With the rapid advancement of diffusion-based image-generative models, the quality of generated images has become increasingly photorealistic. Moreover, with the release of high-quality pre-trained image-generative models, a growing number of users are downloading these pre-trained models to fine-tune them with downstream datasets for various image-generation tasks. However, employing such powerful pre-trained models in downstream tasks presents significant privacy leakage risks. In this paper, we propose the first reconstruction-based membership inference attack framework, tailored for recent diffusion models, and in the more stringent black-box access setting. Considering four distinct attack scenarios and three types of attacks, this framework is capable of targeting any popular conditional generator model, achieving high precision, evidenced by an impressive AUC of $0.95$.

翻译：随着基于扩散的图像生成模型的迅速发展，生成图像的画质日益逼真。此外，随着高质量预训练图像生成模型的发布，越来越多的用户下载这些预训练模型，并利用下游数据集对其进行微调，以完成各种图像生成任务。然而，在下游任务中采用如此强大的预训练模型会带来显著的隐私泄露风险。在本文中，我们提出首个基于重构的成员推断攻击框架，该框架专门针对最新的扩散模型，且适用于更严格的**黑盒**访问设置。该框架考虑了四种不同的攻击场景和三种攻击类型，能够针对任意流行的条件生成器模型，实现高精度攻击，以令人印象深刻的AUC值0.95为证。