Synthetic data for enhanced privacy: A VAE-GAN approach against membership inference attacks

作     者：Yan, Jian'en Huang, Haihui Yang, Kairan Xu, Haiyan Li, Yanling 

作者机构：Harbin Inst Technol Fac Comp Harbin 150001 Heilongjiang Peoples R China Inner Mongolia Normal Univ Coll Comp Sci & Technol Hohhot 010022 Peoples R China 

出 版 物：《KNOWLEDGE-BASED SYSTEMS》 (Knowl Based Syst)

年 卷 期：2025年第309卷

核心收录：

学科分类：08[工学] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：Shandong Science and Technology Major Project, China [2020CXGC10103, 2023ZLGX07,2022ZLGX04] National science foundation of China National science foundation of Shandong, China [ZR2021MF055] 

主　　题：Membership privacy Synthetic data Variational Autoencoder Generative Adversarial Network Tabular data 

摘      要：The raw data utilized in training machine learning models faces a potential threat from membership inference attacks. To mitigate this risk, employing synthetic data instead of real data is proved effective in desensitizing the information. We introduce a novel generative model, combining Variational Autoencoder and Generative Adversarial Network, to enhance privacy protection by generating synthetic data. In our approach, discrete variables are encoded by conditional generators, and sampling training is employed to ensure the distribution of synthetic data closely aligning with the real data. The modification of the model structure prompts a refinement of the loss function. We leverage Wasserstein distance with gradient penalty and SNorm to keep the stability of the model training process. Experimental results demonstrate that the efficacy of our model surpasses existing state-of-the-art models in terms of data utility metrics. Notably, in the face of membership inference attacks, the similarity from the results indicates the difficulty when distinguish the real data from synthetic data. It means our model have highlighting capabilities for the privacy protection.