2021
DOI: 10.2478/popets-2021-0041
|View full text |Cite
|
Sign up to set email alerts
|

privGAN: Protecting GANs from membership inference attacks at low cost to utility

Abstract: Generative Adversarial Networks (GANs) have made releasing of synthetic images a viable approach to share data without releasing the original dataset. It has been shown that such synthetic data can be used for a variety of downstream tasks such as training classifiers that would otherwise require the original dataset to be shared. However, recent work has shown that the GAN models and their synthetically generated data can be used to infer the training set membership by an adversary who has access to the entir… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

2
43
0

Year Published

2021
2021
2024
2024

Publication Types

Select...
3
2
2

Relationship

0
7

Authors

Journals

citations
Cited by 34 publications
(45 citation statements)
references
References 25 publications
2
43
0
Order By: Relevance
“…We observe that the adversary's advantage is reduced to varying degrees across both datasets. This suggests that DP training is a reliable defense against adversary's of this nature (Mukherjee et al, 2019;Bhowmick et al, 2018), despite having a higher range of ε values (as shown in Table 1). The detailed MI accuracy numbers with precision and recall are in Appendix F.…”
Section: With Partial Causal Graphmentioning
confidence: 98%
See 2 more Smart Citations
“…We observe that the adversary's advantage is reduced to varying degrees across both datasets. This suggests that DP training is a reliable defense against adversary's of this nature (Mukherjee et al, 2019;Bhowmick et al, 2018), despite having a higher range of ε values (as shown in Table 1). The detailed MI accuracy numbers with precision and recall are in Appendix F.…”
Section: With Partial Causal Graphmentioning
confidence: 98%
“…Utilizing synthetic data generated by generative adversarial networks (GANs) for various problem domains has been extensively studied, but only few solutions provide formal guarantees of privacy (Jordon et al, 2018;Harder et al, 2020;Torkzadehmahani et al, 2019;Ma et al, 2020b;Tantipongpipat et al, 2019;Xin et al, 2020;Long et al, 2019;Liu et al, 2019). Across the spectrum, very limited techniques are evaluated against adversaries (Mukherjee et al, 2019).…”
Section: Related Workmentioning
confidence: 99%
See 1 more Smart Citation
“…PrivGAN [6] is an extension of GAN whose development has lead to notoriously realistic synthetic images. In their original version, GANs comprise a generator G and a discriminator D playing a two-player game as shown in Fig.…”
Section: Privganmentioning
confidence: 99%
“…Motivated by real world use cases such as the banks in Fig. 1, we modified the original privGAN [6] prescription to create disjoint subsets of varying sizes. Another notable difference with the original privGAN is the exclusion of a pre-training of the central discriminator on the real data since the whole point of this work is to circumvent the real data access limitations.…”
Section: Introductionmentioning
confidence: 99%