High-Frequency Anti-DreamBooth: Robust Defense against Personalized Image Synthesis
This work addresses the social problem of protecting individuals from misuse of generative models, but it is incremental as it builds on prior defenses like Anti-DreamBooth.
The paper tackles the problem of unauthorized malicious image synthesis using text-to-image models by proposing a new adversarial attack method that adds strong perturbations to high-frequency areas of images, making it robust against adversarial purification methods like DiffPure, with experiments showing that adversarial images retained noise and hindered malicious generation.
Recently, text-to-image generative models have been misused to create unauthorized malicious images of individuals, posing a growing social problem. Previous solutions, such as Anti-DreamBooth, add adversarial noise to images to protect them from being used as training data for malicious generation. However, we found that the adversarial noise can be removed by adversarial purification methods such as DiffPure. Therefore, we propose a new adversarial attack method that adds strong perturbation on the high-frequency areas of images to make it more robust to adversarial purification. Our experiment showed that the adversarial images retained noise even after adversarial purification, hindering malicious image generation.