This is the official implementation of the paper "Are Diffusion Models Vulnerable to Membership Inference Attacks?". The proposed Step-wise Error Comparing Membership Inference (SecMI) is implemented in this codebase.
This codebase is built on top of pytorch-ddpm.
Please follow its instructions for model training. You can also run the following commands (or refer to train.sh):
python main.py --train --logdir ./experiments/CIFAR10 \
--dataset CIFAR10 --img_size 32 --batch_size 128 --fid_cache ./stats/cifar10.train.npz --total_steps 800001By default, it will load the splittings stored in mia_evals/member_splits and train DDPMs over half training split.
You can specify --dataset and --total_steps as you want.
Some pre-trained models can be downloaded from here.
To execute SecMI over pretrained DDPM, please execute the following command:
python secmia.py --model_dir /path/to/model_dir --dataset_root /path/to/dataset --dataset cifar10 --t_sec 100 --k 10
parameters:
--model_dir: path to the directory of checkpoints--dataset_root: path to the directory of datasets--dataset: dataset name--t_sec: timestep used for error comparing (t_SECin the paper)--k: DDIM interval (kin the paper)
Please cite our paper if you feel this is helpful:
@article{duan2023diffusion,
title={Are diffusion models vulnerable to membership inference attacks?},
author={Duan, Jinhao and Kong, Fei and Wang, Shiqi and Shi, Xiaoshuang and Xu, Kaidi},
journal={International Conference on Machine Learning},
year={2023}
}