Performing co-membership attacks against deep generative models

Kin Sum Liu, Chaowei Xiao, Bo Li, Jie Gao

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In this paper we propose a new membership attack method called co-membership attacks against deep generative models including Variational Autoencoders (VAEs) and Generative Adversarial Networks (GANs). Specifically, membership attack aims to check whether a given instance x was used in the training data or not. A co-membership attack checks whether the given bundle of n instances were in the training, with the prior knowledge that the bundle was either entirely used in the training or none at all. Successful membership attacks can compromise the privacy of training data when the generative model is published. Our main idea is to cast membership inference of target data x as the optimization of another neural network (called the attacker network) to search for the latent encoding to reproduce x. The final reconstruction error is used directly to conclude whether x was in the training data or not. We conduct extensive experiments on a variety of datasets and generative models showing that: our attacker network outperforms prior membership attacks; co-membership attacks can be substantially more powerful than single attacks; and VAEs are more susceptible to membership attacks compared to GANs.

Original languageEnglish (US)
Title of host publicationProceedings - 19th IEEE International Conference on Data Mining, ICDM 2019
EditorsJianyong Wang, Kyuseok Shim, Xindong Wu
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages459-467
Number of pages9
ISBN (Electronic)9781728146034
DOIs
StatePublished - Nov 2019
Event19th IEEE International Conference on Data Mining, ICDM 2019 - Beijing, China
Duration: Nov 8 2019Nov 11 2019

Publication series

NameProceedings - IEEE International Conference on Data Mining, ICDM
Volume2019-November
ISSN (Print)1550-4786

Conference

Conference19th IEEE International Conference on Data Mining, ICDM 2019
Country/TerritoryChina
CityBeijing
Period11/8/1911/11/19

Keywords

  • Adversarial Machine Learning
  • Deep Generative Model
  • Privacy
  • Unsupervised Learning

ASJC Scopus subject areas

  • General Engineering

Fingerprint

Dive into the research topics of 'Performing co-membership attacks against deep generative models'. Together they form a unique fingerprint.

Cite this