CPSample: Classifier Protected Sampling for Guarding Training Data During Diffusion
Joshua Kazdan, Hao Sun, Jiaqi Han, Felix Petersen, Stefano Ermon
TL;DR
CPSample is a novel sampling method for diffusion models that prevents training data replication and enhances privacy without sacrificing image quality, by guiding generation away from training data points using a classifier.
Contribution
This work introduces CPSample, which uses classifier guidance during sampling to protect training data privacy in diffusion models without retraining the entire model.
Findings
Achieves low FID scores on CIFAR-10 and CelebA-64.
Effectively prevents exact data replication.
Enhances robustness against membership inference attacks.
Abstract
Diffusion models have a tendency to exactly replicate their training data, especially when trained on small datasets. Most prior work has sought to mitigate this problem by imposing differential privacy constraints or masking parts of the training data, resulting in a notable substantial decrease in image quality. We present CPSample, a method that modifies the sampling process to prevent training data replication while preserving image quality. CPSample utilizes a classifier that is trained to overfit on random binary labels attached to the training data. CPSample then uses classifier guidance to steer the generation process away from the set of points that can be classified with high certainty, a set that includes the training data. CPSample achieves FID scores of 4.97 and 2.97 on CIFAR-10 and CelebA-64, respectively, without producing exact replicates of the training data. Unlike…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning
MethodsSparse Evolutionary Training · Diffusion