Data Plagiarism Index: Characterizing the Privacy Risk of Data-Copying in Tabular Generative Models
Reviewed by Pith T0 review T1 audit T2 compute T3 formal T4 kernel pith:537RW2AJrecord.jsonopen to challenge →
read the original abstract
The promise of tabular generative models is to produce realistic synthetic data that can be shared and safely used without dangerous leakage of information from the training set. In evaluating these models, a variety of methods have been proposed to measure the tendency to copy data from the training dataset when generating a sample. However, these methods suffer from either not considering data-copying from a privacy threat perspective, not being motivated by recent results in the data-copying literature or being difficult to make compatible with the high dimensional, mixed type nature of tabular data. This paper proposes a new similarity metric and Membership Inference Attack called Data Plagiarism Index (DPI) for tabular data. We show that DPI evaluates a new intuitive definition of data-copying and characterizes the corresponding privacy risk. We show that the data-copying identified by DPI poses both privacy and fairness threats to common, high performing architectures; underscoring the necessity for more sophisticated generative modeling techniques to mitigate this issue.
This paper has not been read by Pith yet.
Forward citations
Cited by 3 Pith papers
-
When Tables Leak: Attacking String Memorization in LLM-Based Tabular Data Generation
LLM tabular generators leak memorized numeric strings, allowing a no-box attack to achieve near-perfect membership inference on some state-of-the-art models.
-
Privacy Auditing Synthetic Data Release through Local Likelihood Attacks
Gen-LRA is a computationally efficient no-box MIA that exploits local overfitting in tabular generative models to produce a closed-form density-ratio statistic with a provable mean-score gap between members and non-members.
-
Quantifying the Privacy of Counterfactuals by Leveraging Membership Inference Attacks Against Synthetic Data
Membership inference attacks adapted from synthetic data succeed on counterfactuals using only the counterfactuals themselves, without model access.
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.