Suppr超能文献

针对合成健康数据的成员推理攻击。

Membership inference attacks against synthetic health data.

机构信息

Vanderbilt University, 2525 West End Avenue, Nashville, TN 37240, United States.

Vanderbilt University, 2525 West End Avenue, Nashville, TN 37240, United States.

出版信息

J Biomed Inform. 2022 Jan;125:103977. doi: 10.1016/j.jbi.2021.103977. Epub 2021 Dec 14.

Abstract

Synthetic data generation has emerged as a promising method to protect patient privacy while sharing individual-level health data. Intuitively, sharing synthetic data should reduce disclosure risks because no explicit linkage is retained between the synthetic records and the real data upon which it is based. However, the risks associated with synthetic data are still evolving, and what seems protected today may not be tomorrow. In this paper, we show that membership inference attacks, whereby an adversary infers if the data from certain target individuals (known to the adversary a priori) were relied upon by the synthetic data generation process, can be substantially enhanced through state-of-the-art machine learning frameworks, which calls into question the protective nature of existing synthetic data generators. Specifically, we formulate the membership inference problem from the perspective of the data holder, who aims to perform a disclosure risk assessment prior to sharing any health data. To support such an assessment, we introduce a framework for effective membership inference against synthetic health data without specific assumptions about the generative model or a well-defined data structure, leveraging the principles of contrastive representation learning. To illustrate the potential for such an attack, we conducted experiments against synthesis approaches using two datasets derived from several health data resources (Vanderbilt University Medical Center, the All of Us Research Program) to determine the upper bound of risk brought by an adversary who invokes an optimal strategy. The results indicate that partially synthetic data are vulnerable to membership inference at a very high rate. By contrast, fully synthetic data are only marginally susceptible and, in most cases, could be deemed sufficiently protected from membership inference.

摘要

合成数据生成已成为一种有前途的方法,可以在共享个人健康数据的同时保护患者隐私。直观地说,共享合成数据应该会降低披露风险,因为在基于真实数据生成的合成记录中,不会保留任何明确的链接。然而,与合成数据相关的风险仍在不断发展,今天看起来受到保护的内容明天可能就不再受保护。在本文中,我们表明,成员推断攻击(membership inference attack)可以通过最先进的机器学习框架大大增强,在这种攻击中,对手推断合成数据生成过程是否依赖于某些目标个体(对手事先知道)的数据,这对现有合成数据生成器的保护性质提出了质疑。具体来说,我们从数据持有者的角度来制定成员推断问题,数据持有者旨在在共享任何健康数据之前进行披露风险评估。为了支持这种评估,我们引入了一个针对合成健康数据的有效成员推断框架,该框架无需对生成模型或明确定义的数据结构进行具体假设,而是利用对比表示学习的原则。为了说明这种攻击的可能性,我们针对使用两个来自多个健康数据资源(范德比尔特大学医学中心、全美研究计划)的数据集的合成方法进行了实验,以确定调用最佳策略的对手带来的风险上限。结果表明,部分合成数据非常容易受到成员推断攻击,而完全合成数据则只有轻微的易感性,并且在大多数情况下,成员推断攻击可以被认为对其有足够的保护。

https://cdn.ncbi.nlm.nih.gov/pmc/blobs/3589/8766950/6605fbf0877c/nihms-1765731-f0001.jpg

相似文献

1
Membership inference attacks against synthetic health data.针对合成健康数据的成员推理攻击。
J Biomed Inform. 2022 Jan;125:103977. doi: 10.1016/j.jbi.2021.103977. Epub 2021 Dec 14.
2
Validating a membership disclosure metric for synthetic health data.验证合成健康数据的成员披露指标。
JAMIA Open. 2022 Oct 11;5(4):ooac083. doi: 10.1093/jamiaopen/ooac083. eCollection 2022 Dec.
3
Tunable Privacy Risk Evaluation of Generative Adversarial Networks.生成式对抗网络的可调隐私风险评估。
Stud Health Technol Inform. 2024 Aug 22;316:1233-1237. doi: 10.3233/SHTI240634.
9
Sharing Time-to-Event Data with Privacy Protection.在保护隐私的前提下共享事件发生时间数据。
Proc (IEEE Int Conf Healthc Inform). 2022 Jun;2022. doi: 10.1109/ichi54592.2022.00014. Epub 2022 Sep 8.

引用本文的文献

8
Privacy-Enhancing Technologies in Biomedical Data Science.生物医学数据科学中的隐私增强技术。
Annu Rev Biomed Data Sci. 2024 Aug;7(1):317-343. doi: 10.1146/annurev-biodatasci-120423-120107.

本文引用的文献

1
Differential privacy in health research: A scoping review.健康研究中的差分隐私:范围综述。
J Am Med Inform Assoc. 2021 Sep 18;28(10):2269-2276. doi: 10.1093/jamia/ocab135.
6
The "All of Us" Research Program.“我们所有人”研究项目
N Engl J Med. 2019 Nov 7;381(19):1883-1884. doi: 10.1056/NEJMc1912496.
8
Privacy-Preserving Generative Deep Neural Networks Support Clinical Data Sharing.隐私保护生成式深度神经网络支持临床数据共享。
Circ Cardiovasc Qual Outcomes. 2019 Jul;12(7):e005122. doi: 10.1161/CIRCOUTCOMES.118.005122. Epub 2019 Jul 9.
9
Focal Loss for Dense Object Detection.用于密集目标检测的焦散损失
IEEE Trans Pattern Anal Mach Intell. 2020 Feb;42(2):318-327. doi: 10.1109/TPAMI.2018.2858826. Epub 2018 Jul 23.

文献检索

告别复杂PubMed语法,用中文像聊天一样搜索,搜遍4000万医学文献。AI智能推荐,让科研检索更轻松。

立即免费搜索

文件翻译

保留排版,准确专业,支持PDF/Word/PPT等文件格式,支持 12+语言互译。

免费翻译文档

深度研究

AI帮你快速写综述,25分钟生成高质量综述,智能提取关键信息,辅助科研写作。

立即免费体验