Privacy‐preserving generative framework for images against membership inference attacks

Machine learning has become an integral part of modern intelligent systems in all aspects life. Membership inference attacks (MIAs), as the significant model attacks, also jeopardize privacy systems. Previous works on defending MIAs concentrate output perturbation or tampering with training process. However, data and reuse are common systems, which results lack scalability previous works. This paper proposes a new privacy-preserving framework for images to transform source into synthetic train models against MIAs. The makes it easy defend during improve scheme's scalability. generates satisfying differential through variational autoencoder model's information extraction generation capabilities accuracy. A noise addition mechanism metric latent code generated from is proposed, where product Γ-distribution unit hyper-sphere samples. Moreover, proved that satisfies privacy. experimental evaluations demonstrate reduces MIAs' attack accuracy about 0.5 maintains higher utility than DP-SGD under same setting.