Exploring the Adversarial Robustness of CLIP for AI-generated Image   Detection

Vincenzo De Rosa; Fabrizio Guillaro; Giovanni Poggi; Davide; Cozzolino; Luisa Verdoliva

arXiv:2407.19553·cs.CV·October 24, 2024·1 cites

Exploring the Adversarial Robustness of CLIP for AI-generated Image Detection

Vincenzo De Rosa, Fabrizio Guillaro, Giovanni Poggi, Davide, Cozzolino, Luisa Verdoliva

PDF

Open Access

TL;DR

This paper investigates the adversarial robustness of CLIP-based AI-generated image detectors, comparing them with CNN-based methods, and finds that while both are vulnerable to white-box attacks, their attack patterns differ significantly.

Contribution

It provides the first comprehensive analysis of CLIP-based detectors' robustness against adversarial attacks, highlighting differences from CNN-based detectors and offering insights for improving forensic detection methods.

Findings

01

CLIP-based detectors are vulnerable to white-box attacks.

02

Adversarial noise patterns differ in frequency domain between CLIP and CNN detectors.

03

Attacks do not transfer easily between CLIP and CNN-based methods.

Abstract

In recent years, many forensic detectors have been proposed to detect AI-generated images and prevent their use for malicious purposes. Convolutional neural networks (CNNs) have long been the dominant architecture in this field and have been the subject of intense study. However, recently proposed Transformer-based detectors have been shown to match or even outperform CNN-based detectors, especially in terms of generalization. In this paper, we study the adversarial robustness of AI-generated image detectors, focusing on Contrastive Language-Image Pretraining (CLIP)-based methods that rely on Visual Transformer (ViT) backbones and comparing their performance with CNN-based methods. We study the robustness to different adversarial attacks under a variety of conditions and analyze both numerical results and frequency-domain patterns. CLIP-based detectors are found to be vulnerable to…

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.

Taxonomy

TopicsAdversarial Robustness in Machine Learning · Digital Media Forensic Detection

MethodsAttention Is All You Need · Label Smoothing · Adam · Linear Layer · Byte Pair Encoding · Layer Normalization · Softmax · Position-Wise Feed-Forward Layer · Dense Connections · Multi-Head Attention