Privacy Re-Identification Attacks on Tabular GANs

Generative models are effective in producing realistic tabular synthetic data that resembles the properties and distribution of real datasets. While synthetic data has numerous applications across various domains, generative models are susceptible to overfitting, which can lead to the leakage of sensitive information from training data. Privacy attacks exacerbate this issue by attempting to identify original data records from synthetic data, especially when the attacker possesses some knowledge about the generative model. In this work, we investigate the privacy risks associated with using generative adversarial networks (GANs) to create tabular synthetic datasets. More specifically, we develop privacy reconstruction attacks designed to identify training samples by minimizing their proximity to synthetic records. Our experimental analysis considers various scenarios of reconstruction attacks, in which attackers have different levels of access to the generative models. Additionally, we propose multi-objective optimization using evolutionary algorithms to perturb synthetic samples closer to original training data points. The experimental results show that reconstruction attacks can effectively identify training samples, with privacy threats significantly increasing when attackers have access to the generative model. Furthermore, our findings indicate that using evolutionary algorithms in reconstruction attacks further heightens the risk of identifying confidential samples. Comparing our attacks against state-of-the-art privacy attacks on tabular GANs further reveals that our reconstructions attacks are considerably more effective in recovering real data records.