Generating Risky Samples with Conformity Constraints via Diffusion Models

TL;DR

RiskyDiff is a diffusion-based method that generates risky samples with high category conformity by using embedding constraints and scoring, improving diversity and application safety.

Contribution

The paper introduces RiskyDiff, a novel diffusion model that incorporates embedding constraints and conformity scoring to generate high-risk, category-conforming samples beyond dataset coverage.

Findings

RiskyDiff outperforms existing methods in risk level and quality.

It enhances model generalization by augmenting training data with conforming risky samples.

The approach effectively balances risk generation and category conformity.

Abstract

Although neural networks achieve promising performance in many tasks, they may still fail when encountering some examples and bring about risks to applications. To discover risky samples, previous literature attempts to search for patterns of risky samples within existing datasets or inject perturbation into them. Yet in this way the diversity of risky samples is limited by the coverage of existing datasets. To overcome this limitation, recent works adopt diffusion models to produce new risky samples beyond the coverage of existing datasets. However, these methods struggle in the conformity between generated samples and expected categories, which could introduce label noise and severely limit their effectiveness in applications. To address this issue, we propose RiskyDiff that incorporates the embeddings of both texts and images as implicit constraints of category conformity. We also design a conformity score to further explicitly strengthen the category conformity, as well as introduce the mechanisms of embedding screening and risky gradient guidance to boost the risk of generated samples. Extensive experiments reveal that RiskyDiff greatly outperforms existing methods in terms of the degree of risk, generation quality, and conformity with conditioned categories. We also empirically show the generalization ability of the models can be enhanced by augmenting training data with generated samples of high conformity.