Asymmetric Bias in Text-to-Image Generation with Adversarial Attacks
It addresses safety concerns for users of text-to-image generation by revealing vulnerabilities, but the study is incremental as it builds on existing adversarial attack research.
This paper investigates adversarial attacks on text-to-image models, finding that attack success rates are asymmetric, with some entity swaps achieving 60% success while others drop below 5%.
The widespread use of Text-to-Image (T2I) models in content generation requires careful examination of their safety, including their robustness to adversarial attacks. Despite extensive research on adversarial attacks, the reasons for their effectiveness remain underexplored. This paper presents an empirical study on adversarial attacks against T2I models, focusing on analyzing factors associated with attack success rates (ASR). We introduce a new attack objective - entity swapping using adversarial suffixes and two gradient-based attack algorithms. Human and automatic evaluations reveal the asymmetric nature of ASRs on entity swap: for example, it is easier to replace "human" with "robot" in the prompt "a human dancing in the rain." with an adversarial suffix, but the reverse replacement is significantly harder. We further propose probing metrics to establish indicative signals from the model's beliefs to the adversarial ASR. We identify conditions that result in a success probability of 60% for adversarial attacks and others where this likelihood drops below 5%.