17 research outputs found
Are Diffusion Models Vulnerable to Membership Inference Attacks?
Diffusion-based generative models have shown great potential for image
synthesis, but there is a lack of research on the security and privacy risks
they may pose. In this paper, we investigate the vulnerability of diffusion
models to Membership Inference Attacks (MIAs), a common privacy concern. Our
results indicate that existing MIAs designed for GANs or VAE are largely
ineffective on diffusion models, either due to inapplicable scenarios (e.g.,
requiring the discriminator of GANs) or inappropriate assumptions (e.g., closer
distances between synthetic samples and member samples). To address this gap,
we propose Step-wise Error Comparing Membership Inference (SecMI), a
query-based MIA that infers memberships by assessing the matching of forward
process posterior estimation at each timestep. SecMI follows the common
overfitting assumption in MIA where member samples normally have smaller
estimation errors, compared with hold-out samples. We consider both the
standard diffusion models, e.g., DDPM, and the text-to-image diffusion models,
e.g., Latent Diffusion Models and Stable Diffusion. Experimental results
demonstrate that our methods precisely infer the membership with high
confidence on both of the two scenarios across multiple different datasets.
Code is available at https://github.com/jinhaoduan/SecMI.Comment: To appear in ICML 202
Semantic Adversarial Attacks via Diffusion Models
Traditional adversarial attacks concentrate on manipulating clean examples in
the pixel space by adding adversarial perturbations. By contrast, semantic
adversarial attacks focus on changing semantic attributes of clean examples,
such as color, context, and features, which are more feasible in the real
world. In this paper, we propose a framework to quickly generate a semantic
adversarial attack by leveraging recent diffusion models since semantic
information is included in the latent space of well-trained diffusion models.
Then there are two variants of this framework: 1) the Semantic Transformation
(ST) approach fine-tunes the latent space of the generated image and/or the
diffusion model itself; 2) the Latent Masking (LM) approach masks the latent
space with another target image and local backpropagation-based interpretation
methods. Additionally, the ST approach can be applied in either white-box or
black-box settings. Extensive experiments are conducted on CelebA-HQ and AFHQ
datasets, and our framework demonstrates great fidelity, generalizability, and
transferability compared to other baselines. Our approaches achieve
approximately 100% attack success rate in multiple settings with the best FID
as 36.61. Code is available at
https://github.com/steven202/semantic_adv_via_dm.Comment: To appear in BMVC 202
An Efficient Membership Inference Attack for the Diffusion Model by Proximal Initialization
Recently, diffusion models have achieved remarkable success in generating
tasks, including image and audio generation. However, like other generative
models, diffusion models are prone to privacy issues. In this paper, we propose
an efficient query-based membership inference attack (MIA), namely Proximal
Initialization Attack (PIA), which utilizes groundtruth trajectory obtained by
initialized in and predicted point to infer memberships.
Experimental results indicate that the proposed method can achieve competitive
performance with only two queries on both discrete-time and continuous-time
diffusion models. Moreover, previous works on the privacy of diffusion models
have focused on vision tasks without considering audio tasks. Therefore, we
also explore the robustness of diffusion models to MIA in the text-to-speech
(TTS) task, which is an audio generation task. To the best of our knowledge,
this work is the first to study the robustness of diffusion models to MIA in
the TTS task. Experimental results indicate that models with mel-spectrogram
(image-like) output are vulnerable to MIA, while models with audio output are
relatively robust to MIA. {Code is available at
\url{https://github.com/kong13661/PIA}}
Shifting Attention to Relevance: Towards the Uncertainty Estimation of Large Language Models
Although Large Language Models (LLMs) have shown great potential in Natural
Language Generation, it is still challenging to characterize the uncertainty of
model generations, i.e., when users could trust model outputs. Our research is
derived from the heuristic facts that tokens are created unequally in
reflecting the meaning of generations by auto-regressive LLMs, i.e., some
tokens are more relevant (or representative) than others, yet all the tokens
are equally valued when estimating uncertainty. It is because of the linguistic
redundancy where mostly a few keywords are sufficient to convey the meaning of
a long sentence. We name these inequalities as generative inequalities and
investigate how they affect uncertainty estimation. Our results reveal that
considerable tokens and sentences containing limited semantics are weighted
equally or even heavily when estimating uncertainty. To tackle these biases
posed by generative inequalities, we propose to jointly Shifting Attention to
more Relevant (SAR) components from both the token level and the sentence level
while estimating uncertainty. We conduct experiments over popular
"off-the-shelf" LLMs (e.g., OPT, LLaMA) with model sizes up to 30B and powerful
commercial LLMs (e.g., Davinci from OpenAI), across various free-form
question-answering tasks. Experimental results and detailed demographic
analysis indicate the superior performance of SAR. Code is available at
https://github.com/jinhaoduan/shifting-attention-to-relevance
RBFormer: Improve Adversarial Robustness of Transformer by Robust Bias
Recently, there has been a surge of interest and attention in
Transformer-based structures, such as Vision Transformer (ViT) and Vision
Multilayer Perceptron (VMLP). Compared with the previous convolution-based
structures, the Transformer-based structure under investigation showcases a
comparable or superior performance under its distinctive attention-based input
token mixer strategy. Introducing adversarial examples as a robustness
consideration has had a profound and detrimental impact on the performance of
well-established convolution-based structures. This inherent vulnerability to
adversarial attacks has also been demonstrated in Transformer-based structures.
In this paper, our emphasis lies on investigating the intrinsic robustness of
the structure rather than introducing novel defense measures against
adversarial attacks. To address the susceptibility to robustness issues, we
employ a rational structure design approach to mitigate such vulnerabilities.
Specifically, we enhance the adversarial robustness of the structure by
increasing the proportion of high-frequency structural robust biases. As a
result, we introduce a novel structure called Robust Bias Transformer-based
Structure (RBFormer) that shows robust superiority compared to several existing
baseline structures. Through a series of extensive experiments, RBFormer
outperforms the original structures by a significant margin, achieving an
impressive improvement of +16.12% and +5.04% across different evaluation
criteria on CIFAR-10 and ImageNet-1k, respectively.Comment: BMVC 202
Unlearnable Examples for Diffusion Models: Protect Data from Unauthorized Exploitation
Diffusion models have demonstrated remarkable performance in image generation
tasks, paving the way for powerful AIGC applications. However, these
widely-used generative models can also raise security and privacy concerns,
such as copyright infringement, and sensitive data leakage. To tackle these
issues, we propose a method, Unlearnable Diffusion Perturbation, to safeguard
images from unauthorized exploitation. Our approach involves designing an
algorithm to generate sample-wise perturbation noise for each image to be
protected. This imperceptible protective noise makes the data almost
unlearnable for diffusion models, i.e., diffusion models trained or fine-tuned
on the protected data cannot generate high-quality and diverse images related
to the protected training data. Theoretically, we frame this as a max-min
optimization problem and introduce EUDP, a noise scheduler-based method to
enhance the effectiveness of the protective noise. We evaluate our methods on
both Denoising Diffusion Probabilistic Model and Latent Diffusion Models,
demonstrating that training diffusion models on the protected data lead to a
significant reduction in the quality of the generated images. Especially, the
experimental results on Stable Diffusion demonstrate that our method
effectively safeguards images from being used to train Diffusion Models in
various tasks, such as training specific objects and styles. This achievement
holds significant importance in real-world scenarios, as it contributes to the
protection of privacy and copyright against AI-generated content
Flew Over Learning Trap: Learn Unlearnable Samples by Progressive Staged Training
Unlearning techniques are proposed to prevent third parties from exploiting
unauthorized data, which generate unlearnable samples by adding imperceptible
perturbations to data for public publishing. These unlearnable samples
effectively misguide model training to learn perturbation features but ignore
image semantic features. We make the in-depth analysis and observe that models
can learn both image features and perturbation features of unlearnable samples
at an early stage, but rapidly go to the overfitting stage since the shallow
layers tend to overfit on perturbation features and make models fall into
overfitting quickly. Based on the observations, we propose Progressive Staged
Training to effectively prevent models from overfitting in learning
perturbation features. We evaluated our method on multiple model architectures
over diverse datasets, e.g., CIFAR-10, CIFAR-100, and ImageNet-mini. Our method
circumvents the unlearnability of all state-of-the-art methods in the
literature and provides a reliable baseline for further evaluation of
unlearnable techniques
Recent Progress Regarding Materials and Structures of Triboelectric Nanogenerators for AR and VR
With the continuous advancement in technology, electronic products used in augmented reality (AR) and virtual reality (VR) have gradually entered the public eye. As a result, the power supplies of these electronic devices have attracted more attention from scientists. Compared to traditional power sources, triboelectric nanogenerators (TENGs) are gradually being used for energy harvesting in self-powered sensing technology such as wearable flexible electronics, including AR and VR devices due to their small size, high conversion efficiency, and low energy consumption. As a result, TENGs are the most popular power supplies for AR and VR products. This article first summarizes the working mode and basic theory of TENGs, then reviews the TENG modules used in AR and VR devices, and finally summarizes the material selection and design methods used for TENG preparation. The friction layer of the TENG can be made of a variety of materials such as polymers, metals, and inorganic materials, and among these, polytetrafluoroethylene (PTFE) and polydimethylsiloxane (PDMS) are the most popular materials. To improve TENG performance, the friction layer material must be suitable. Therefore, for different application scenarios, the design methods of the TENG play an important role in its performance, and a reasonable selection of preparation materials and design methods can greatly improve the work efficiency of the TENG. Lastly, we summarize the current research status of nanogenerators, analyze and suggest future application fields, and summarize the main points of material selection
Research for shielding effect of three-phase air-core reactors in substation by using different materials
To research the magnetic field interference on cables nearby three-phase air-core reactors and the shielding effect of different materials, this study analysed the influence on spatial magnetic field by using high-conductivity materials and high permeability materials after the basis of three-dimensional electromagnetic simulation model, and analysed the causes. Furthermore, the induced voltage in different shielding methods is calculated and discussed by using magnetic vector potential resulted from the finite element method. From the result, to achieve a satisfying effect, the shields under three-phase reactors need connect when using high permeability. Moreover, a large number of magnetic leakages on the edge of shield can aggravate the magnetic field interference in surrounding areas. Therefore, the distribution of onsite cables in substation need to be considerate when using high permeability
Design and Process Planning of Non-Structured Surface Spray Equipment for Ultra-Large Spaces in Ship Section Manufacturing
Sandblasting and coating constitute a critical phase in ship manufacturing, a process currently predominantly reliant on manual labor. To enhance the efficiency and quality of the coating process for shipbuilding segments, to address the challenges shipbuilding companies face in labor recruitment and shortage, and to simultaneously elevate the level of intelligent manufacturing for ship segment coating, this research investigates equipment suitable for large-scale, non-structural surface coating in shipbuilding segments, considering the unique features of ship segments and the customary techniques employed by shipbuilding companies. The structure, size parameters, and principal components of the coating equipment are determined. Regular workspace with high performance is designated and the coating process is planned based on the working environment and the curvature characteristics of the surface to be coated. The results demonstrate that the proposed coating equipment improved efficiency by 300% compared to manual painting, providing a novel automated solution for the coating of ship segments