The Stronger the Diffusion Model, the Easier the Backdoor: Data Poisoning to Induce Copyright Breaches Without Adjusting Finetuning Pipeline

• URL: http://arxiv.org/abs/2401.04136v2
• Date: Sun, 26 May 2024 06:00:10 GMT
• Title: The Stronger the Diffusion Model, the Easier the Backdoor: Data Poisoning to Induce Copyright Breaches Without Adjusting Finetuning Pipeline
• Authors: Haonan Wang, Qianli Shen, Yao Tong, Yang Zhang, Kenji Kawaguchi,
• Abstract summary: We formalized the Copyright Infringement Attack on generative AI models and proposed a backdoor attack method, SilentBadDiffusion. Our method strategically embeds connections between pieces of copyrighted information and text references in poisoning data. Our experiments show the stealth and efficacy of the poisoning data.
• Score: 30.80691226540351
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: The commercialization of text-to-image diffusion models (DMs) brings forth potential copyright concerns. Despite numerous attempts to protect DMs from copyright issues, the vulnerabilities of these solutions are underexplored. In this study, we formalized the Copyright Infringement Attack on generative AI models and proposed a backdoor attack method, SilentBadDiffusion, to induce copyright infringement without requiring access to or control over training processes. Our method strategically embeds connections between pieces of copyrighted information and text references in poisoning data while carefully dispersing that information, making the poisoning data inconspicuous when integrated into a clean dataset. Our experiments show the stealth and efficacy of the poisoning data. When given specific text prompts, DMs trained with a poisoning ratio of 0.20% can produce copyrighted images. Additionally, the results reveal that the more sophisticated the DMs are, the easier the success of the attack becomes. These findings underline potential pitfalls in the prevailing copyright protection strategies and underscore the necessity for increased scrutiny to prevent the misuse of DMs.

Related papers

• Revealing the Unseen: Guiding Personalized Diffusion Models to Expose Training Data [10.619162675453806]
  Diffusion Models (DMs) have evolved into advanced image generation tools. FineXtract is a framework for extracting fine-tuning data. Experiments on DMs fine-tuned with datasets such as WikiArt, DreamBooth, and real-world checkpoints posted online validate the effectiveness of our method.
  arXiv  Detail & Related papers  (2024-10-03T23:06:11Z)
• Evaluating and Mitigating IP Infringement in Visual Generative AI [54.24196167576133]
  State-of-the-art visual generative models can generate content that bears a striking resemblance to characters protected by intellectual property rights. This happens when the input prompt contains the character's name or even just descriptive details about their characteristics. We develop a revised generation paradigm that can identify potentially infringing generated content and prevent IP infringement.
  arXiv  Detail & Related papers  (2024-06-07T06:14:18Z)
• Watermark-embedded Adversarial Examples for Copyright Protection against Diffusion Models [10.993094140231667]
  There are concerns that Diffusion Models could be used to imitate unauthorized creations and thus raise copyright issues. We propose a novel framework that embeds personal watermarks in the generation of adversarial examples. This work provides a simple yet powerful way to protect copyright from DM-based imitation.
  arXiv  Detail & Related papers  (2024-04-15T01:27:07Z)
• From Trojan Horses to Castle Walls: Unveiling Bilateral Data Poisoning Effects in Diffusion Models [19.140908259968302]
  We investigate whether BadNets-like data poisoning methods can directly degrade the generation by DMs. We show that a BadNets-like data poisoning attack remains effective in DMs for producing incorrect images. Poisoned DMs exhibit an increased ratio of triggers, a phenomenon we refer to as trigger amplification'
  arXiv  Detail & Related papers  (2023-11-04T11:00:31Z)
• A Recipe for Watermarking Diffusion Models [53.456012264767914]
  Diffusion models (DMs) have demonstrated advantageous potential on generative tasks. Widespread interest exists in incorporating DMs into downstream applications, such as producing or editing photorealistic images. However, practical deployment and unprecedented power of DMs raise legal issues, including copyright protection and monitoring of generated content. Watermarking has been a proven solution for copyright protection and content monitoring, but it is underexplored in the DMs literature.
  arXiv  Detail & Related papers  (2023-03-17T17:25:10Z)
• Adversarial Example Does Good: Preventing Painting Imitation from Diffusion Models via Adversarial Examples [32.701307512642835]
  Diffusion Models (DMs) boost a wave in AI for Art yet raise new copyright concerns. In this paper, we propose to utilize adversarial examples for DMs to protect human-created artworks. Our method can be a powerful tool for human artists to protect their copyright against infringers equipped with DM-based AI-for-Art applications.
  arXiv  Detail & Related papers  (2023-02-09T11:36:39Z)
• Untargeted Backdoor Watermark: Towards Harmless and Stealthy Dataset Copyright Protection [69.59980270078067]
  We explore the untargeted backdoor watermarking scheme, where the abnormal model behaviors are not deterministic. We also discuss how to use the proposed untargeted backdoor watermark for dataset ownership verification.
  arXiv  Detail & Related papers  (2022-09-27T12:56:56Z)
• Adversarial Examples Make Strong Poisons [55.63469396785909]
  We show that adversarial examples, originally intended for attacking pre-trained models, are even more effective for data poisoning than recent methods designed specifically for poisoning. Our method, adversarial poisoning, is substantially more effective than existing poisoning methods for secure dataset release.
  arXiv  Detail & Related papers  (2021-06-21T01:57:14Z)
• Strong Data Augmentation Sanitizes Poisoning and Backdoor Attacks Without an Accuracy Tradeoff [57.35978884015093]
  We show that strong data augmentations, such as CutMix, can significantly diminish the threat of poisoning and backdoor attacks without trading off performance. In the context of backdoors, CutMix greatly mitigates the attack while simultaneously increasing validation accuracy by 9%.
  arXiv  Detail & Related papers  (2020-11-18T20:18:50Z)
• Just How Toxic is Data Poisoning? A Unified Benchmark for Backdoor and Data Poisoning Attacks [74.88735178536159]
  Data poisoning is the number one concern among threats ranging from model stealing to adversarial attacks. We observe that data poisoning and backdoor attacks are highly sensitive to variations in the testing setup. We apply rigorous tests to determine the extent to which we should fear them.
  arXiv  Detail & Related papers  (2020-06-22T18:34:08Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.