Protecting GANs against privacy attacks by preventing overfitting

by   Sumit Mukherjee, et al.

Generative Adversarial Networks (GANs) have made releasing of synthetic images a viable approach to share data without releasing the original dataset. It has been shown that such synthetic data can be used for a variety of downstream tasks such as training classifiers that would otherwise require the original dataset to be shared. However, recent work has shown that the GAN models and their synthetically generated data can be used to infer the training set membership by an adversary who has access to the entire dataset and some auxiliary information. Here we develop a new GAN architecture (privGAN) which provides protection against this mode of attack while leading to negligible loss in downstream performances. Our architecture explicitly prevents overfitting to the training set thereby providing implicit protection against white-box attacks. The main contributions of this paper are: i) we propose a novel GAN architecture that can generate synthetic data in a privacy preserving manner and demonstrate the effectiveness of our model against white–box attacks on several benchmark datasets, ii) we provide a theoretical understanding of the optimal solution of the GAN loss function, iii) we demonstrate on two common benchmark datasets that synthetic images generated by privGAN lead to negligible loss in downstream performance when compared against non–private GANs. While we have focosued on benchmarking privGAN exclusively of image datasets, the architecture of privGAN is not exclusive to image datasets and can be easily extended to other types of datasets.


page 7

page 10


Ownership Protection of Generative Adversarial Networks

Generative adversarial networks (GANs) have shown remarkable success in ...

Generative Models with Information-Theoretic Protection Against Membership Inference Attacks

Deep generative models, such as Generative Adversarial Networks (GANs), ...

Synthesis of Realistic ECG using Generative Adversarial Networks

Access to medical data is highly restricted due to its sensitive nature,...

Improving Model Compatibility of Generative Adversarial Networks by Boundary Calibration

Generative Adversarial Networks (GANs) is a powerful family of models th...

Synthetic flow-based cryptomining attack generation through Generative Adversarial Networks

Due to the growing rise of cyber attacks in the Internet, flow-based dat...

On the Applicability of Synthetic Data for Re-Identification

This contribution demonstrates the feasibility of applying Generative Ad...

This Person (Probably) Exists. Identity Membership Attacks Against GAN Generated Faces

Recently, generative adversarial networks (GANs) have achieved stunning ...

Please sign up or login with your details

Forgot password? Click here to reset