A Probabilistic Fluctuation based Membership Inference Attack for Diffusion Models
This addresses security vulnerabilities in generative models for AI practitioners, offering a more effective attack method that relies on memorization rather than overfitting, though it is incremental as it builds on existing MIA research.
The paper tackles the problem of membership inference attacks (MIAs) on generative models by proposing PFAMI, a black-box attack that detects membership via probabilistic fluctuations around records, achieving a 27.9% improvement in attack success rate over the best baseline.
Membership Inference Attack (MIA) identifies whether a record exists in a machine learning model's training set by querying the model. MIAs on the classic classification models have been well-studied, and recent works have started to explore how to transplant MIA onto generative models. Our investigation indicates that existing MIAs designed for generative models mainly depend on the overfitting in target models. However, overfitting can be avoided by employing various regularization techniques, whereas existing MIAs demonstrate poor performance in practice. Unlike overfitting, memorization is essential for deep learning models to attain optimal performance, making it a more prevalent phenomenon. Memorization in generative models leads to an increasing trend in the probability distribution of generating records around the member record. Therefore, we propose a Probabilistic Fluctuation Assessing Membership Inference Attack (PFAMI), a black-box MIA that infers memberships by detecting these trends via analyzing the overall probabilistic fluctuations around given records. We conduct extensive experiments across multiple generative models and datasets, which demonstrate PFAMI can improve the attack success rate (ASR) by about 27.9% when compared with the best baseline.