Embedding-Space Data Augmentation to Prevent Membership Inference Attacks in Clinical Time Series Forecasting

Balancing strong privacy guarantees with high predictive performance is critical for time series forecasting (TSF) tasks involving Electronic Health Records (EHR). In this study, we explore how data augmentation can mitigate Membership Inference Attacks (MIA) on TSF models. We show that retraining with synthetic data can substantially reduce the effectiveness of loss-based MIAs by reducing the attacker's true-positive to false-positive ratio. The key challenge is generating synthetic samples that closely resemble the original training data to confuse the attacker, while also introducing enough novelty to enhance the model's ability to generalize to unseen data. We examine multiple augmentation strategies - Zeroth-Order Optimization (ZOO), a variant of ZOO constrained by Principal Component Analysis (ZOO-PCA), and MixUp - to strengthen model resilience without sacrificing accuracy. Our experimental results show that ZOO-PCA yields the best reductions in TPR/FPR ratio for MIA attacks without sacrificing performance on test data.

Key Contributions

• Zeroth-Order Optimization (ZOO) algorithm operating in neural embedding space to synthesize augmentation samples that jointly reduce MIA effectiveness and maintain forecasting utility
• ZOO-PCA variant that constrains augmentation along principal components of the embedding space, yielding better MIA resistance and favorable convergence
• Empirical comparison of ZOO, ZOO-PCA, and MixUp on clinical multivariate TSF showing ZOO-PCA achieves the best TPR/FPR reduction without sacrificing predictive performance

🛡️ Threat Analysis

Details

Similar Papers