Prompt-Agnostic Adversarial Perturbation for Customized Diffusion Models
This addresses privacy and copyright risks for users of customized text-to-image generation models, but it is incremental as it builds on existing adversarial defense methods.
The paper tackles the problem of protecting personal images and artworks from unauthorized replication in customized diffusion models by introducing a prompt-agnostic adversarial perturbation method, which improves defense stability and shows superior generalization in experiments on face privacy and artistic style protection.
Diffusion models have revolutionized customized text-to-image generation, allowing for efficient synthesis of photos from personal data with textual descriptions. However, these advancements bring forth risks including privacy breaches and unauthorized replication of artworks. Previous researches primarily center around using prompt-specific methods to generate adversarial examples to protect personal images, yet the effectiveness of existing methods is hindered by constrained adaptability to different prompts. In this paper, we introduce a Prompt-Agnostic Adversarial Perturbation (PAP) method for customized diffusion models. PAP first models the prompt distribution using a Laplace Approximation, and then produces prompt-agnostic perturbations by maximizing a disturbance expectation based on the modeled distribution. This approach effectively tackles the prompt-agnostic attacks, leading to improved defense stability. Extensive experiments in face privacy and artistic style protection, demonstrate the superior generalization of PAP in comparison to existing techniques. Our project page is available at https://github.com/vancyland/Prompt-Agnostic-Adversarial-Perturbation-for-Customized-Diffusion-Models.github.io.