Detection of Membership Inference Attacks on GAN models

In the realm of machine learning, Generative Adversarial Networks (GANs) have revolutionized the generation of synthetic data, closely mirroring the distribution of real datasets. This paper delves into the privacy concerns associated with GANs, particularly focusing on Membership Inference Attacks (MIAs), which aim to determine if a specific record was used in training a model. Such attacks pose significant privacy risks, especially when sensitive data is involved. To combat this, we propose a novel detector model designed to identify and thwart MIAs within GANs. Our model, which operates as an additional layer of protection for Machine Learning as a Service (MLaaS) providers, leverages outputs from both the discriminator and generator to ascertain the membership status of data samples. We introduce two variants of the detector model—supervised and unsupervised—based on the availability of information from the discriminator. The supervised detector employs labeled data for training, while the unsupervised detector uses anomaly detection techniques. Our experimental evaluation spans various GAN architectures and datasets, ensuring the robustness and generalizability of our approach. The paper also analyzes the impact of dataset size on the detector’s effectiveness. By integrating our detector, MLaaS providers can enhance privacy safeguards, striking a balance between model utility and data protection.