MMA-Diffusion: MultiModal Attack on Diffusion Models
About
In recent years, Text-to-Image (T2I) models have seen remarkable advancements, gaining widespread adoption. However, this progress has inadvertently opened avenues for potential misuse, particularly in generating inappropriate or Not-Safe-For-Work (NSFW) content. Our work introduces MMA-Diffusion, a framework that presents a significant and realistic threat to the security of T2I models by effectively circumventing current defensive measures in both open-source models and commercial online services. Unlike previous approaches, MMA-Diffusion leverages both textual and visual modalities to bypass safeguards like prompt filters and post-hoc safety checkers, thus exposing and highlighting the vulnerabilities in existing defense mechanisms.
Yijun Yang, Ruiyuan Gao, Xiaosen Wang, Tsung-Yi Ho, Nan Xu, Qiang Xu• 2023
Related benchmarks
| Task | Dataset | Result | Rank | |
|---|---|---|---|---|
| Textual Modal Attack | LAION-COCO subset, UnsafeDiff, and I2P NSFW prompts (test) | Q16 ASR (Step 4)84.9 | 15 | |
| Adversarial Attack | DALL·E 3 commercial (test) | BR0.33 | 7 | |
| Adversarial NSFW Image Generation | MHSC (test) | ASR-2549.57 | 5 | |
| Adversarial NSFW Image Generation | SC (test) | ASR-2570 | 5 | |
| Adversarial NSFW Image Generation | Average (Q16, MHSC, SC) calculated (test) | ASR-2559.66 | 5 | |
| Adversarial NSFW Image Generation | Q16 (test) | ASR-2559.4 | 5 | |
| Black-box NSFW Filter Attack | UnsafeDiff (test) | Adult Bypass Rate22 | 2 | |
| Safety Filter Bypass | MMA-Diffusion | NSFW-TC6.2 | 1 |
Showing 8 of 8 rows