Abstract:Diffusion Models (DMs) benefit from large and diverse datasets for their training. Since this data is often scraped from the Internet without permission from the data owners, this raises concerns about copyright and intellectual property protections. While (illicit) use of data is easily detected for training samples perfectly re-created by a DM at inference time, it is much harder for data owners to verify if their data was used for training when the outputs from the suspect DM are not close replicas. Conceptually, membership inference attacks (MIAs), which detect if a given data point was used during training, present themselves as a suitable tool to address this challenge. However, we demonstrate that existing MIAs are not strong enough to reliably determine the membership of individual images in large, state-of-the-art DMs. To overcome this limitation, we propose CDI, a framework for data owners to identify whether their dataset was used to train a given DM. CDI relies on dataset inference techniques, i.e., instead of using the membership signal from a single data point, CDI leverages the fact that most data owners, such as providers of stock photography, visual media companies, or even individual artists, own datasets with multiple publicly exposed data points which might all be included in the training of a given DM. By selectively aggregating signals from existing MIAs and using new handcrafted methods to extract features for these datasets, feeding them to a scoring model, and applying rigorous statistical testing, CDI allows data owners with as little as 70 data points to identify with a confidence of more than 99% whether their data was used to train a given DM. Thereby, CDI represents a valuable tool for data owners to claim illegitimate use of their copyrighted data.

What problem does this paper attempt to address?

### What problem does this paper attempt to solve? This paper aims to solve the problem of unauthorized use of copyrighted data during the training process of diffusion models (DMs). Specifically, the paper focuses on how to identify whether a particular diffusion model has used the copyright data of the data owner during training. The background of this problem is as follows: 1. **Data sources and copyright issues**: Diffusion models usually require a large amount of high - quality and diverse data for training. These data are usually obtained through web crawling without the permission of the data owner. This has raised concerns about copyright and intellectual property protection. 2. **Limitations of existing methods**: Existing membership inference attacks (MIAs) perform poorly on large, state - of - the - art diffusion models and cannot reliably determine whether a single data point has been used for training. Therefore, it is difficult for data owners to verify whether their data has been illegally used. 3. **Needs and challenges**: Many data owners (such as companies providing stock photography, visual media companies, or individual artists) hope to verify whether multiple works of theirs have been used as training data, not just a single data point. This requires a new method to meet this challenge. To solve these problems, the paper proposes the **Copyrighted Data Identification (CDI)** framework. The main contributions of CDI are as follows: - **Proposing a new method**: CDI utilizes dataset inference techniques. By aggregating signals from multiple data points and applying strict statistical tests, it helps data owners identify whether their data has been used to train diffusion models. - **Enhancing feature extraction**: CDI not only relies on existing MIAs but also introduces new feature extraction methods to amplify signals and improve detection accuracy. - **High - confidence detection**: When the data owner has at least 70 data points, CDI can identify whether their data has been used to train the diffusion model with a confidence level of over 99%. - **Wide applicability**: CDI is applicable to various large - scale diffusion model architectures (such as LDM, DiT, U - ViT), and it remains effective when only part of the data has been used for training. In conclusion, CDI provides a reliable tool for data owners to detect and confirm whether their copyrighted data has been illegally used to train diffusion models, thereby protecting intellectual property.

CDI: Copyrighted Data Identification in Diffusion Models

Towards Black-Box Membership Inference Attack for Diffusion Models

CGI-DM: Digital Copyright Authentication for Diffusion Models via Contrasting Gradient Inversion

Towards More Realistic Membership Inference Attacks on Large Diffusion Models

DIAGNOSIS: Detecting Unauthorized Data Usages in Text-to-image Diffusion Models

Real-World Benchmarks Make Membership Inference Attacks Fail on Diffusion Models

Data Forensics in Diffusion Models: A Systematic Analysis of Membership Privacy

On the detection of synthetic images generated by diffusion models

The Stronger the Diffusion Model, the Easier the Backdoor: Data Poisoning to Induce Copyright Breaches Without Adjusting Finetuning Pipeline

Measuring the Success of Diffusion Models at Imitating Human Artists

On the Robustness of Dataset Inference

Revealing the Unseen: Guiding Personalized Diffusion Models to Expose Training Data

A Dataset and Benchmark for Copyright Protection from Text-to-Image Diffusion Models

Identity-Focused Inference and Extraction Attacks on Diffusion Models

Image Copy Detection for Diffusion Models

RLCP: A Reinforcement Learning-based Copyright Protection Method for Text-to-Image Diffusion Model

Privacy Threats in Stable Diffusion Models

CopyrightShield: Spatial Similarity Guided Backdoor Defense against Copyright Infringement in Diffusion Models

A Watermark-Conditioned Diffusion Model for IP Protection

CopyScope: Model-level Copyright Infringement Quantification in the Diffusion Workflow

The Cat and Mouse Game: The Ongoing Arms Race Between Diffusion Models and Detection Methods