Optimal Noise Injection on Training Data: A Defense Against Membership Inference Attacks

Radia Kassa; Radia Kassa; Kamel Adi; Myria Bouhaddi

doi:10.5220/0013639300003979

Optimal Noise Injection on Training Data: A Defense Against Membership Inference Attacks

Radia Kassa, Radia Kassa, Kamel Adi, Myria Bouhaddi

2025

Abstract

Membership inference attacks (MIAs) present a serious risk to data privacy in machine learning (ML) models, as they allow attackers to determine whether a given data point was included in the training set. Although various defenses exist, they often struggle to effectively balance privacy and utility. To address this challenge, we propose in this paper a novel defense mechanism based on Optimal Noise Injection during the training phase. Our approach involves injecting a carefully designed and controlled noise vector into each training sample. This optimization maximizes prediction entropy to obscure membership signals while leveraging Shapley values to preserve data utility. Experiments on benchmark datasets show that our method reduces MIA success rates significantly without sacrificing accuracy, offering a strong privacy-utility trade-off for black-box scenarios.

Download

Paper Citation

in Harvard Style

Kassa R., Adi K. and Bouhaddi M. (2025). Optimal Noise Injection on Training Data: A Defense Against Membership Inference Attacks. In Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT; ISBN 978-989-758-760-3, SciTePress, pages 531-538. DOI: 10.5220/0013639300003979

in Bibtex Style

@conference{secrypt25,
author={Radia Kassa and Kamel Adi and Myria Bouhaddi},
title={Optimal Noise Injection on Training Data: A Defense Against Membership Inference Attacks},
booktitle={Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT},
year={2025},
pages={531-538},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0013639300003979},
isbn={978-989-758-760-3},
}

in EndNote Style

TY - CONF

JO - Proceedings of the 22nd International Conference on Security and Cryptography - Volume 1: SECRYPT
TI - Optimal Noise Injection on Training Data: A Defense Against Membership Inference Attacks
SN - 978-989-758-760-3
AU - Kassa R.
AU - Adi K.
AU - Bouhaddi M.
PY - 2025
SP - 531
EP - 538
DO - 10.5220/0013639300003979
PB - SciTePress