multi-Table Membership Inference Attack (MT-MIA), a novel adversarial method leveraging graph neural networks to better detect user-level privacy leaks in synthetic relational data.

Findings

MT-MIA outperforms existing item-level MIAs in detecting user-level privacy leakage.

State-of-the-art relational synthetic data generators are vulnerable to MT-MIA.

Privacy leakage occurs through inter-table relationships, not just individual items.

Abstract

Synthetic tabular data has gained attention for enabling privacy-preserving data sharing. While substantial progress has been made in single-table synthetic generation where data are modeled at the row or item level, most real-world data exists in relational databases where a user's information spans items across multiple interconnected tables. Recent advances in synthetic relational data generation have emerged to address this complexity, yet release of these data introduce unique privacy challenges as information can be leaked not only from individual items but also through the relationships that comprise a complete user entity. To address this, we propose a novel Membership Inference Attack (MIA) setting to audit the empirical user-level privacy of synthetic relational data and show that single-table MIAs that audit at an item level underestimate user-level privacy leakage. We then propose Multi-Table Membership Inference Attack (MT-MIA), a novel adversarial attack under a No-Box threat model that targets learned representations of user entities via Heterogeneous Graph Neural Networks. By incorporating all connected items for a user, MT-MIA better targets user-level vulnerabilities induced by inter-tabular relationships than existing attacks. We evaluate MT-MIA on a range of real-world multi-table datasets and demonstrate that this vulnerability exists in state-of-the-art relational synthetic data generators, employing MT-MIA to additionally study where this leakage occurs.