With the rapid advancement of diffusion-based image-generative models, the quality of generated images has become increasingly photorealistic. Moreover, with the release of high-quality pre-trained image-generative models, a growing number of users are downloading these pre-trained models to fine-tune them with downstream datasets for various image-generation tasks. However, employing such powerful pre-trained models in downstream tasks presents significant privacy leakage risks. In this paper, we propose the first reconstruction-based membership inference attack framework, tailored for recent diffusion models, and in the more stringent black-box access setting. Considering four distinct attack scenarios and three types of attacks, this framework is capable of targeting any popular conditional generator model, achieving high precision, evidenced by an impressive AUC of $0.95$.

翻译：随着基于扩散的图像生成模型的快速发展，生成图像的质量日益逼真。此外，随着高质量预训练图像生成模型的发布，越来越多用户下载这些预训练模型，并使用下游数据集对其进行微调，以完成各种图像生成任务。然而，在下游任务中采用如此强大的预训练模型会带来显著的隐私泄露风险。本文针对近期扩散模型，在更为严格的仅黑盒访问设置下，提出了首个基于重构的成员推断攻击框架。该框架考虑了四种不同的攻击场景和三种攻击类型，能够针对任何流行的条件生成模型实现高精度攻击，其受试者工作特征曲线下面积达到令人瞩目的$0.95$。