DiffusionGuard: A Robust Defense Against Malicious Diffusion-based Image Editing

TL;DR

DiffusionGuard is a novel defense method that enhances robustness against malicious diffusion-based image editing, effectively protecting images from unauthorized edits even with complex masks and in realistic scenarios.

Contribution

The paper introduces a new adversarial noise generation objective and a mask-augmentation technique, significantly improving defense against diffusion-based image manipulation.

Findings

Outperforms baseline methods in robustness and efficiency.

Shows superior transferability and noise removal resilience.

Achieves stronger protection with lower computational costs.

Abstract

Recent advances in diffusion models have introduced a new era of text-guided image manipulation, enabling users to create realistic edited images with simple textual prompts. However, there is significant concern about the potential misuse of these methods, especially in creating misleading or harmful content. Although recent defense strategies, which introduce imperceptible adversarial noise to induce model failure, have shown promise, they remain ineffective against more sophisticated manipulations, such as editing with a mask. In this work, we propose DiffusionGuard, a robust and effective defense method against unauthorized edits by diffusion-based image editing models, even in challenging setups. Through a detailed analysis of these models, we introduce a novel objective that generates adversarial noise targeting the early stage of the diffusion process. This approach significantly improves the efficiency and effectiveness of adversarial noises. We also introduce a mask-augmentation technique to enhance robustness against various masks during test time. Finally, we introduce a comprehensive benchmark designed to evaluate the effectiveness and robustness of methods in protecting against privacy threats in realistic scenarios. Through extensive experiments, we show that our method achieves stronger protection and improved mask robustness with lower computational costs compared to the strongest baseline. Additionally, our method exhibits superior transferability and better resilience to noise removal techniques compared to all baseline methods. Our source code is publicly available at https://github.com/choi403/DiffusionGuard.