High-Frequency Anti-DreamBooth: Robust Defense against Personalized Image Synthesis
Takuto Onikubo, Yusuke Matsui
TL;DR
This paper introduces a high-frequency perturbation method that enhances the robustness of adversarial images against purification techniques, effectively preventing malicious image synthesis.
Contribution
It proposes a novel high-frequency adversarial attack that remains effective despite purification defenses, improving protection against unauthorized image generation.
Findings
High-frequency perturbations resist adversarial purification.
Adversarial images successfully hinder malicious image synthesis.
Method outperforms previous adversarial noise approaches.
Abstract
Recently, text-to-image generative models have been misused to create unauthorized malicious images of individuals, posing a growing social problem. Previous solutions, such as Anti-DreamBooth, add adversarial noise to images to protect them from being used as training data for malicious generation. However, we found that the adversarial noise can be removed by adversarial purification methods such as DiffPure. Therefore, we propose a new adversarial attack method that adds strong perturbation on the high-frequency areas of images to make it more robust to adversarial purification. Our experiment showed that the adversarial images retained noise even after adversarial purification, hindering malicious image generation.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsComputer Graphics and Visualization Techniques · Generative Adversarial Networks and Image Synthesis · Advanced Image Processing Techniques