@inproceedings{6a46369ff6cd45bbb8594b0f4e9bc7be,
title = "Shake to Leak: Fine-tuning Diffusion Models Can Amplify the Generative Privacy Risk",
abstract = "While diffusion models have recently demonstrated remarkable progress in generating realistic images, privacy risks also arise: published models or APIs could generate training images and thus leak privacy-sensitive training information. In this paper, we reveal a new risk, Shake-to-Leak (S2L), that fine-tuning the pre-trained models with manipulated data can amplify the existing privacy risks. We demonstrate that S2L could occur in various standard fine-tuning strategies for diffusion models, including concept-injection methods (DreamBooth and Textual Inversion) and parameter-efficient methods (LoRA and Hypernetwork), as well as their combinations. In the worst case, S2L can amplify the state-of-the-art membership inference attack (MIA) on diffusion models by 5.4% (absolute difference) AUC and can increase extracted private samples from almost 0 samples to 16.3 samples on average per target domain. This discovery underscores that the privacy risk with diffusion models is even more severe than previously recognized. Codes are available at https://github.com/VITA-Group/Shake-to-Leak.",
keywords = "Deep learning, diffusion models, fine-tuning, generative models, privacy risk",
author = "Zhangheng Li and Junyuan Hong and Bo Li and Zhangyang Wang",
note = "Publisher Copyright: {\textcopyright} 2024 IEEE.; 2024 IEEE Conference on Safe and Trustworthy Machine Learning, SaTML 2024 ; Conference date: 09-04-2024 Through 11-04-2024",
year = "2024",
doi = "10.1109/SaTML59370.2024.00010",
language = "English (US)",
series = "Proceedings - IEEE Conference on Safe and Trustworthy Machine Learning, SaTML 2024",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "18--32",
booktitle = "Proceedings - IEEE Conference on Safe and Trustworthy Machine Learning, SaTML 2024",
address = "United States",
}