Anti-Aesthetics: Protecting Facial Privacy against Customized Text-to-Image Synthesis
- URL: http://arxiv.org/abs/2504.12129v2
- Date: Wed, 23 Apr 2025 13:23:07 GMT
- Title: Anti-Aesthetics: Protecting Facial Privacy against Customized Text-to-Image Synthesis
- Authors: Songping Wang, Yueming Lyu, Shiqi Liu, Ning Li, Tong Tong, Hao Sun, Caifeng Shan,
- Abstract summary: We propose a Hierarchical Anti-Aesthetic (HAA) framework to fully explore aesthetic cues.<n>Our HAA effectively achieves the goal of anti-aesthetics from a global to a local level during customized generation.
- Score: 18.743360923809217
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: The rise of customized diffusion models has spurred a boom in personalized visual content creation, but also poses risks of malicious misuse, severely threatening personal privacy and copyright protection. Some studies show that the aesthetic properties of images are highly positively correlated with human perception of image quality. Inspired by this, we approach the problem from a novel and intriguing aesthetic perspective to degrade the generation quality of maliciously customized models, thereby achieving better protection of facial identity. Specifically, we propose a Hierarchical Anti-Aesthetic (HAA) framework to fully explore aesthetic cues, which consists of two key branches: 1) Global Anti-Aesthetics: By establishing a global anti-aesthetic reward mechanism and a global anti-aesthetic loss, it can degrade the overall aesthetics of the generated content; 2) Local Anti-Aesthetics: A local anti-aesthetic reward mechanism and a local anti-aesthetic loss are designed to guide adversarial perturbations to disrupt local facial identity. By seamlessly integrating both branches, our HAA effectively achieves the goal of anti-aesthetics from a global to a local level during customized generation. Extensive experiments show that HAA outperforms existing SOTA methods largely in identity removal, providing a powerful tool for protecting facial privacy and copyright.
Related papers
- SIDeR: Semantic Identity Decoupling for Unrestricted Face Privacy [53.75084833636302]
We propose SIDeR, a Semantic decoupling-driven framework for unrestricted face privacy protection.<n> SIDeR decomposes a facial image into a machine-recognizable identity feature vector and a visually perceptible semantic appearance component.<n>For authorized access, SIDeR can be restored to its original form when the correct password is provided.
arXiv Detail & Related papers (2026-02-04T19:30:48Z) - Aesthetic Alignment Risks Assimilation: How Image Generation and Reward Models Reinforce Beauty Bias and Ideological "Censorship" [10.879152680774318]
Over-aligning image generation models to a generalized aesthetic preference conflicts with user intent.<n>We test this bias by constructing a wide-spectrum aesthetics dataset and evaluating state-of-the-art generation and reward models.
arXiv Detail & Related papers (2025-12-09T00:24:29Z) - Adapter Shield: A Unified Framework with Built-in Authentication for Preventing Unauthorized Zero-Shot Image-to-Image Generation [74.5813283875938]
Zero-shot image-to-image generation poses substantial risks related to intellectual property violations.<n>This work presents Adapter Shield, the first universal and authentication-integrated solution aimed at defending personal images from misuse.<n>Our method surpasses existing state-of-the-art defenses in blocking unauthorized zero-shot image synthesis.
arXiv Detail & Related papers (2025-11-25T04:49:16Z) - Fragile by Design: On the Limits of Adversarial Defenses in Personalized Generation [26.890796322896346]
Defense mechanisms like Anti-DreamBooth attempt to mitigate the risk of facial identity leakage.<n>We identify two critical yet overlooked limitations of these methods.<n>Results reveal that none of the current methods maintains their protective effectiveness under such threats.
arXiv Detail & Related papers (2025-11-13T14:56:25Z) - VCE: Safe Autoregressive Image Generation via Visual Contrast Exploitation [57.36681904639463]
Methods to safeguard autoregressive text-to-image models remain underexplored.<n>We propose Visual Contrast Exploitation (VCE), a novel framework that precisely decouples unsafe concepts from their associated content semantics.<n>Our experiments demonstrate that our method effectively secures the model, achieving state-of-the-art results while erasing unsafe concepts and maintaining the integrity of unrelated safe concepts.
arXiv Detail & Related papers (2025-09-21T09:00:27Z) - CraftGraffiti: Exploring Human Identity with Custom Graffiti Art via Facial-Preserving Diffusion Models [43.96017763034248]
Preserving facial identity under extreme stylistic transformation remains a major challenge in generative art.<n>We present CraftGraffiti, an end-to-end text-guided graffiti generation framework designed with facial feature preservation as a primary objective.<n>CraftGraffiti first applies graffiti style transfer via LoRA-fine-tuned pretrained diffusion transformer, then enforces identity fidelity through a face-consistent self-attention mechanism.
arXiv Detail & Related papers (2025-08-28T10:38:13Z) - Privacy Protection Against Personalized Text-to-Image Synthesis via Cross-image Consistency Constraints [9.385284914809294]
Cross-image Anti-Personalization (CAP) is a novel framework that enhances resistance to personalization by enforcing style consistency across perturbed images.
We develop a dynamic ratio adjustment strategy that adaptively balances the impact of the consistency loss throughout the attack iterations.
arXiv Detail & Related papers (2025-04-17T08:39:32Z) - Enhancing Facial Privacy Protection via Weakening Diffusion Purification [36.33027625681024]
Social media has led to the widespread sharing of individual portrait images, which pose serious privacy risks.
Recent methods employ diffusion models to generate adversarial face images for privacy protection.
We propose learning unconditional embeddings to increase the learning capacity for adversarial modifications.
We integrate an identity-preserving structure to maintain structural consistency between the original and generated images.
arXiv Detail & Related papers (2025-03-13T13:27:53Z) - PersGuard: Preventing Malicious Personalization via Backdoor Attacks on Pre-trained Text-to-Image Diffusion Models [51.458089902581456]
We introduce PersGuard, a novel backdoor-based approach that prevents malicious personalization of specific images.<n>Our method significantly outperforms existing techniques, offering a more robust solution for privacy and copyright protection.
arXiv Detail & Related papers (2025-02-22T09:47:55Z) - iFADIT: Invertible Face Anonymization via Disentangled Identity Transform [51.123936665445356]
Face anonymization aims to conceal the visual identity of a face to safeguard the individual's privacy.
This paper proposes a novel framework named iFADIT, an acronym for Invertible Face Anonymization via Disentangled Identity Transform.
arXiv Detail & Related papers (2025-01-08T10:08:09Z) - Privacy Protection in Personalized Diffusion Models via Targeted Cross-Attention Adversarial Attack [5.357486699062561]
We propose a novel and efficient adversarial attack method, Concept Protection by Selective Attention Manipulation (CoPSAM)
For this purpose, we carefully construct an imperceptible noise to be added to clean samples to get their adversarial counterparts.
Experimental validation on a subset of CelebA-HQ face images dataset demonstrates that our approach outperforms existing methods.
arXiv Detail & Related papers (2024-11-25T14:39:18Z) - ID-Guard: A Universal Framework for Combating Facial Manipulation via Breaking Identification [60.73617868629575]
misuse of deep learning-based facial manipulation poses a significant threat to civil rights.<n>To prevent this fraud at its source, proactive defense has been proposed to disrupt the manipulation process.<n>This paper proposes a universal framework for combating facial manipulation, termed ID-Guard.
arXiv Detail & Related papers (2024-09-20T09:30:08Z) - Visual-Friendly Concept Protection via Selective Adversarial Perturbations [23.780603071185197]
We propose the Visual-Friendly Concept Protection (VCPro) framework, which prioritizes the protection of key concepts chosen by the image owner.
To ensure these perturbations are as inconspicuous as possible, we introduce a relaxed optimization objective.
Experiments validate that VCPro achieves a better trade-off between the visibility of perturbations and protection effectiveness.
arXiv Detail & Related papers (2024-08-16T04:14:28Z) - Transferable Adversarial Facial Images for Privacy Protection [15.211743719312613]
We present a novel face privacy protection scheme with improved transferability while maintain high visual quality.
We first exploit global adversarial latent search to traverse the latent space of the generative model.
We then introduce a key landmark regularization module to preserve the visual identity information.
arXiv Detail & Related papers (2024-07-18T02:16:11Z) - Adversarial Perturbations Cannot Reliably Protect Artists From Generative AI [61.35083814817094]
Several protection tools against style mimicry have been developed that incorporate small adversarial perturbations into artworks published online.<n>We find that low-effort and "off-the-shelf" techniques, such as image upscaling, are sufficient to create robust mimicry methods that significantly degrade existing protections.<n>We caution that tools based on adversarial perturbations cannot reliably protect artists from the misuse of generative AI.
arXiv Detail & Related papers (2024-06-17T18:51:45Z) - Imperceptible Protection against Style Imitation from Diffusion Models [9.548195579003897]
We introduce a visually improved protection method while preserving its protection capability.
We devise a perceptual map to highlight areas sensitive to human eyes, guided by instance-aware refinement.
We also introduce a difficulty-aware protection by predicting how difficult the artwork is to protect and dynamically adjusting the intensity.
arXiv Detail & Related papers (2024-03-28T09:21:00Z) - Artwork Protection Against Neural Style Transfer Using Locally Adaptive Adversarial Color Attack [9.072011414658512]
Neural style transfer (NST) generates new images by combining the style of one image with the content of another.
We propose Locally Adaptive Adversarial Color Attack (LAACA), empowering artists to protect their artwork from unauthorized style transfer.
arXiv Detail & Related papers (2024-01-18T01:18:59Z) - Diff-Privacy: Diffusion-based Face Privacy Protection [58.1021066224765]
In this paper, we propose a novel face privacy protection method based on diffusion models, dubbed Diff-Privacy.
Specifically, we train our proposed multi-scale image inversion module (MSI) to obtain a set of SDM format conditional embeddings of the original image.
Based on the conditional embeddings, we design corresponding embedding scheduling strategies and construct different energy functions during the denoising process to achieve anonymization and visual identity information hiding.
arXiv Detail & Related papers (2023-09-11T09:26:07Z) - OPOM: Customized Invisible Cloak towards Face Privacy Protection [58.07786010689529]
We investigate the face privacy protection from a technology standpoint based on a new type of customized cloak.
We propose a new method, named one person one mask (OPOM), to generate person-specific (class-wise) universal masks.
The effectiveness of the proposed method is evaluated on both common and celebrity datasets.
arXiv Detail & Related papers (2022-05-24T11:29:37Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.