Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
157 tokens/sec
GPT-4o
43 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

The Stronger the Diffusion Model, the Easier the Backdoor: Data Poisoning to Induce Copyright Breaches Without Adjusting Finetuning Pipeline (2401.04136v2)

Published 7 Jan 2024 in cs.CR and cs.AI

Abstract: The commercialization of text-to-image diffusion models (DMs) brings forth potential copyright concerns. Despite numerous attempts to protect DMs from copyright issues, the vulnerabilities of these solutions are underexplored. In this study, we formalized the Copyright Infringement Attack on generative AI models and proposed a backdoor attack method, SilentBadDiffusion, to induce copyright infringement without requiring access to or control over training processes. Our method strategically embeds connections between pieces of copyrighted information and text references in poisoning data while carefully dispersing that information, making the poisoning data inconspicuous when integrated into a clean dataset. Our experiments show the stealth and efficacy of the poisoning data. When given specific text prompts, DMs trained with a poisoning ratio of 0.20% can produce copyrighted images. Additionally, the results reveal that the more sophisticated the DMs are, the easier the success of the attack becomes. These findings underline potential pitfalls in the prevailing copyright protection strategies and underscore the necessity for increased scrutiny to prevent the misuse of DMs.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (54)
  1. Sscd copy detection. https://github.com/facebookresearch/sscd-copy-detection, 2023. Accessed: [insert date of access here].
  2. Stable diffusion inpainting. https://huggingface.co/runwayml/stable-diffusion-inpainting, 2023. Accessed: [insert date of access here].
  3. Training text-to-image models. https://huggingface.co/docs/diffusers/training/text2image, 2023. Accessed: [insert date of access here].
  4. Cold diffusion: Inverting arbitrary image transforms without noise. In ArXiv, 2022.
  5. Analytic-dpm: an analytic estimate of the optimal reverse variance in diffusion probabilistic models. In The Tenth International Conference on Learning Representations, ICLR 2022, Virtual Event, April 25-29, 2022. OpenReview.net, 2022.
  6. When is memorization of irrelevant training data necessary for high-accuracy learning? In Proceedings of the 53rd annual ACM SIGACT symposium on theory of computing, pages 123–132, 2021.
  7. Extracting training data from diffusion models. ArXiv preprint, abs/2301.13188, 2023.
  8. Poisoning web-scale training datasets is practical. arXiv preprint arXiv:2302.10149, 2023.
  9. Emerging properties in self-supervised vision transformers. In 2021 IEEE/CVF International Conference on Computer Vision, ICCV 2021, Montreal, QC, Canada, October 10-17, 2021, pages 9630–9640. IEEE, 2021.
  10. Trojdiff: Trojan attacks on diffusion models with diverse targets. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pages 4035–4044, 2023.
  11. How to backdoor diffusion models? In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pages 4015–4024, 2023.
  12. Diffusionshield: A watermark for copyright protection against generative diffusion models. ArXiv preprint, abs/2306.04642, 2023.
  13. Soft diffusion: Score matching for general corruptions. In ArXiv, 2022.
  14. Diffusion models beat gans on image synthesis. In Marc’Aurelio Ranzato, Alina Beygelzimer, Yann N. Dauphin, Percy Liang, and Jennifer Wortman Vaughan, editors, Advances in Neural Information Processing Systems 34: Annual Conference on Neural Information Processing Systems 2021, NeurIPS 2021, December 6-14, 2021, virtual, pages 8780–8794, 2021.
  15. Erasing concepts from diffusion models. In Proceedings of the 2023 IEEE International Conference on Computer Vision, 2023.
  16. Badnets: Identifying vulnerabilities in the machine learning model supply chain. In ArXiv, 2017.
  17. Denoising diffusion probabilistic models. In Hugo Larochelle, Marc’Aurelio Ranzato, Raia Hadsell, Maria-Florina Balcan, and Hsuan-Tien Lin, editors, Advances in Neural Information Processing Systems 33: Annual Conference on Neural Information Processing Systems 2020, NeurIPS 2020, December 6-12, 2020, virtual, 2020.
  18. Cascaded diffusion models for high fidelity image generation. J. Mach. Learn. Res., 23:47:1–47:33, 2022.
  19. JohnTeddy3. Midjourney-v5 dataset. https://huggingface.co/datasets/JohnTeddy3/midjourney-v5-202304, 2023. Accessed: 2023-11-14.
  20. Generalization in diffusion models arises from geometry-adaptive harmonic representation, 2023.
  21. How does information bottleneck help deep learning? arXiv preprint arXiv:2305.18887, 2023.
  22. Segment anything, 2023.
  23. Ablating concepts in text-to-image diffusion models. In Proceedings of the 2023 IEEE International Conference on Computer Vision, 2023.
  24. Human-like systematic generalization through a meta-learning neural network. Nature, pages 1–7, 2023.
  25. Holistic evaluation of language models. arXiv preprint arXiv:2211.09110, 2022.
  26. Grounding dino: Marrying dino with grounded pre-training for open-set object detection. ArXiv preprint, abs/2303.05499, 2023.
  27. Decoupled weight decay regularization. In 7th International Conference on Learning Representations, ICLR 2019, New Orleans, LA, USA, May 6-9, 2019. OpenReview.net, 2019.
  28. Umap: Uniform manifold approximation and projection for dimension reduction. arXiv preprint arXiv:1802.03426, 2018.
  29. GLIDE: towards photorealistic image generation and editing with text-guided diffusion models. In Kamalika Chaudhuri, Stefanie Jegelka, Le Song, Csaba Szepesvári, Gang Niu, and Sivan Sabato, editors, International Conference on Machine Learning, ICML 2022, 17-23 July 2022, Baltimore, Maryland, USA, volume 162 of Proceedings of Machine Learning Research, pages 16784–16804. PMLR, 2022.
  30. OpenAI. Gpt-4 technical report, 2023.
  31. Substantial Similarity in Copyright Law. Practising Law Institute, 2003.
  32. Justin N. M. Pinkney. Pokemon blip captions. https://huggingface.co/datasets/lambdalabs/pokemon-blip-captions/, 2022.
  33. A self-supervised descriptor for image copy detection. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pages 14532–14542, 2022.
  34. Learning transferable visual models from natural language supervision. In Marina Meila and Tong Zhang, editors, Proceedings of the 38th International Conference on Machine Learning, ICML 2021, 18-24 July 2021, Virtual Event, volume 139 of Proceedings of Machine Learning Research, pages 8748–8763. PMLR, 2021.
  35. Hierarchical text-conditional image generation with clip latents. In ArXiv, 2022.
  36. Recent trends in image watermarking techniques for copyright protection: a survey. International Journal of Multimedia Information Retrieval, 9, 2020.
  37. High-resolution image synthesis with latent diffusion models. In CVPR, 2021.
  38. High-resolution image synthesis with latent diffusion models. In CVPR, 2022.
  39. Photorealistic text-to-image diffusion models with deep language understanding. In ArXiv, 2022.
  40. Laion-5b: An open large-scale dataset for training next generation image-text models. Advances in Neural Information Processing Systems, 35:25278–25294, 2022.
  41. Deep unsupervised learning using nonequilibrium thermodynamics. In Francis R. Bach and David M. Blei, editors, Proceedings of the 32nd International Conference on Machine Learning, ICML 2015, Lille, France, 6-11 July 2015, volume 37 of JMLR Workshop and Conference Proceedings, pages 2256–2265. JMLR.org, 2015.
  42. Diffusion art or digital forgery? investigating data replication in diffusion models. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pages 6048–6058, 2023.
  43. Understanding and mitigating copying in diffusion models. ArXiv preprint, abs/2305.20086, 2023.
  44. Denoising diffusion implicit models. In 9th International Conference on Learning Representations, ICLR 2021, Virtual Event, Austria, May 3-7, 2021. OpenReview.net, 2021.
  45. Generative modeling by estimating gradients of the data distribution. In Hanna M. Wallach, Hugo Larochelle, Alina Beygelzimer, Florence d’Alché-Buc, Emily B. Fox, and Roman Garnett, editors, Advances in Neural Information Processing Systems 32: Annual Conference on Neural Information Processing Systems 2019, NeurIPS 2019, December 8-14, 2019, Vancouver, BC, Canada, pages 11895–11907, 2019.
  46. Improved techniques for training score-based generative models. In Hugo Larochelle, Marc’Aurelio Ranzato, Raia Hadsell, Maria-Florina Balcan, and Hsuan-Tien Lin, editors, Advances in Neural Information Processing Systems 33: Annual Conference on Neural Information Processing Systems 2020, NeurIPS 2020, December 6-12, 2020, virtual, 2020.
  47. Score-based generative modeling through stochastic differential equations. In 9th International Conference on Learning Representations, ICLR 2021, Virtual Event, Austria, May 3-7, 2021. OpenReview.net, 2021.
  48. Rickrolling the artist: Injecting invisible backdoors into text-guided image generation models. In ArXiv, 2022.
  49. James Vincent. AI art tools stable diffusion and Midjourney targeted with copyright lawsuit, 2023.
  50. Provable copyright protection for generative models. In International Conference on Machine Learning (ICML), 2023.
  51. Kyle Wiggers. Openai unveils dall-e 3, allows artists to opt out of training, 2023. Accessed: 2023-09-27.
  52. Text-to-image diffusion models can be easily backdoored through multimodal data poisoning, 2023.
  53. Forget-me-not: Learning to forget in text-to-image diffusion models. ArXiv preprint, abs/2303.17591, 2023.
  54. A recipe for watermarking diffusion models. ArXiv preprint, abs/2303.10137, 2023.
Citations (11)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets