135 research outputs found
Are Diffusion Models Vulnerable to Membership Inference Attacks?
Diffusion-based generative models have shown great potential for image
synthesis, but there is a lack of research on the security and privacy risks
they may pose. In this paper, we investigate the vulnerability of diffusion
models to Membership Inference Attacks (MIAs), a common privacy concern. Our
results indicate that existing MIAs designed for GANs or VAE are largely
ineffective on diffusion models, either due to inapplicable scenarios (e.g.,
requiring the discriminator of GANs) or inappropriate assumptions (e.g., closer
distances between synthetic samples and member samples). To address this gap,
we propose Step-wise Error Comparing Membership Inference (SecMI), a
query-based MIA that infers memberships by assessing the matching of forward
process posterior estimation at each timestep. SecMI follows the common
overfitting assumption in MIA where member samples normally have smaller
estimation errors, compared with hold-out samples. We consider both the
standard diffusion models, e.g., DDPM, and the text-to-image diffusion models,
e.g., Latent Diffusion Models and Stable Diffusion. Experimental results
demonstrate that our methods precisely infer the membership with high
confidence on both of the two scenarios across multiple different datasets.
Code is available at https://github.com/jinhaoduan/SecMI.Comment: To appear in ICML 202
Shifting Attention to Relevance: Towards the Uncertainty Estimation of Large Language Models
Although Large Language Models (LLMs) have shown great potential in Natural
Language Generation, it is still challenging to characterize the uncertainty of
model generations, i.e., when users could trust model outputs. Our research is
derived from the heuristic facts that tokens are created unequally in
reflecting the meaning of generations by auto-regressive LLMs, i.e., some
tokens are more relevant (or representative) than others, yet all the tokens
are equally valued when estimating uncertainty. It is because of the linguistic
redundancy where mostly a few keywords are sufficient to convey the meaning of
a long sentence. We name these inequalities as generative inequalities and
investigate how they affect uncertainty estimation. Our results reveal that
considerable tokens and sentences containing limited semantics are weighted
equally or even heavily when estimating uncertainty. To tackle these biases
posed by generative inequalities, we propose to jointly Shifting Attention to
more Relevant (SAR) components from both the token level and the sentence level
while estimating uncertainty. We conduct experiments over popular
"off-the-shelf" LLMs (e.g., OPT, LLaMA) with model sizes up to 30B and powerful
commercial LLMs (e.g., Davinci from OpenAI), across various free-form
question-answering tasks. Experimental results and detailed demographic
analysis indicate the superior performance of SAR. Code is available at
https://github.com/jinhaoduan/shifting-attention-to-relevance
Semantic Adversarial Attacks via Diffusion Models
Traditional adversarial attacks concentrate on manipulating clean examples in
the pixel space by adding adversarial perturbations. By contrast, semantic
adversarial attacks focus on changing semantic attributes of clean examples,
such as color, context, and features, which are more feasible in the real
world. In this paper, we propose a framework to quickly generate a semantic
adversarial attack by leveraging recent diffusion models since semantic
information is included in the latent space of well-trained diffusion models.
Then there are two variants of this framework: 1) the Semantic Transformation
(ST) approach fine-tunes the latent space of the generated image and/or the
diffusion model itself; 2) the Latent Masking (LM) approach masks the latent
space with another target image and local backpropagation-based interpretation
methods. Additionally, the ST approach can be applied in either white-box or
black-box settings. Extensive experiments are conducted on CelebA-HQ and AFHQ
datasets, and our framework demonstrates great fidelity, generalizability, and
transferability compared to other baselines. Our approaches achieve
approximately 100% attack success rate in multiple settings with the best FID
as 36.61. Code is available at
https://github.com/steven202/semantic_adv_via_dm.Comment: To appear in BMVC 202
RBFormer: Improve Adversarial Robustness of Transformer by Robust Bias
Recently, there has been a surge of interest and attention in
Transformer-based structures, such as Vision Transformer (ViT) and Vision
Multilayer Perceptron (VMLP). Compared with the previous convolution-based
structures, the Transformer-based structure under investigation showcases a
comparable or superior performance under its distinctive attention-based input
token mixer strategy. Introducing adversarial examples as a robustness
consideration has had a profound and detrimental impact on the performance of
well-established convolution-based structures. This inherent vulnerability to
adversarial attacks has also been demonstrated in Transformer-based structures.
In this paper, our emphasis lies on investigating the intrinsic robustness of
the structure rather than introducing novel defense measures against
adversarial attacks. To address the susceptibility to robustness issues, we
employ a rational structure design approach to mitigate such vulnerabilities.
Specifically, we enhance the adversarial robustness of the structure by
increasing the proportion of high-frequency structural robust biases. As a
result, we introduce a novel structure called Robust Bias Transformer-based
Structure (RBFormer) that shows robust superiority compared to several existing
baseline structures. Through a series of extensive experiments, RBFormer
outperforms the original structures by a significant margin, achieving an
impressive improvement of +16.12% and +5.04% across different evaluation
criteria on CIFAR-10 and ImageNet-1k, respectively.Comment: BMVC 202
An Efficient Membership Inference Attack for the Diffusion Model by Proximal Initialization
Recently, diffusion models have achieved remarkable success in generating
tasks, including image and audio generation. However, like other generative
models, diffusion models are prone to privacy issues. In this paper, we propose
an efficient query-based membership inference attack (MIA), namely Proximal
Initialization Attack (PIA), which utilizes groundtruth trajectory obtained by
initialized in and predicted point to infer memberships.
Experimental results indicate that the proposed method can achieve competitive
performance with only two queries on both discrete-time and continuous-time
diffusion models. Moreover, previous works on the privacy of diffusion models
have focused on vision tasks without considering audio tasks. Therefore, we
also explore the robustness of diffusion models to MIA in the text-to-speech
(TTS) task, which is an audio generation task. To the best of our knowledge,
this work is the first to study the robustness of diffusion models to MIA in
the TTS task. Experimental results indicate that models with mel-spectrogram
(image-like) output are vulnerable to MIA, while models with audio output are
relatively robust to MIA. {Code is available at
\url{https://github.com/kong13661/PIA}}
Unlearnable Examples for Diffusion Models: Protect Data from Unauthorized Exploitation
Diffusion models have demonstrated remarkable performance in image generation
tasks, paving the way for powerful AIGC applications. However, these
widely-used generative models can also raise security and privacy concerns,
such as copyright infringement, and sensitive data leakage. To tackle these
issues, we propose a method, Unlearnable Diffusion Perturbation, to safeguard
images from unauthorized exploitation. Our approach involves designing an
algorithm to generate sample-wise perturbation noise for each image to be
protected. This imperceptible protective noise makes the data almost
unlearnable for diffusion models, i.e., diffusion models trained or fine-tuned
on the protected data cannot generate high-quality and diverse images related
to the protected training data. Theoretically, we frame this as a max-min
optimization problem and introduce EUDP, a noise scheduler-based method to
enhance the effectiveness of the protective noise. We evaluate our methods on
both Denoising Diffusion Probabilistic Model and Latent Diffusion Models,
demonstrating that training diffusion models on the protected data lead to a
significant reduction in the quality of the generated images. Especially, the
experimental results on Stable Diffusion demonstrate that our method
effectively safeguards images from being used to train Diffusion Models in
various tasks, such as training specific objects and styles. This achievement
holds significant importance in real-world scenarios, as it contributes to the
protection of privacy and copyright against AI-generated content
Flew Over Learning Trap: Learn Unlearnable Samples by Progressive Staged Training
Unlearning techniques are proposed to prevent third parties from exploiting
unauthorized data, which generate unlearnable samples by adding imperceptible
perturbations to data for public publishing. These unlearnable samples
effectively misguide model training to learn perturbation features but ignore
image semantic features. We make the in-depth analysis and observe that models
can learn both image features and perturbation features of unlearnable samples
at an early stage, but rapidly go to the overfitting stage since the shallow
layers tend to overfit on perturbation features and make models fall into
overfitting quickly. Based on the observations, we propose Progressive Staged
Training to effectively prevent models from overfitting in learning
perturbation features. We evaluated our method on multiple model architectures
over diverse datasets, e.g., CIFAR-10, CIFAR-100, and ImageNet-mini. Our method
circumvents the unlearnability of all state-of-the-art methods in the
literature and provides a reliable baseline for further evaluation of
unlearnable techniques
Effects of different dietary ratio of metabolizable glucose and metabolizable protein on growth performance, rumen fermentation, blood biochemical indices and ruminal microbiota of 8 to 10-month-old dairy heifers
Objective The aim of this experiment was to evaluate the effects of different dietary ratio of metabolizable glucose (MG) to metabolizable protein (MP) on growth performance, blood metabolites, rumen fermentation parameters and the ruminal microbial community of 8 to 10-month-old heifers. Methods A total of 24 Holstein heifers weighing an average of 282.90 kg (8 month of age) were randomly assigned to four groups of six. The heifers were fed one of four diets of different dietary MG/MP (0.97, 1.07, 1.13, and 1.26). Results The results showed that the ratio of MG/MP affected the growth performance, blood metabolites, rumen fermentation parameters and the ruminal microbial community of heifers. The average daily gain of heifers was enhanced by increasing the ratio of MG/MP (p<0.05). The concentration of blood urea nitrogen, cholesterol, and low density lipoprotein cholesterol as well as the concentration of total volatile fatty acid in the rumen fluid of heifers decreased with the improvement in the ratio of dietary MG/MP (p<0.05). However, the relative amount of Ruminococcus albus and Butyrivibrio fibrisolvens in the rumen of heifers was increased significantly (p<0.05) when the dietary MG/MP increased. At the same time, with the improvement in dietary MG/MP, the amount of Fibrobacter succinogenes increased (p = 0.08). Conclusion A diet with an optimal ratio (1.13) of MG/MP was beneficial for the improvement of growth, rumen fermentation, dietary protein and energy utilization of 8 to 10-month-old dairy heifers in this experiment
Potential molecular and cellular mechanisms of the effects of cuproptosis-related genes in the cardiomyocytes of patients with diabetic heart failure: a bioinformatics analysis
BackgroundDiabetes mellitus is an independent risk factor for heart failure, and diabetes-induced heart failure severely affects patients’ health and quality of life. Cuproptosis is a newly defined type of programmed cell death that is thought to be involved in the pathogenesis and progression of cardiovascular disease, but the molecular mechanisms involved are not well understood. Therefore, we aimed to identify biomarkers associated with cuproptosis in diabetes mellitus-associated heart failure and the potential pathological mechanisms in cardiomyocytes.MaterialsCuproptosis-associated genes were identified from the previous publication. The GSE26887 dataset was downloaded from the GEO database.MethodsThe consistency clustering was performed according to the cuproptosis gene expression. Differentially expressed genes were identified using the limma package, key genes were identified using the weighted gene co-expression network analysis(WGCNA) method, and these were subjected to immune infiltration analysis, enrichment analysis, and prediction of the key associated transcription factors. Consistency clustering identified three cuproptosis clusters. The differentially expressed genes for each were identified using limma and the most critical MEantiquewhite4 module was obtained using WGCNA. We then evaluated the intersection of the MEantiquewhite4 output with the three clusters, and obtained the key genes.ResultsThere were four key genes: HSDL2, BCO2, CORIN, and SNORA80E. HSDL2, BCO2, and CORIN were negatively associated with multiple immune factors, while SNORA80E was positively associated, and T-cells accounted for a major proportion of this relationship with the immune system. Four enriched pathways were found to be associated: arachidonic acid metabolism, peroxisomes, fatty acid metabolism, and dorsoventral axis formation, which may be regulated by the transcription factor MECOM, through a change in protein structure.ConclusionHSDL2, BCO2, CORIN, and SNORA80E may regulate cardiomyocyte cuproptosis in patients with diabetes mellitus-associated heart failure through effects on the immune system. The product of the cuproptosis-associated gene LOXL2 is probably involved in myocardial fibrosis in patients with diabetes, which leads to the development of cardiac insufficiency
Discussion on the theory and technical system framework of cooperative exploration of coal and strategic metal resources in coal-bearing strata
The establishment of cooperative exploration model between coal and strategic metal resources in coal-bearing strata is the precondition for the transformation from strategic metal elements in coal-bearing strata to metal resources. The research on the basic theory and key technology of cooperative exploration of coal and strategic metal resources in coal-bearing strata is the core task of establishing cooperative exploration model. Based on the analysis of the basic characteristics of strategic metal elements in coal-bearing strata, the necessity of implementing the cooperative exploration of coal and strategic metal resources in coal-bearing strata is demonstrated. Through review on the evolution history of the concept of cooperative exploration, the relationship between comprehensive coal exploration and cooperative exploration is revealed, and considered that the cooperative exploration is the inheritance and development of comprehensive exploration, emphasizes the coordination and orderly and scientific organization in the process of comprehensive exploration of two or more mineral resources, and its core is the cooperative organization of exploration projects and cooperative implementation of key technologies. Based on the discussion on the principle of cooperative exploration of coal and strategic metal resources in coal-bearing strata, the theory and technical method system framework of cooperative exploration of coal and strategic metal resources in coal-bearing strata is put forward, which is the basis of establishing the model of cooperative exploration of coal and strategic metal resources in coal-bearing strata. The cooperative exploration of coal and strategic metal resources in coal-bearing strata should be based on the study of the enrichment and mineralization mechanism, combination types and occurrence rules of the strategic metal elements in coal-bearing strata, based on the multi-disciplinary theories of coal geology, ore deposit, geochemistry, geophysics and exploration engineering, and supported by the cooperative exploration technology system composed of key technologies such as precision drilling, fine geophysical exploration and fine geochemical exploration. Also, it should be based on the solid mineral exploration norms and other standards, follow the general principles of solid mineral resources exploration, comprehensive exploration and single mineral resource exploration, as well as the principles of research first, technical effectiveness, fine exploration, dynamic adjustment, zoning policy implementation, coordination and synchronization, and cooperate in the organization of exploration projects and implementation of key technologies, in order to achieve the balance of the best technical benefits and the best economic benefits of the cooperative exploration of coal and strategic metal resources in coal-bearing strata. On the basis of the completion of coal geological exploration tasks, it is expected to find out the geological characteristics and development geological conditions of the associated strategic metal resources, to obtain the corresponding resources or distribution characteristics of strategic metal elements, and to provide geological basis for the comprehensive development and utilization of mineral resources in coal-bearing strata. The core issues of cooperative exploration of coal and strategic metal resources in coal-bearing strata are as follows: determination of cooperative exploration objects, selection and cooperative implementation of exploration technologies, cooperative deployment of exploration projects, and scientific estimation of resources
- …