Raising the Cost of Malicious AI-Powered Image Editing
About
We present an approach to mitigating the risks of malicious image editing posed by large diffusion models. The key idea is to immunize images so as to make them resistant to manipulation by these models. This immunization relies on injection of imperceptible adversarial perturbations designed to disrupt the operation of the targeted diffusion models, forcing them to generate unrealistic images. We provide two methods for crafting such perturbations, and then demonstrate their efficacy. Finally, we discuss a policy component necessary to make our approach fully effective and practical -- one that involves the organizations developing diffusion models, rather than individual users, to implement (and support) the immunization process.
Hadi Salman, Alaa Khaddaj, Guillaume Leclerc, Andrew Ilyas, Aleksander Madry• 2023
Related benchmarks
| Task | Dataset | Result | Rank | |
|---|---|---|---|---|
| Identity Protection | CelebA (test) | ISM75.8 | 48 | |
| Portrait Privacy Protection | SyncTalk-generated videos (test) | PSNR28.1 | 45 | |
| Identity Protection | VGG-Face (test) | FDR0.624 | 32 | |
| Face Swapping Protection | CelebA-HQ | L2 Distance0.0141 | 28 | |
| Face Swapping Protection | VGGFace2 HQ | L2 Distance0.0263 | 28 | |
| Image Immunization | InstructPix2Pix Original Prompt | PSNR17.83 | 16 | |
| Image Immunization | InstructPix2Pix (Unseen Prompts) | PSNR16.91 | 16 | |
| Image Immunization | HQ-Edit (Unseen Prompts) | PSNR (dB)9.3 | 16 | |
| Anti-customization | CelebA-HQ (test) | ISM0.25 | 16 | |
| Anti-customization | VGG-Face2 (test) | ISM29 | 16 |
Showing 10 of 62 rows