Exploring Privacy and Fairness Risks in Sharing Diffusion Models: An Adversarial Perspective
CoRR(2024)
摘要
Diffusion models have recently gained significant attention in both academia
and industry due to their impressive generative performance in terms of both
sampling quality and distribution coverage. Accordingly, proposals are made for
sharing pre-trained diffusion models across different organizations, as a way
of improving data utilization while enhancing privacy protection by avoiding
sharing private data directly. However, the potential risks associated with
such an approach have not been comprehensively examined.
In this paper, we take an adversarial perspective to investigate the
potential privacy and fairness risks associated with the sharing of diffusion
models. Specifically, we investigate the circumstances in which one party (the
sharer) trains a diffusion model using private data and provides another party
(the receiver) black-box access to the pre-trained model for downstream tasks.
We demonstrate that the sharer can execute fairness poisoning attacks to
undermine the receiver's downstream models by manipulating the training data
distribution of the diffusion model. Meanwhile, the receiver can perform
property inference attacks to reveal the distribution of sensitive features in
the sharer's dataset. Our experiments conducted on real-world datasets
demonstrate remarkable attack performance on different types of diffusion
models, which highlights the critical importance of robust data auditing and
privacy protection protocols in pertinent applications.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要