Papers
Topics
Authors
Recent
Assistant
AI Research Assistant
Well-researched responses based on relevant abstracts and paper content.
Custom Instructions Pro
Preferences or requirements that you'd like Emergent Mind to consider when generating responses.
Gemini 2.5 Flash
Gemini 2.5 Flash 154 tok/s
Gemini 2.5 Pro 44 tok/s Pro
GPT-5 Medium 33 tok/s Pro
GPT-5 High 27 tok/s Pro
GPT-4o 110 tok/s Pro
Kimi K2 191 tok/s Pro
GPT OSS 120B 450 tok/s Pro
Claude Sonnet 4.5 38 tok/s Pro
2000 character limit reached

One Prompt to Verify Your Models: Black-Box Text-to-Image Models Verification via Non-Transferable Adversarial Attacks (2410.22725v4)

Published 30 Oct 2024 in cs.CV and cs.CR

Abstract: Recently, various types of Text-to-Image (T2I) models have emerged (such as DALL-E and Stable Diffusion), and showing their advantages in different aspects. Therefore, some third-party service platforms collect different model interfaces and provide cheaper API services and more flexibility in T2I model selections. However, this also raises a new security concern: Are these third-party services truly offering the models they claim? To answer this question, we first define the concept of T2I model verification, which aims to determine whether a black-box target model is identical to a given white-box reference T2I model. After that, we propose VerifyPrompt, which performs T2I model verification through a special designed verify prompt. Intuitionally, the verify prompt is an adversarial prompt for the target model without transferability for other models. It makes the target model generate a specific image while making other models produce entirely different images. Specifically, VerifyPrompt utilizes the Non-dominated Sorting Genetic Algorithm II (NSGA-II) to optimize the cosine similarity of a prompt's text encoding, generating verify prompts. Finally, by computing the CLIP-text similarity scores between the prompts the generated images, VerifyPrompt can determine whether the target model aligns with the reference model. Experimental results demonstrate that VerifyPrompt consistently achieves over 90\% accuracy across various T2I models, confirming its effectiveness in practical model platforms (such as Hugging Face).

Definition Search Book Streamline Icon: https://streamlinehq.com
References (33)
  1. Awportrait-fl. https://huggingface.co/Shakker-Labs/AWPortrait-FL.
  2. Dall-mini. https://huggingface.co/spaces/dalle-mini/dalle-mini.
  3. Flux.1. https://huggingface.co/black-forest-labs/FLUX.1-dev.
  4. Playground v2. https://huggingface.co/playgroundai/playground-v2-1024px-aesthetic.
  5. Playground v2.5. https://huggingface.co/playgroundai/playground-v2.5-1024px-aesthetic.
  6. Prompthero openjourney. https://huggingface.co/prompthero/openjourney.
  7. Sdxl. https://huggingface.co/docs/diffusers/en/using-diffusers/sdxl.
  8. Stable diffusion v1.4. https://huggingface.co/CompVis/stable-diffusion-v1-4.
  9. Stable diffusion v2.1. https://huggingface.co/stabilityai/stable-diffusion-2-1.
  10. Stable diffusion v3. https://huggingface.co/stabilityai/stable-diffusion-3-medium.
  11. Gpt-4 technical report. arXiv preprint arXiv:2303.08774, 2023.
  12. Stable video diffusion: Scaling latent video diffusion models to large datasets. arXiv preprint arXiv:2311.15127, 2023.
  13. Towards evaluating the robustness of neural networks. In IEEE Symposium on Security and Privacy, 2017.
  14. Zoo: Zeroth order optimization based black-box attacks to deep neural networks without training substitute models. arXiv: Machine Learning, abs/1708.03999:15–26, 2017.
  15. A fast and elitist multiobjective genetic algorithm: Nsga-ii. In Parallel Problem Solving from Nature, 2002.
  16. Gpt-3: Its nature, scope, limits, and consequences. Minds and Machines, 30:681–694, 2020.
  17. Denoising diffusion probabilistic models. Advances in neural information processing systems, 33:6840–6851, 2020.
  18. The survey: Text generation models in deep learning. Journal of King Saud University-Computer and Information Sciences, 34(6):2515–2528, 2022.
  19. Character as pixels: A controllable prompt adversarial attacking framework for black-box text guided image generation models. In IJCAI, pages 983–990, 2023.
  20. Hunyuan-dit: A powerful multi-resolution diffusion transformer with fine-grained chinese understanding, 2024.
  21. Riatig: Reliable and imperceptible adversarial text-to-image generation with natural prompts. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pages 20585–20594, 2023.
  22. Towards deep learning models resistant to adversarial attacks. In International Conference on Learning Representations, 2017.
  23. Llmmap: Fingerprinting for large language models. arXiv preprint arXiv:2407.15847, 2024.
  24. Hierarchical text-conditional image generation with clip latents. arXivorg, abs/2204.06125, 2022.
  25. Zero-shot text-to-image generation. In International conference on machine learning, pages 8821–8831. Pmlr, 2021.
  26. Hyper-sd: Trajectory segmented consistency model for efficient image synthesis, 2024.
  27. The 20 questions game to distinguish large language models. arXiv preprint arXiv:2409.10338, 2024.
  28. High-resolution image synthesis with latent diffusion models. Proceedings - IEEE Computer Society Conference on Computer Vision and Pattern Recognition, 2022.
  29. Asymmetric bias in text-to-image generation with adversarial attacks. arXiv preprint arXiv:2312.14440, 2023.
  30. Intriguing properties of neural networks. Computing Research Repository, abs/1312.6199, 2013.
  31. Llama: Open and efficient foundation language models. arXiv preprint arXiv:2302.13971, 2023.
  32. Adding conditional control to text-to-image diffusion models. In Proceedings of the IEEE/CVF International Conference on Computer Vision, pages 3836–3847, 2023.
  33. A pilot study of query-free adversarial attack against stable diffusion. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pages 2385–2392, 2023.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
Dice Question Streamline Icon: https://streamlinehq.com

Open Questions

We haven't generated a list of open questions mentioned in this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now
Lightbulb Streamline Icon: https://streamlinehq.com

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now
List To Do Tasks Checklist Streamline Icon: https://streamlinehq.com

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets

This paper has been mentioned in 1 tweet and received 0 likes.

Upgrade to Pro to view all of the tweets about this paper:

Start a free 7-day Pro trial