{"id":"https://openalex.org/W4415058907","doi":"https://doi.org/10.1145/3733799.3762977","title":"Ensembling Membership Inference Attacks Against Tabular Generative Models","display_name":"Ensembling Membership Inference Attacks Against Tabular Generative Models","publication_year":2025,"publication_date":"2025-10-13","ids":{"openalex":"https://openalex.org/W4415058907","doi":"https://doi.org/10.1145/3733799.3762977"},"language":"en","primary_location":{"id":"doi:10.1145/3733799.3762977","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3733799.3762977","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 18th ACM Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"},"type":"article","indexed_in":["arxiv","crossref"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1145/3733799.3762977","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5113141725","display_name":"Joshua Ward","orcid":null},"institutions":[{"id":"https://openalex.org/I161318765","display_name":"University of California, Los Angeles","ror":"https://ror.org/046rm7j60","country_code":"US","type":"education","lineage":["https://openalex.org/I161318765"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Joshua Ward","raw_affiliation_strings":["University of California Los Angeles, Los Angeles, California, USA"],"affiliations":[{"raw_affiliation_string":"University of California Los Angeles, Los Angeles, California, USA","institution_ids":["https://openalex.org/I161318765"]}]},{"author_position":"middle","author":{"id":null,"display_name":"Yuxuan Yang","orcid":"https://orcid.org/0009-0004-1577-4698"},"institutions":[{"id":"https://openalex.org/I1743320","display_name":"Palo Alto University","ror":"https://ror.org/04f812k67","country_code":"US","type":"education","lineage":["https://openalex.org/I1743320"]},{"id":"https://openalex.org/I97018004","display_name":"Stanford University","ror":"https://ror.org/00f54p054","country_code":"US","type":"education","lineage":["https://openalex.org/I97018004"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Yuxuan Yang","raw_affiliation_strings":["Stanford University, Palo Alto, USA"],"affiliations":[{"raw_affiliation_string":"Stanford University, Palo Alto, USA","institution_ids":["https://openalex.org/I1743320","https://openalex.org/I97018004"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5108749815","display_name":"Chi\u2010Hua Wang","orcid":null},"institutions":[{"id":"https://openalex.org/I161318765","display_name":"University of California, Los Angeles","ror":"https://ror.org/046rm7j60","country_code":"US","type":"education","lineage":["https://openalex.org/I161318765"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Chi-Hua Wang","raw_affiliation_strings":["University of California Los Angeles, Los Angeles, California, USA"],"affiliations":[{"raw_affiliation_string":"University of California Los Angeles, Los Angeles, California, USA","institution_ids":["https://openalex.org/I161318765"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5101688179","display_name":"Guang Cheng","orcid":"https://orcid.org/0000-0002-7874-9404"},"institutions":[{"id":"https://openalex.org/I161318765","display_name":"University of California, Los Angeles","ror":"https://ror.org/046rm7j60","country_code":"US","type":"education","lineage":["https://openalex.org/I161318765"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Guang Cheng","raw_affiliation_strings":["University of California Los Angeles, Los Angeles, California, USA"],"affiliations":[{"raw_affiliation_string":"University of California Los Angeles, Los Angeles, California, USA","institution_ids":["https://openalex.org/I161318765"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":4,"corresponding_author_ids":["https://openalex.org/A5113141725"],"corresponding_institution_ids":["https://openalex.org/I161318765"],"apc_list":null,"apc_paid":null,"fwci":0.0,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":{"value":0.32801597,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":"182","last_page":"193"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11719","display_name":"Data Quality and Management","score":0.9115999937057495,"subfield":{"id":"https://openalex.org/subfields/1803","display_name":"Management Science and Operations Research"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}},"topics":[{"id":"https://openalex.org/T11719","display_name":"Data Quality and Management","score":0.9115999937057495,"subfield":{"id":"https://openalex.org/subfields/1803","display_name":"Management Science and Operations Research"},"field":{"id":"https://openalex.org/fields/18","display_name":"Decision Sciences"},"domain":{"id":"https://openalex.org/domains/2","display_name":"Social Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.7851999998092651},{"id":"https://openalex.org/keywords/inference","display_name":"Inference","score":0.666100025177002},{"id":"https://openalex.org/keywords/adversary","display_name":"Adversary","score":0.6470000147819519},{"id":"https://openalex.org/keywords/generative-grammar","display_name":"Generative grammar","score":0.550000011920929},{"id":"https://openalex.org/keywords/benchmark","display_name":"Benchmark (surveying)","score":0.5266000032424927},{"id":"https://openalex.org/keywords/a-priori-and-a-posteriori","display_name":"A priori and a posteriori","score":0.5242999792098999},{"id":"https://openalex.org/keywords/variety","display_name":"Variety (cybernetics)","score":0.5192000269889832}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.7851999998092651},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7623000144958496},{"id":"https://openalex.org/C2776214188","wikidata":"https://www.wikidata.org/wiki/Q408386","display_name":"Inference","level":2,"score":0.666100025177002},{"id":"https://openalex.org/C41065033","wikidata":"https://www.wikidata.org/wiki/Q2825412","display_name":"Adversary","level":2,"score":0.6470000147819519},{"id":"https://openalex.org/C39890363","wikidata":"https://www.wikidata.org/wiki/Q36108","display_name":"Generative grammar","level":2,"score":0.550000011920929},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.5266000032424927},{"id":"https://openalex.org/C185798385","wikidata":"https://www.wikidata.org/wiki/Q1161707","display_name":"Benchmark (surveying)","level":2,"score":0.5266000032424927},{"id":"https://openalex.org/C75553542","wikidata":"https://www.wikidata.org/wiki/Q178161","display_name":"A priori and a posteriori","level":2,"score":0.5242999792098999},{"id":"https://openalex.org/C136197465","wikidata":"https://www.wikidata.org/wiki/Q1729295","display_name":"Variety (cybernetics)","level":2,"score":0.5192000269889832},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.5115000009536743},{"id":"https://openalex.org/C37736160","wikidata":"https://www.wikidata.org/wiki/Q1801315","display_name":"Adversarial system","level":2,"score":0.5005999803543091},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.41990000009536743},{"id":"https://openalex.org/C167966045","wikidata":"https://www.wikidata.org/wiki/Q5532625","display_name":"Generative model","level":3,"score":0.4066999852657318},{"id":"https://openalex.org/C199521495","wikidata":"https://www.wikidata.org/wiki/Q181487","display_name":"Audit","level":2,"score":0.3515999913215637},{"id":"https://openalex.org/C160920958","wikidata":"https://www.wikidata.org/wiki/Q7662746","display_name":"Synthetic data","level":2,"score":0.3192000091075897},{"id":"https://openalex.org/C65856478","wikidata":"https://www.wikidata.org/wiki/Q3991682","display_name":"Attack model","level":2,"score":0.2800999879837036},{"id":"https://openalex.org/C123201435","wikidata":"https://www.wikidata.org/wiki/Q456632","display_name":"Information privacy","level":2,"score":0.27959999442100525},{"id":"https://openalex.org/C67186912","wikidata":"https://www.wikidata.org/wiki/Q367664","display_name":"Data modeling","level":2,"score":0.27079999446868896},{"id":"https://openalex.org/C40305131","wikidata":"https://www.wikidata.org/wiki/Q2616305","display_name":"Obfuscation","level":2,"score":0.2605000138282776}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1145/3733799.3762977","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3733799.3762977","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 18th ACM Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"},{"id":"pmh:oai:arXiv.org:2509.05350","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2509.05350","pdf_url":"https://arxiv.org/pdf/2509.05350","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"}],"best_oa_location":{"id":"doi:10.1145/3733799.3762977","is_oa":true,"landing_page_url":"https://doi.org/10.1145/3733799.3762977","pdf_url":null,"source":null,"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"Proceedings of the 18th ACM Workshop on Artificial Intelligence and Security","raw_type":"proceedings-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G4917824720","display_name":null,"funder_award_id":"CNS-2247795","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Membership":[0],"Inference":[1],"Attacks":[2],"(MIAs)":[3],"have":[4,26],"emerged":[5],"as":[6,65],"a":[7,45,49,66,89,94],"principled":[8],"framework":[9],"for":[10],"auditing":[11],"the":[12,56,74],"privacy":[13,33,78],"of":[14,97],"synthetic":[15,76],"data":[16,77],"generated":[17],"by":[18,108],"tabular":[19],"generative":[20],"models,":[21],"where":[22],"many":[23],"diverse":[24],"methods":[25],"been":[27],"proposed":[28],"that":[29,52,85,117],"each":[30],"exploit":[31],"different":[32],"leakage":[34],"signals.":[35],"However,":[36],"in":[37],"realistic":[38],"threat":[39,105],"scenarios,":[40],"an":[41],"adversary":[42],"must":[43],"choose":[44],"single":[46],"method":[47],"without":[48],"priori":[50],"guarantee":[51],"it":[53],"will":[54],"be":[55],"empirically":[57,125],"highest":[58],"performing":[59],"option.":[60],"We":[61],"study":[62],"this":[63],"challenge":[64],"decision":[67],"theoretic":[68],"problem":[69],"under":[70,103],"uncertainty":[71],"and":[72,100,115],"conduct":[73],"largest":[75],"benchmark":[79],"to":[80],"date.":[81],"Here,":[82],"we":[83,111],"find":[84],"no":[86],"MIA":[87],"constitutes":[88],"strictly":[90],"dominant":[91],"strategy":[92],"across":[93],"wide":[95],"variety":[96],"model":[98],"architectures":[99],"dataset":[101],"domains":[102],"our":[104],"model.":[106],"Motivated":[107],"these":[109],"findings,":[110],"propose":[112],"ensemble":[113],"MIAs":[114],"show":[116],"unsupervised":[118],"ensembles":[119],"built":[120],"on":[121],"individual":[122,131],"attacks":[123],"offer":[124],"more":[126],"robust,":[127],"regret-minimizing":[128],"strategies":[129],"than":[130],"attacks.":[132],"1":[133]},"counts_by_year":[],"updated_date":"2026-04-09T08:11:56.329763","created_date":"2025-10-11T00:00:00"}