{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,21]],"date-time":"2026-04-21T15:13:35Z","timestamp":1776784415248,"version":"3.51.2"},"reference-count":42,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2025,10,2]],"date-time":"2025-10-02T00:00:00Z","timestamp":1759363200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":["www.mdpi.com"],"crossmark-restriction":true},"short-container-title":["JCP"],"abstract":"<jats:p>As more machine learning models are used in sensitive fields like healthcare, finance, and smart infrastructure, protecting structured tabular data from privacy attacks is a key research challenge. Although several privacy-preserving methods have been proposed for tabular data, a comprehensive comparison of their performance and trade-offs has yet to be conducted. We introduce and empirically assess a combined defense system that integrates differential privacy, federated learning, adaptive noise injection, hybrid cryptographic encryption, and ensemble-based obfuscation. The given strategies are analyzed on the benchmark tabular datasets (ADULT, GSS, FTE), showing that the suggested methods can mitigate up to 50 percent of model inversion attacks in relation to baseline models without decreasing the model utility (F1 scores are higher than 0.85). Moreover, on these datasets, our results match or exceed the latest state-of-the-art (SOTA) in terms of privacy. We also transform each defense into essential data privacy laws worldwide (GDPR and HIPAA), suggesting the best applicable guidelines for the ethical and regulation-sensitive deployment of privacy-preserving machine learning models in sensitive spaces.<\/jats:p>","DOI":"10.3390\/jcp5040080","type":"journal-article","created":{"date-parts":[[2025,10,2]],"date-time":"2025-10-02T08:20:28Z","timestamp":1759393228000},"page":"80","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["A Comparative Analysis of Defense Mechanisms Against Model Inversion Attacks on Tabular Data"],"prefix":"10.3390","volume":"5","author":[{"ORCID":"https:\/\/orcid.org\/0009-0008-3952-2320","authenticated-orcid":false,"given":"Neethu","family":"Vijayan","sequence":"first","affiliation":[{"name":"School of Business, University of Southern Queensland, Queensland, QLD 4350, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-5919-0174","authenticated-orcid":false,"given":"Raj","family":"Gururajan","sequence":"additional","affiliation":[{"name":"School of Business, University of Southern Queensland, Queensland, QLD 4350, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-8756-2991","authenticated-orcid":false,"given":"Ka Ching","family":"Chan","sequence":"additional","affiliation":[{"name":"School of Business, University of Southern Queensland, Queensland, QLD 4350, Australia"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2025,10,2]]},"reference":[{"key":"ref_1","unstructured":"Mehnaz, S., Dibbo, S.V., Kabir, E., Li, N., and Bertino, E. (2022, January 10\u201312). Are Your Sensitive Attributes Private? Novel Model Inversion Attribute Inference Attacks on Classification Models. Proceedings of the 31st USENIX Security Symposium, Boston, MA, USA."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"16324","DOI":"10.1109\/TNNLS.2025.3554656","article-title":"Defending Against Neural Network Model Inversion Attacks via Data Poisoning","volume":"36","author":"Zhou","year":"2025","journal-title":"IEEE Trans. Neural Netw. Learn. Syst."},{"key":"ref_3","first-page":"33","article-title":"Machine Learning for Personalized Medicine: Predicting Primary Myocardial Infarction from Electronic Health Records","volume":"33","author":"Weiss","year":"2012","journal-title":"AI Mag."},{"key":"ref_4","doi-asserted-by":"crossref","first-page":"76","DOI":"10.1109\/MIC.2003.1167344","article-title":"Amazon.com recommendations: Item-to-item collaborative filtering","volume":"7","author":"Linden","year":"2003","journal-title":"IEEE Internet Comput."},{"key":"ref_5","first-page":"421425","article-title":"A Survey of Collaborative Filtering Techniques","volume":"2009","author":"Su","year":"2009","journal-title":"Adv. Artif. Intell."},{"key":"ref_6","doi-asserted-by":"crossref","unstructured":"Dunis, C.L. (2016). Artificial Intelligence in Financial Markets, Palgrave Macmillan.","DOI":"10.1057\/978-1-137-48880-0"},{"key":"ref_7","first-page":"337","article-title":"Generation of synthetic manufacturing datasets for machine learning using discrete-event simulation","volume":"10","author":"Chan","year":"2022","journal-title":"Prod. Manuf. Res."},{"key":"ref_8","doi-asserted-by":"crossref","unstructured":"Rabaev, M., Pratama, H., and Chan, K.C. (2024, January 17\u201319). Leveraging Synthetic Data and Machine Learning for Shared Facility Scheduling. Proceedings of the International Conference on Information Technology and Applications, Sydney, Australia.","DOI":"10.1007\/978-981-99-8324-7_34"},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Fredrikson, M., Jha, S., and Ristenpart, T. (2015, January 12\u201316). Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures. Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA.","DOI":"10.1145\/2810103.2813677"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"244","DOI":"10.1016\/j.neucom.2019.12.136","article-title":"Generation and evaluation of privacy preserving synthetic health data","volume":"416","author":"Yale","year":"2020","journal-title":"Neurocomputing"},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"106775","DOI":"10.1016\/j.knosys.2021.106775","article-title":"A survey on federated learning","volume":"216","author":"Zhang","year":"2021","journal-title":"Knowl.-Based Syst."},{"key":"ref_12","unstructured":"Zhou, Z., Zhu, J., Yu, F., Li, X., Peng, X., Liu, T., and Han, B. (2024). Model Inversion Attacks: A Survey of Approaches and Countermeasures. arXiv."},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Gougeh, R.A. (Res. Sq., 2021). How Adversarial attacks affect Deep Neural Networks Detecting COVID-19?, Res. Sq., preprint.","DOI":"10.21203\/rs.3.rs-763355\/v1"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Kulkarni, Y., and Bhambani, K. (2021). Kryptonite: An Adversarial Attack Using Regional Focus. Applied Cryptography and Network Security Workshops, Springer International Publishing.","DOI":"10.1007\/978-3-030-81645-2_26"},{"key":"ref_15","unstructured":"Brendel, W., Rauber, J., and Bethge, M. (2017). Decision-Based Adversarial Attacks: Reliable Attacks Against Black-Box Machine Learning Models. arXiv."},{"key":"ref_16","doi-asserted-by":"crossref","first-page":"102266","DOI":"10.1109\/ACCESS.2022.3208131","article-title":"Adversarial Deep Learning: A Survey on Adversarial Attacks and Defense Mechanisms on Image Classification","volume":"10","author":"Khamaiseh","year":"2022","journal-title":"IEEE Access"},{"key":"ref_17","doi-asserted-by":"crossref","first-page":"18134","DOI":"10.1109\/ACCESS.2023.3245813","article-title":"Explainable Data Poison Attacks on Human Emotion Evaluation Systems Based on EEG Signals","volume":"11","author":"Zhang","year":"2023","journal-title":"IEEE Access"},{"key":"ref_18","unstructured":"Zhang, T., He, Z., and Lee, R.B. (2018). Privacy-preserving Machine Learning through Data Obfuscation. arXiv."},{"key":"ref_19","doi-asserted-by":"crossref","first-page":"437","DOI":"10.1109\/TDSC.2021.3135422","article-title":"LoMar: A Local Defense Against Poisoning Attack on Federated Learning","volume":"20","author":"Li","year":"2023","journal-title":"IEEE Trans. Dependable Secur. Comput."},{"key":"ref_20","first-page":"200355","article-title":"MEFF\u2014A model ensemble feature fusion approach for tackling adversarial attacks in medical imaging","volume":"22","author":"Alzubaidi","year":"2024","journal-title":"Intell. Syst. Appl."},{"key":"ref_21","doi-asserted-by":"crossref","unstructured":"Guo, Y., Yin, P., and Huang, D. (2023). One-Pixel Attack for Continuous-Variable Quantum Key Distribution Systems. Photonics, 10.","DOI":"10.3390\/photonics10020129"},{"key":"ref_22","unstructured":"Jingyi, G., Jianming, W., and Ping, Z. (2025, January 25\u201331). Frequency-guard: Defense against data poisoning attacks to local differential privacy protocols. Proceedings of the SPIE, San Francisco, CA, USA."},{"key":"ref_23","doi-asserted-by":"crossref","first-page":"3195","DOI":"10.1109\/TKDE.2024.3358909","article-title":"LDPGuard: Defenses Against Data Poisoning Attacks to Local Differential Privacy Protocols","volume":"36","author":"Huang","year":"2024","journal-title":"IEEE Trans. Knowl. Data Eng."},{"key":"ref_24","doi-asserted-by":"crossref","unstructured":"Hossain, M.T., Badsha, S., La, H., Islam, S., and Khalil, I. (IEEE Trans. Artif. Intell., 2025). Exploiting Gaussian Noise Variance for Dynamic Differential Poisoning in Federated Learning, IEEE Trans. Artif. Intell., early access.","DOI":"10.1109\/TAI.2025.3540030"},{"key":"ref_25","doi-asserted-by":"crossref","unstructured":"Rathod, V., Nabavirazavi, S., Zad, S., and Iyengar, S.S. (2025, January 6\u20138). Privacy and Security Challenges in Large Language Models. Proceedings of the 2025 IEEE 15th Annual Computing and Communication Workshop and Conference (CCWC), Las Vegas, NV, USA.","DOI":"10.1109\/CCWC62904.2025.10903912"},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"152","DOI":"10.1145\/3712001","article-title":"Security and Privacy Challenges of Large Language Models: A Survey","volume":"57","author":"Das","year":"2025","journal-title":"ACM Comput. Surv."},{"key":"ref_27","unstructured":"Carlini, N., Tramer, F., Wallace, E., Jagielski, M., Herbert-Voss, A., Lee, K., Roberts, A., Brown, T., Song, D., and Erlingsson, U. (2021, January 11\u201313). Extracting training data from large language models. Proceedings of the 30th USENIX Security Symposium (USENIX Security 21), Vancouver, BC, Canada."},{"key":"ref_28","unstructured":"Li, H., Chen, Y., Luo, J., Wang, J., Peng, H., Kang, Y., Zhang, X., Hu, Q., Chan, C., and Xu, Z. (2023). Privacy in large language models: Attacks, defenses and future directions. arXiv."},{"key":"ref_29","doi-asserted-by":"crossref","unstructured":"Qu, W., Zhou, Y., Wu, Y., Xiao, T., Yuan, B., Li, Y., and Zhang, J. (2025, January 12\u201315). Prompt Inversion Attack Against Collaborative Inference of Large Language Models. Proceedings of the 2025 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA.","DOI":"10.1109\/SP61157.2025.00160"},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Du, H., Liu, S., Zheng, L., Cao, Y., Nakamura, A., and Chen, L. (2025). Privacy in Fine-Tuning Large Language Models: Attacks, Defenses, and Future Directions. Advances in Knowledge Discovery and Data Mining, Springer Nature.","DOI":"10.1007\/978-981-96-8183-9_25"},{"key":"ref_31","first-page":"87801","article-title":"Dager: Exact gradient inversion for large language models","volume":"37","author":"Petrov","year":"2024","journal-title":"Adv. Neural Inf. Process. Syst."},{"key":"ref_32","doi-asserted-by":"crossref","unstructured":"Lukas, N., Salem, A., Sim, R., Tople, S., Wutschitz, L., and Zanella-B\u00e9guelin, S. (2023, January 22\u201325). Analyzing Leakage of Personally Identifiable Information in Language Models. Proceedings of the 2023 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA.","DOI":"10.1109\/SP46215.2023.10179300"},{"key":"ref_33","doi-asserted-by":"crossref","first-page":"5","DOI":"10.1109\/MIS.2020.3010335","article-title":"Preserving User Privacy for Machine Learning: Local Differential Privacy or Federated Machine Learning?","volume":"35","author":"Zheng","year":"2020","journal-title":"IEEE Intell. Syst."},{"key":"ref_34","doi-asserted-by":"crossref","unstructured":"Bos, J.W., Halderman, J.A., Heninger, N., Moore, J., Naehrig, M., and Wustrow, E. (2014). Elliptic Curve Cryptography in Practice. Financial Cryptography and Data Security, Springer.","DOI":"10.1007\/978-3-662-45472-5_11"},{"key":"ref_35","doi-asserted-by":"crossref","first-page":"99","DOI":"10.1109\/LES.2018.2823906","article-title":"Embedding Encryption and Machine Learning Intrusion Prevention Systems on Programmable Logic Controllers","volume":"10","author":"Alves","year":"2018","journal-title":"IEEE Embed. Syst. Lett."},{"key":"ref_36","doi-asserted-by":"crossref","first-page":"7436","DOI":"10.1109\/JIOT.2023.3338220","article-title":"Privacy-Preserving Machine Learning Using Functional Encryption: Opportunities and Challenges","volume":"11","author":"Panzade","year":"2024","journal-title":"IEEE Internet Things J."},{"key":"ref_37","doi-asserted-by":"crossref","unstructured":"Bokhari, M.U., and Shallal, Q.M. (2016). A review on symmetric key encryption techniques in cryptography. Int. J. Comput. Appl., 147.","DOI":"10.5120\/ijca2016911203"},{"key":"ref_38","doi-asserted-by":"crossref","unstructured":"Li, Y., and Liu, F. (2020). Adaptive Gaussian Noise Injection Regularization for Neural Networks. Advances in Neural Networks\u2014ISNN 2020, Springer International Publishing.","DOI":"10.1007\/978-3-030-64221-1_16"},{"key":"ref_39","doi-asserted-by":"crossref","unstructured":"Phan, N., Wu, X., Hu, H., and Dou, D. (2017, January 18\u201321). Adaptive Laplace Mechanism: Differential Privacy Preservation in Deep Learning. Proceedings of the 2017 IEEE International Conference on Data Mining (ICDM), New Orleans, LA, USA.","DOI":"10.1109\/ICDM.2017.48"},{"key":"ref_40","unstructured":"Tan, Y.X.M., Elovici, Y., and Binder, A. (2021, January 10\u201315). Adaptive Noise Injection for Training Stochastic Student Networks from Deterministic Teachers. Proceedings of the 2020 25th International Conference on Pattern Recognition (ICPR), Virtual."},{"key":"ref_41","first-page":"103311","article-title":"Obfuscation detection in Android applications using deep learning","volume":"70","author":"Conti","year":"2022","journal-title":"J. Inf. Secur. Appl."},{"key":"ref_42","doi-asserted-by":"crossref","first-page":"48901","DOI":"10.1109\/ACCESS.2019.2909559","article-title":"Differential Privacy Preservation in Deep Learning: Challenges, Opportunities and Solutions","volume":"7","author":"Zhao","year":"2019","journal-title":"IEEE Access"}],"container-title":["Journal of Cybersecurity and Privacy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2624-800X\/5\/4\/80\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,2]],"date-time":"2025-10-02T08:55:01Z","timestamp":1759395301000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2624-800X\/5\/4\/80"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,2]]},"references-count":42,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2025,12]]}},"alternative-id":["jcp5040080"],"URL":"https:\/\/doi.org\/10.3390\/jcp5040080","relation":{},"ISSN":["2624-800X"],"issn-type":[{"value":"2624-800X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,10,2]]}}}