Membership Inference of Diffusion Models
This addresses privacy concerns for users of sensitive data in AI applications, representing a novel security analysis rather than an incremental improvement.
The paper tackles the privacy risks of diffusion models by introducing the first membership inference attacks, which determine if a specific sample was used in training, achieving remarkable performance as shown in extensive evaluations on state-of-the-art models and datasets.
Recent years have witnessed the tremendous success of diffusion models in data synthesis. However, when diffusion models are applied to sensitive data, they also give rise to severe privacy concerns. In this paper, we systematically present the first study about membership inference attacks against diffusion models, which aims to infer whether a sample was used to train the model. Two attack methods are proposed, namely loss-based and likelihood-based attacks. Our attack methods are evaluated on several state-of-the-art diffusion models, over different datasets in relation to privacy-sensitive data. Extensive experimental evaluations show that our attacks can achieve remarkable performance. Furthermore, we exhaustively investigate various factors which can affect attack performance. Finally, we also evaluate the performance of our attack methods on diffusion models trained with differential privacy.