[Tiny] Understanding the Impact of Data Domain Extraction on Synthetic Data Privacy

Georgi Ganev; Meenatchi Sundaram Muthu Selva Annamalai; Sofiane Mahiou; Emiliano De Cristofaro

[Tiny] Understanding the Impact of Data Domain Extraction on Synthetic Data Privacy

Georgi Ganev, Meenatchi Sundaram Muthu Selva Annamalai, Sofiane Mahiou, Emiliano De Cristofaro

Published: 04 Mar 2025, Last Modified: 17 Apr 2025ICLR 2025 Workshop SynthDataEveryoneRevisionsBibTeXCC BY 4.0

Keywords: synthetic data generation, differential privacy, privacy attacks

TL;DR: We examine the effect of three data domain extraction strategies on the privacy of synthetic data.

Abstract: Privacy attacks, particularly membership inference attacks (MIAs), are widely used to assess the privacy of generative models for tabular synthetic data, including those with Differential Privacy (DP) guarantees. These attacks often exploit outliers, which are especially vulnerable due to their position at the boundaries of the data domain (e.g., at the minimum and maximum values). However, the role of data domain extraction in generative models and its impact on privacy attacks have been overlooked. In this paper, we examine three strategies for defining the data domain: assuming it is externally provided (ideally from public data), extracting it directly from the input data, and extracting it with DP mechanisms. While common in popular implementations and libraries, we show that the second approach breaks end-to-end DP guarantees and leaves models vulnerable. While using a provided domain (if representative) is preferable, extracting it with DP can also defend against popular MIAs, even at high privacy budgets.

Submission Number: 65

Loading