Membership Inference Attacks against Generative Models and Differential Privacy Defense

August 24th, 2022

Thesis Type
  • Master
Presentation room
Seminar room I5 6202
Stefan Decker
Yongli Mou

Synthetic data is an efficient way to protect data privacy [1]. However, recent research shows that the synthetic data drawn from the original data distribution cannot provide free privacy [1]. Therefore, privacy enhancement techniques need to be taken into consideration when we design data synthesis techniques. The privacy-preserving solutions always consume the model utility. It is challenging to design algorithms that provide a strong privacy guarantee along with high data utility.

In this thesis, the student should review the state-of-the-art techniques in privacy protection and data synthesis, and propose a privacy-preserving image synthesis algorithm with high data utility. Specifically, the thesis aims to design a differential privacy-based data synthesis technique.

The thesis provides a potential opportunity to do an internship at Huawei Munich Research Center.

If you are interested in this thesis, do not hesitate to contact us via

[1] Chen, Jia-Wei, et al. “DPGEN: Differentially Private Generative Energy-Guided Network for Natural Image Synthesis.” Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 2022.

[2] Stadler, Theresa, Bristena Oprisanu, and Carmela Troncoso. “Synthetic data–anonymisation groundhog day.” 31st USENIX Security Symposium (USENIX Security 22). 2022.

[3] Chen D, Yu N, Zhang Y, Fritz M. Gan-leaks: A taxonomy of membership inference attacks against generative models. InProceedings of the 2020 ACM SIGSAC conference on computer and communications security 2020 Oct 30 (pp. 343-362).


Knowledge about Machine Learning
Programming language – Python
Deep Learning Framework – PyTorch