English

Ensembling Membership Inference Attacks Against Tabular Generative Models

Cryptography and Security 2025-09-09 v1 Machine Learning

Abstract

Membership Inference Attacks (MIAs) have emerged as a principled framework for auditing the privacy of synthetic data generated by tabular generative models, where many diverse methods have been proposed that each exploit different privacy leakage signals. However, in realistic threat scenarios, an adversary must choose a single method without a priori guarantee that it will be the empirically highest performing option. We study this challenge as a decision theoretic problem under uncertainty and conduct the largest synthetic data privacy benchmark to date. Here, we find that no MIA constitutes a strictly dominant strategy across a wide variety of model architectures and dataset domains under our threat model. Motivated by these findings, we propose ensemble MIAs and show that unsupervised ensembles built on individual attacks offer empirically more robust, regret-minimizing strategies than individual attacks.

Keywords

Cite

@article{arxiv.2509.05350,
  title  = {Ensembling Membership Inference Attacks Against Tabular Generative Models},
  author = {Joshua Ward and Yuxuan Yang and Chi-Hua Wang and Guang Cheng},
  journal= {arXiv preprint arXiv:2509.05350},
  year   = {2025}
}
R2 v1 2026-07-01T05:23:37.761Z