REDEditing: Relationship-Driven Precise Backdoor Poisoning on Text-to-Image Diffusion Models
This work highlights a critical security vulnerability in editable image generation models, which is important for developers and users of generative AI systems, though it is incremental as it builds on existing model editing techniques.
The paper tackles the security threat of backdoor poisoning in text-to-image diffusion models by proposing REDEditing, a training-free method that achieves an 11% higher attack success rate and improves backdoor stealthiness by 24% compared to state-of-the-art approaches.
The rapid advancement of generative AI highlights the importance of text-to-image (T2I) security, particularly with the threat of backdoor poisoning. Timely disclosure and mitigation of security vulnerabilities in T2I models are crucial for ensuring the safe deployment of generative models. We explore a novel training-free backdoor poisoning paradigm through model editing, which is recently employed for knowledge updating in large language models. Nevertheless, we reveal the potential security risks posed by model editing techniques to image generation models. In this work, we establish the principles for backdoor attacks based on model editing, and propose a relationship-driven precise backdoor poisoning method, REDEditing. Drawing on the principles of equivalent-attribute alignment and stealthy poisoning, we develop an equivalent relationship retrieval and joint-attribute transfer approach that ensures consistent backdoor image generation through concept rebinding. A knowledge isolation constraint is proposed to preserve benign generation integrity. Our method achieves an 11\% higher attack success rate compared to state-of-the-art approaches. Remarkably, adding just one line of code enhances output naturalness while improving backdoor stealthiness by 24\%. This work aims to heighten awareness regarding this security vulnerability in editable image generation models.