Membership inference attacks (MIAs) expose significant privacy risks by determining whether an individual's data is in a dataset. While differential privacy (DP) mitigates such risks, it faces challenges in general when achieving an optimal balance between privacy and utility, often requiring intractable sensitivity calculations and limiting flexibility in complex compositions. We propose a game-theoretic framework that models privacy protection as a Bayesian game between a defender and an attacker, solved using a general-sum Generative Adversarial Network (general-sum GAN). The Bayes Generative Privacy (BGP) response, based on cross-entropy loss, defines the attacker's optimal strategy, leading to the Bayes-Nash Generative Privacy (BNGP) strategy, which achieves the optimal privacy-utility trade-off tailored to the defender's preferences. The BNGP strategy avoids sensitivity calculations, supports compositions of correlated mechanisms, and is robust to the attacker's heterogeneous preferences over true and false positives. A case study on binary dataset summary statistics demonstrates its superiority over likelihood ratio test (LRT)-based attacks, including the uniformly most powerful LRT. Empirical results confirm BNGP's effectiveness.

翻译：成员推理攻击通过判定个体数据是否属于特定数据集，揭示了重大的隐私风险。虽然差分隐私能够缓解此类风险，但在实现隐私与效用的最优平衡方面通常面临挑战，往往需要难以处理的敏感度计算，且在复杂组合中限制了灵活性。我们提出一个博弈论框架，将隐私保护建模为防御者与攻击者之间的贝叶斯博弈，并通过一般和生成对抗网络求解。基于交叉熵损失的贝叶斯生成隐私响应定义了攻击者的最优策略，进而推导出贝叶斯-纳什生成隐私策略，该策略能够根据防御者的偏好实现定制化的最优隐私-效用权衡。BNGP策略避免了敏感度计算，支持相关机制的组合，并对攻击者在真阳性与假阳性上的异质偏好具有鲁棒性。针对二值数据集汇总统计量的案例研究表明，其性能优于基于似然比检验的攻击方法（包括一致最优势似然比检验）。实证结果验证了BNGP的有效性。