BlackMirror: Black-Box Backdoor Detection for Text-to-Image Models via Instruction-Response Deviation

TL;DR

BlackMirror is a training-free, plug-and-play framework that detects backdoored text-to-image models by analyzing semantic deviations in generated images across varied prompts, effectively identifying diverse backdoor attacks.

Contribution

The paper introduces BlackMirror, a novel black-box detection framework that generalizes to diverse backdoor attacks by analyzing semantic pattern deviations without training.

Findings

BlackMirror achieves high detection accuracy across various backdoor attacks.

It effectively identifies backdoors even when generated images are visually diverse.

The framework is applicable in real-world Model-as-a-Service settings.

Abstract

This paper investigates the challenging task of detecting backdoored text-to-image models under black-box settings and introduces a novel detection framework BlackMirror. Existing approaches typically rely on analyzing image-level similarity, under the assumption that backdoor-triggered generations exhibit strong consistency across samples. However, they struggle to generalize to recently emerging backdoor attacks, where backdoored generations can appear visually diverse. BlackMirror is motivated by an observation: across backdoor attacks, {only partial semantic patterns within the generated image are steadily manipulated, while the rest of the content remains diverse or benign. Accordingly, BlackMirror consists of two components: MirrorMatch, which aligns visual patterns with the corresponding instructions to detect semantic deviations; and MirrorVerify, which evaluates the stability of these deviations across varied prompts to distinguish true backdoor behavior from benign responses. BlackMirror is a general, training-free framework that can be deployed as a plug-and-play module in Model-as-a-Service (MaaS) applications. Comprehensive experiments demonstrate that BlackMirror achieves accurate detection across a wide range of attacks. Code is available at https://github.com/Ferry-Li/BlackMirror.