We gratefully acknowledge support from
the Simons Foundation and member institutions.
Full-text links:


Current browse context:


Change to browse by:

References & Citations

DBLP - CS Bibliography


(what is this?)
CiteULike logo BibSonomy logo Mendeley logo del.icio.us logo Digg logo Reddit logo ScienceWISE logo

Computer Science > Cryptography and Security

Title: Membership Inference Attacks against Diffusion Models

Abstract: Diffusion models have attracted attention in recent years as innovative generative models. In this paper, we investigate whether a diffusion model is resistant to a membership inference attack, which evaluates the privacy leakage of a machine learning model. We primarily discuss the diffusion model from the standpoints of comparison with a generative adversarial network (GAN) as conventional models and hyperparameters unique to the diffusion model, i.e., time steps, sampling steps, and sampling variances. We conduct extensive experiments with DDIM as a diffusion model and DCGAN as a GAN on the CelebA and CIFAR-10 datasets in both white-box and black-box settings and then confirm if the diffusion model is comparably resistant to a membership inference attack as GAN. Next, we demonstrate that the impact of time steps is significant and intermediate steps in a noise schedule are the most vulnerable to the attack. We also found two key insights through further analysis. First, we identify that DDIM is vulnerable to the attack for small sample sizes instead of achieving a lower FID. Second, sampling steps in hyperparameters are important for resistance to the attack, whereas the impact of sampling variances is quite limited.
Subjects: Cryptography and Security (cs.CR); Machine Learning (cs.LG)
Journal reference: DLSP 2023 (co-located in IEEE S&P 2023)
Cite as: arXiv:2302.03262 [cs.CR]
  (or arXiv:2302.03262v2 [cs.CR] for this version)

Submission history

From: Naoto Yanai [view email]
[v1] Tue, 7 Feb 2023 05:20:20 GMT (1658kb)
[v2] Wed, 22 Mar 2023 14:31:42 GMT (1098kb)

Link back to: arXiv, form interface, contact.