SITA: Structurally Imperceptible and Transferable Adversarial Attacks for Stylized Image Generation

• URL: http://arxiv.org/abs/2503.19791v1
• Date: Tue, 25 Mar 2025 15:55:25 GMT
• Title: SITA: Structurally Imperceptible and Transferable Adversarial Attacks for Stylized Image Generation
• Authors: Jingdan Kang, Haoxin Yang, Yan Cai, Huaidong Zhang, Xuemiao Xu, Yong Du, Shengfeng He,
• Abstract summary: Current methods aimed at safeguarding artworks often employ adversarial attacks.<n>We propose a Structurally Imperceptible and Transferable Adrial (SITA) attacks.<n>It significantly outperforms existing methods in terms of transferability, computational efficiency, and noise imperceptibility.
• Score: 34.228338508482494
• License: http://creativecommons.org/licenses/by-nc-sa/4.0/
• Abstract: Image generation technology has brought significant advancements across various fields but has also raised concerns about data misuse and potential rights infringements, particularly with respect to creating visual artworks. Current methods aimed at safeguarding artworks often employ adversarial attacks. However, these methods face challenges such as poor transferability, high computational costs, and the introduction of noticeable noise, which compromises the aesthetic quality of the original artwork. To address these limitations, we propose a Structurally Imperceptible and Transferable Adversarial (SITA) attacks. SITA leverages a CLIP-based destylization loss, which decouples and disrupts the robust style representation of the image. This disruption hinders style extraction during stylized image generation, thereby impairing the overall stylization process. Importantly, SITA eliminates the need for a surrogate diffusion model, leading to significantly reduced computational overhead. The method's robust style feature disruption ensures high transferability across diverse models. Moreover, SITA introduces perturbations by embedding noise within the imperceptible structural details of the image. This approach effectively protects against style extraction without compromising the visual quality of the artwork. Extensive experiments demonstrate that SITA offers superior protection for artworks against unauthorized use in stylized generation. It significantly outperforms existing methods in terms of transferability, computational efficiency, and noise imperceptibility. Code is available at https://github.com/A-raniy-day/SITA.

Related papers

• DCT-Shield: A Robust Frequency Domain Defense against Malicious Image Editing [1.7624347338410742]
  Recent defenses attempt to protect images by adding a limited noise in the pixel space to disrupt the functioning of diffusion-based editing models. We propose a novel optimization approach that introduces adversarial perturbations directly in the frequency domain. By leveraging the JPEG pipeline, our method generates adversarial images that effectively prevent malicious image editing.
  arXiv  Detail & Related papers  (2025-04-24T19:14:50Z)
• Anti-Reference: Universal and Immediate Defense Against Reference-Based Generation [24.381813317728195]
  Anti-Reference is a novel method that protects images from the threats posed by reference-based generation techniques. We propose a unified loss function that enables joint attacks on fine-tuning-based customization methods. Our method shows certain transfer attack capabilities, effectively challenging both gray-box models and some commercial APIs.
  arXiv  Detail & Related papers  (2024-12-08T16:04:45Z)
• DiffusionGuard: A Robust Defense Against Malicious Diffusion-based Image Editing [93.45507533317405]
  DiffusionGuard is a robust and effective defense method against unauthorized edits by diffusion-based image editing models. We introduce a novel objective that generates adversarial noise targeting the early stage of the diffusion process. We also introduce a mask-augmentation technique to enhance robustness against various masks during test time.
  arXiv  Detail & Related papers  (2024-10-08T05:19:19Z)
• ID-Guard: A Universal Framework for Combating Facial Manipulation via Breaking Identification [60.73617868629575]
  misuse of deep learning-based facial manipulation poses a potential threat to civil rights. To prevent this fraud at its source, proactive defense technology was proposed to disrupt the manipulation process. We propose a novel universal framework for combating facial manipulation, called ID-Guard.
  arXiv  Detail & Related papers  (2024-09-20T09:30:08Z)
• Pixel Is Not a Barrier: An Effective Evasion Attack for Pixel-Domain Diffusion Models [9.905296922309157]
  Diffusion Models have emerged as powerful generative models for high-quality image synthesis, with many subsequent image editing techniques based on them.<n>Previous works have attempted to safeguard images from diffusion-based editing by adding imperceptible perturbations.<n>Our work proposes a novel attack framework, AtkPDM, which exploits vulnerabilities in denoising UNets and a latent optimization strategy to enhance the naturalness of adversarial images.
  arXiv  Detail & Related papers  (2024-08-21T17:56:34Z)
• DDAP: Dual-Domain Anti-Personalization against Text-to-Image Diffusion Models [18.938687631109925]
  Diffusion-based personalized visual content generation technologies have achieved significant breakthroughs. However, when misused to fabricate fake news or unsettling content targeting individuals, these technologies could cause considerable societal harm. This paper introduces a novel Dual-Domain Anti-Personalization framework (DDAP) By alternating between these two methods, we construct the DDAP framework, effectively harnessing the strengths of both domains.
  arXiv  Detail & Related papers  (2024-07-29T16:11:21Z)
• Artwork Protection Against Neural Style Transfer Using Locally Adaptive Adversarial Color Attack [9.072011414658512]
  Neural style transfer (NST) generates new images by combining the style of one image with the content of another. We propose Locally Adaptive Adversarial Color Attack (LAACA), empowering artists to protect their artwork from unauthorized style transfer.
  arXiv  Detail & Related papers  (2024-01-18T01:18:59Z)
• Adv-Diffusion: Imperceptible Adversarial Face Identity Attack via Latent Diffusion Model [61.53213964333474]
  We propose a unified framework Adv-Diffusion that can generate imperceptible adversarial identity perturbations in the latent space but not the raw pixel space. Specifically, we propose the identity-sensitive conditioned diffusion generative model to generate semantic perturbations in the surroundings. The designed adaptive strength-based adversarial perturbation algorithm can ensure both attack transferability and stealthiness.
  arXiv  Detail & Related papers  (2023-12-18T15:25:23Z)
• PortraitBooth: A Versatile Portrait Model for Fast Identity-preserved Personalization [92.90392834835751]
  PortraitBooth is designed for high efficiency, robust identity preservation, and expression-editable text-to-image generation. PortraitBooth eliminates computational overhead and mitigates identity distortion. It incorporates emotion-aware cross-attention control for diverse facial expressions in generated images.
  arXiv  Detail & Related papers  (2023-12-11T13:03:29Z)
• IMPRESS: Evaluating the Resilience of Imperceptible Perturbations Against Unauthorized Data Usage in Diffusion-Based Generative AI [52.90082445349903]
  Diffusion-based image generation models can create artistic images that mimic the style of an artist or maliciously edit the original images for fake content. Several attempts have been made to protect the original images from such unauthorized data usage by adding imperceptible perturbations. In this work, we introduce a purification perturbation platform, named IMPRESS, to evaluate the effectiveness of imperceptible perturbations as a protective measure.
  arXiv  Detail & Related papers  (2023-10-30T03:33:41Z)
• Reconstruction Distortion of Learned Image Compression with Imperceptible Perturbations [69.25683256447044]
  We introduce an attack approach designed to effectively degrade the reconstruction quality of Learned Image Compression (LIC) We generate adversarial examples by introducing a Frobenius norm-based loss function to maximize the discrepancy between original images and reconstructed adversarial examples. Experiments conducted on the Kodak dataset using various LIC models demonstrate effectiveness.
  arXiv  Detail & Related papers  (2023-06-01T20:21:05Z)
• Towards Prompt-robust Face Privacy Protection via Adversarial Decoupling Augmentation Framework [20.652130361862053]
  We propose the Adversarial Decoupling Augmentation Framework (ADAF) to enhance the defensive performance of facial privacy protection algorithms. ADAF introduces multi-level text-related augmentations for defense stability against various attacker prompts.
  arXiv  Detail & Related papers  (2023-05-06T09:00:50Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.