Pixel Is Not a Barrier: An Effective Evasion Attack for Pixel-Domain Diffusion Models
This work addresses security risks in image editing for applications like scams or intellectual property, but it is incremental as it extends existing evasion attacks to a new model type.
The authors tackled the problem of safeguarding images from malicious editing by diffusion models, specifically targeting previously unexplored Pixel-domain Diffusion Models (PDMs), and demonstrated that their attack framework, AtkPDM, effectively evades PDM-based editing methods like SDEdit while maintaining reasonable fidelity and robustness against defenses.
Diffusion Models have emerged as powerful generative models for high-quality image synthesis, with many subsequent image editing techniques based on them. However, the ease of text-based image editing introduces significant risks, such as malicious editing for scams or intellectual property infringement. Previous works have attempted to safeguard images from diffusion-based editing by adding imperceptible perturbations. These methods are costly and specifically target prevalent Latent Diffusion Models (LDMs), while Pixel-domain Diffusion Models (PDMs) remain largely unexplored and robust against such attacks. Our work addresses this gap by proposing a novel attack framework, AtkPDM. AtkPDM is mainly composed of a feature representation attacking loss that exploits vulnerabilities in denoising UNets and a latent optimization strategy to enhance the naturalness of adversarial images. Extensive experiments demonstrate the effectiveness of our approach in attacking dominant PDM-based editing methods (e.g., SDEdit) while maintaining reasonable fidelity and robustness against common defense methods. Additionally, our framework is extensible to LDMs, achieving comparable performance to existing approaches.