An h-space Based Adversarial Attack for Protection Against Few-shot Personalization

TL;DR

This paper introduces HAAD, an adversarial attack leveraging the semantic h-space of diffusion models to protect private content from unauthorized customization, with a more efficient variant HAAD-KV.

Contribution

The paper presents a novel h-space based adversarial attack, HAAD, and its efficient variant HAAD-KV, to effectively and computationally efficiently protect against diffusion model personalization.

Findings

HAAD outperforms existing adversarial attacks in protecting private content.

HAAD-KV offers similar protection with reduced computational cost.

Both methods effectively degrade image generation in diffusion models.

Abstract

The versatility of diffusion models in generating customized images from few samples raises significant privacy concerns, particularly regarding unauthorized modifications of private content. This concerning issue has renewed the efforts in developing protection mechanisms based on adversarial attacks, which generate effective perturbations to poison diffusion models. Our work is motivated by the observation that these models exhibit a high degree of abstraction within their semantic latent space (`h-space'), which encodes critical high-level features for generating coherent and meaningful content. In this paper, we propose a novel anti-customization approach, called HAAD (h-space based Adversarial Attack for Diffusion models), that leverages adversarial attacks to craft perturbations based on the h-space that can efficiently degrade the image generation process. Building upon HAAD, we further introduce a more efficient variant, HAAD-KV, that constructs perturbations solely based on the KV parameters of the h-space. This strategy offers a stronger protection, that is computationally less expensive. Despite their simplicity, our methods outperform state-of-the-art adversarial attacks, highlighting their effectiveness.