Diffusion-based generative models have shown great potential for image synthesis, but there is a lack of research on the security and privacy risks they may pose. In this paper, we investigate the vulnerability of diffusion models to Membership Inference Attacks (MIAs), a common privacy concern. Our results indicate that existing MIAs designed for GANs or VAE are largely ineffective on diffusion models, either due to inapplicable scenarios (e.g., requiring the discriminator of GANs) or inappropriate assumptions (e.g., closer distances between synthetic images and member images). To address this gap, we propose Step-wise Error Comparing Membership Inference (SecMI), a black-box MIA that infers memberships by assessing the matching of forward process posterior estimation at each timestep. SecMI follows the common overfitting assumption in MIA where member samples normally have smaller estimation errors, compared with hold-out samples. We consider both the standard diffusion models, e.g., DDPM, and the text-to-image diffusion models, e.g., Stable Diffusion. Experimental results demonstrate that our methods precisely infer the membership with high confidence on both of the two scenarios across six different datasets 中文翻译： 基于扩散的生成模型在图像合成方面显示出巨大潜力，但缺乏对其可能带来的安全和隐私风险的研究。在本文中，我们研究了扩散模型对成员推理攻击 (MIA) 的脆弱性，这是一种常见的隐私问题。我们的结果表明，现有的为 GAN 或 VAE 设计的 MIA 在扩散模型上基本上是无效的，这要么是由于不适用的场景（例如，需要 GAN 的鉴别器），要么是由于不适当的假设（例如，合成图像和成员图像之间的距离更近）。为了解决这一差距，我们提出了逐步误差比较成员推断 (SecMI)，这是一种黑盒 MIA，通过评估每个时间步的前向过程后验估计的匹配来推断成员。SecMI 遵循 MIA 中常见的过度拟合假设，其中成员样本通常具有比 hold-out 样本更小的估计误差。我们同时考虑标准扩散模型（例如 DDPM）和文本到图像扩散模型（例如稳定扩散）。实验结果表明，我们的方法可以在六个不同数据集的两种场景中以高置信度准确地推断成员资格