On Privacy Leakage in Tabular Diffusion Models: Influential Factors, Attacker Knowledge, and Metrics

TL;DR

This paper investigates privacy risks in tabular diffusion models by analyzing attack success factors, attacker knowledge, and the limitations of existing privacy metrics, highlighting potential vulnerabilities.

Contribution

It provides a comprehensive analysis of privacy leakage in TDMs, including attack evaluations and critique of heuristic privacy metrics, advancing understanding of privacy risks.

Findings

Membership inference attacks can succeed without perfect attacker knowledge.

Heuristic privacy metrics like distance-to-closest record are unreliable.

Attacker resources and knowledge significantly influence privacy leakage.

Abstract

Tabular data plays an important role in many fields and industries, including those with elevated privacy considerations and risks. As such, there is a rising interest in generating high-quality synthetic proxies for real tabular data as a means of reducing privacy risk and proprietary data exposure. With tabular diffusion models (TDMs) demonstrating leading performance in synthesizing such data, understanding and measuring the privacy risks associated with these models is imperative. Leveraging state-of-the-art membership inference attacks for TDMs in both black- and white-box settings, this work quantifies the impact of training setup, synthesis choices, and attacker knowledge on privacy leakage. Moreover, the results demonstrate that adversaries need not have perfect knowledge of the training setup, identical data distributions, or massive compute resources to construct successful attacks. Finally, the pitfalls associated with applying heuristic privacy metrics, such as distance-to-closest record, are revealed.