SC-Pro: Training-Free Framework for Defending Unsafe Image Synthesis Attack

TL;DR

SC-Pro is a training-free framework that effectively defends against adversarial attacks in image synthesis models, improving safety without extensive retraining or high computational costs.

Contribution

We introduce SC-Pro, a novel training-free method for defending against adversarial NSFW image generation, and propose SC-Pro-o, an efficient one-step diffusion-based detection approach.

Findings

SC-Pro outperforms existing safety checkers in robustness against adversarial attacks.

SC-Pro-o achieves comparable detection accuracy with reduced computational resources.

Our methods demonstrate practical applicability in real-world image synthesis safety.

Abstract

With advances in diffusion models, image generation has shown significant performance improvements. This raises concerns about the potential abuse of image generation, such as the creation of explicit or violent images, commonly referred to as Not Safe For Work (NSFW) content. To address this, the Stable Diffusion model includes several safety checkers to censor initial text prompts and final output images generated from the model. However, recent research has shown that these safety checkers have vulnerabilities against adversarial attacks, allowing them to generate NSFW images. In this paper, we find that these adversarial attacks are not robust to small changes in text prompts or input latents. Based on this, we propose SC-Pro (Spherical or Circular Probing), a training-free framework that easily defends against adversarial attacks generating NSFW images. Moreover, we develop an approach that utilizes one-step diffusion models for efficient NSFW detection (SC-Pro-o), further reducing computational resources. We demonstrate the superiority of our method in terms of performance and applicability.