MGMD-GAN: Generalization Improvement of Generative Adversarial Networks with Multiple Generator Multiple Discriminator Framework Against Membership Inference Attacks

Nirob Arefin
2024-10-10
Abstract:Generative Adversarial Networks (GAN) are among the widely used Generative models in various applications. However, the original GAN architecture may memorize the distribution of the training data and, therefore, poses a threat to Membership Inference Attacks. In this work, we propose a new GAN framework that consists of Multiple Generators and Multiple Discriminators (MGMD-GAN). Disjoint partitions of the training data are used to train this model and it learns the mixture distribution of all the training data partitions. In this way, our proposed model reduces the generalization gap which makes our MGMD-GAN less vulnerable to Membership Inference Attacks. We provide an experimental analysis of our model and also a comparison with other GAN frameworks.
Machine Learning
What problem does this paper attempt to address?
The problem this paper attempts to address is the overfitting issue that Generative Adversarial Networks (GANs) may encounter during training, which makes GANs susceptible to Membership Inference Attacks (MIA). Specifically, traditional GAN architectures may memorize the distribution of the training data, making the model vulnerable to membership inference attacks. To mitigate this risk, the authors propose a new GAN framework—Multiple Generators Multiple Discriminators GAN (MGMD-GAN). By dividing the training data into multiple disjoint subsets and training generator-discriminator pairs on each subset separately, the framework aims to reduce the generalization gap, thereby enhancing the model's defense against membership inference attacks. ### Main Contributions: 1. **Reducing Generalization Gap**: By dividing the training data into multiple disjoint subsets and training generator-discriminator pairs on each subset separately, MGMD-GAN can better learn the overall distribution of the data, reducing the overfitting phenomenon. 2. **Enhancing Defense Capability**: Due to the reduced generalization gap, MGMD-GAN's defense capability against membership inference attacks is improved, making it more difficult for attackers to determine whether a sample was used to train the model. 3. **Experimental Validation**: The authors experimentally validated the effectiveness of MGMD-GAN and compared it with existing GAN frameworks. The results show that MGMD-GAN performs well in reducing the generalization gap and enhancing defense capability. ### Experimental Results: - **Generalization Gap Comparison**: Experiments on the MNIST dataset show that MGMD-GAN has a significantly smaller generalization gap than PAR-GAN under different data partition numbers, especially when the number of data partitions is large, MGMD-GAN's performance is more prominent. - **Membership Inference Attack Defense**: MGMD-GAN's defense capability against membership inference attacks has also been validated. Its attack accuracy under different loss functions is lower than that of PAR-GAN, especially when using JS divergence as the loss function, MGMD-GAN's defense effect is the best. ### Conclusion: The authors propose a new GAN framework, MGMD-GAN, which effectively reduces the model's generalization gap and enhances its defense capability against membership inference attacks through the design of multiple generators and multiple discriminators. Experimental results show that MGMD-GAN performs excellently in reducing the generalization gap and enhancing defense capability, indicating high application value. Future research will further explore the performance of this framework on other types of datasets.