This work addresses training-data privacy leakage caused by membership inference attacks (MIAs) by proposing a dynamic, inference-time adaptive noise defense mechanism. Unlike static differential privacy methods that inject fixed noise, our approach dynamically adjusts the variance of Gaussian noise based on query sensitivity—measured via Shannon entropy of the model’s output distribution—and employs probabilistic smoothing with renormalization to preserve prediction consistency. We introduce the first sensitivity-driven dynamic noise control paradigm and propose the MIDPUT metric to quantitatively characterize the privacy–utility trade-off. Extensive evaluation across multiple benchmark datasets demonstrates a substantial reduction in MIA success rate, up to a fourfold improvement in MIDPUT, negligible accuracy degradation (<0.5% average drop), and minimal inference overhead—less than 1% latency increase.

Membership Inference Attacks (MIAs) pose a significant risk to the privacy of training datasets by exploiting subtle differences in model outputs to determine whether a particular data sample was used during training. These attacks can compromise sensitive information, especially in domains such as healthcare and finance, where data privacy is paramount. Traditional mitigation techniques, such as static differential privacy, rely on injecting a fixed amount of noise during training or inference. However, this approach often leads to a detrimental trade-off: the noise may be insufficient to counter sophisticated attacks or, when increased, may substantially degrade model performance. In this paper, we present DynaNoise, an adaptive approach that dynamically modulates noise injection based on query sensitivity. Our approach performs sensitivity analysis using measures such as Shannon entropy to evaluate the risk associated with each query and adjusts the noise variance accordingly. A probabilistic smoothing step is then applied to renormalize the perturbed outputs, ensuring that the model maintains high accuracy while effectively obfuscating membership signals. We further propose an empirical metric, the Membership Inference Defense Privacy-Utility Tradeoff (MIDPUT), which quantifies the balance between reducing attack success rates and preserving the target model's accuracy. Our extensive evaluation on several benchmark datasets demonstrates that DynaNoise not only significantly reduces MIA success rates but also achieves up to a fourfold improvement in the MIDPUT metric compared to the state-of-the-art. Moreover, DynaNoise maintains competitive model accuracy while imposing only marginal inference overhead, highlighting its potential as an effective and efficient privacy defense against MIAs.