IDProtector: An Adversarial Noise Encoder to Protect Against ID-Preserving Image Generation

TL;DR

IDProtector is an adversarial noise encoder designed to protect portrait photos from unauthorized identity-preserving image generation methods, ensuring privacy against state-of-the-art encoder-based attacks with robustness to common image transformations.

Contribution

The paper introduces IDProtector, a novel adversarial noise method that provides universal, imperceptible protection for portraits against multiple encoder-based generation techniques.

Findings

IDProtector effectively blocks multiple state-of-the-art encoder-based methods.

It maintains robustness against JPEG compression, resizing, and affine transformations.

The approach generalizes well to unseen data and proprietary models.

Abstract

Recently, zero-shot methods like InstantID have revolutionized identity-preserving generation. Unlike multi-image finetuning approaches such as DreamBooth, these zero-shot methods leverage powerful facial encoders to extract identity information from a single portrait photo, enabling efficient identity-preserving generation through a single inference pass. However, this convenience introduces new threats to the facial identity protection. This paper aims to safeguard portrait photos from unauthorized encoder-based customization. We introduce IDProtector, an adversarial noise encoder that applies imperceptible adversarial noise to portrait photos in a single forward pass. Our approach offers universal protection for portraits against multiple state-of-the-art encoder-based methods, including InstantID, IP-Adapter, and PhotoMaker, while ensuring robustness to common image transformations such as JPEG compression, resizing, and affine transformations. Experiments across diverse portrait datasets and generative models reveal that IDProtector generalizes effectively to unseen data and even closed-source proprietary models.