SC-Pro: Training-Free Framework for Defending Unsafe Image Synthesis Attack
This addresses the problem of preventing abuse in image generation for users and platforms by offering an incremental improvement in defense mechanisms.
The paper tackles the vulnerability of safety checkers in diffusion models to adversarial attacks that generate unsafe images, proposing a training-free defense framework called SC-Pro that exploits the non-robustness of these attacks to small changes, with SC-Pro-o reducing computational resources for detection.
With advances in diffusion models, image generation has shown significant performance improvements. This raises concerns about the potential abuse of image generation, such as the creation of explicit or violent images, commonly referred to as Not Safe For Work (NSFW) content. To address this, the Stable Diffusion model includes several safety checkers to censor initial text prompts and final output images generated from the model. However, recent research has shown that these safety checkers have vulnerabilities against adversarial attacks, allowing them to generate NSFW images. In this paper, we find that these adversarial attacks are not robust to small changes in text prompts or input latents. Based on this, we propose SC-Pro (Spherical or Circular Probing), a training-free framework that easily defends against adversarial attacks generating NSFW images. Moreover, we develop an approach that utilizes one-step diffusion models for efficient NSFW detection (SC-Pro-o), further reducing computational resources. We demonstrate the superiority of our method in terms of performance and applicability.