Related papers: Anti-Tamper Protection for Unauthorized Individual Image Generation

Anti-Tamper Protection for Unauthorized Individual Image Generation

URL: http://arxiv.org/abs/2508.06325v1
Date: Tue, 05 Aug 2025 20:34:25 GMT
Title: Anti-Tamper Protection for Unauthorized Individual Image Generation
Authors: Zelin Li, Ruohan Zong, Yifan Liu, Ruichen Yao, Yaokun Liu, Yang Zhang, Dong Wang,
Abstract summary: Anti-Tamper Perturbation (ATP) is a tamper-proof mechanism within the perturbation.<n>ATP demonstrates its effectiveness in defending forgery attacks across various attack settings.
Score: 12.863447377767182
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: With the advancement of personalized image generation technologies, concerns about forgery attacks that infringe on portrait rights and privacy are growing. To address these concerns, protection perturbation algorithms have been developed to disrupt forgery generation. However, the protection algorithms would become ineffective when forgery attackers apply purification techniques to bypass the protection. To address this issue, we present a novel approach, Anti-Tamper Perturbation (ATP). ATP introduces a tamper-proof mechanism within the perturbation. It consists of protection and authorization perturbations, where the protection perturbation defends against forgery attacks, while the authorization perturbation detects purification-based tampering. Both protection and authorization perturbations are applied in the frequency domain under the guidance of a mask, ensuring that the protection perturbation does not disrupt the authorization perturbation. This design also enables the authorization perturbation to be distributed across all image pixels, preserving its sensitivity to purification-based tampering. ATP demonstrates its effectiveness in defending forgery attacks across various attack settings through extensive experiments, providing a robust solution for protecting individuals' portrait rights and privacy. Our code is available at: https://github.com/Seeyn/Anti-Tamper-Perturbation .

Related papers

Off-The-Shelf Image-to-Image Models Are All You Need To Defeat Image Protection Schemes [16.291584448627372]
We show that off-the-shelf image-to-image GenAI models can be repurposed as generic denoisers" using a simple text prompt.<n>Our findings reveal a critical and widespread vulnerability in the current landscape of image protection, indicating that many schemes provide a false sense of security.
arXiv Detail & Related papers (2026-02-25T18:46:30Z)
Adapter Shield: A Unified Framework with Built-in Authentication for Preventing Unauthorized Zero-Shot Image-to-Image Generation [74.5813283875938]
Zero-shot image-to-image generation poses substantial risks related to intellectual property violations.<n>This work presents Adapter Shield, the first universal and authentication-integrated solution aimed at defending personal images from misuse.<n>Our method surpasses existing state-of-the-art defenses in blocking unauthorized zero-shot image synthesis.
arXiv Detail & Related papers (2025-11-25T04:49:16Z)
Fragile by Design: On the Limits of Adversarial Defenses in Personalized Generation [26.890796322896346]
Defense mechanisms like Anti-DreamBooth attempt to mitigate the risk of facial identity leakage.<n>We identify two critical yet overlooked limitations of these methods.<n>Results reveal that none of the current methods maintains their protective effectiveness under such threats.
arXiv Detail & Related papers (2025-11-13T14:56:25Z)
GuardDoor: Safeguarding Against Malicious Diffusion Editing via Protective Backdoors [8.261182037130407]
GuardDoor is a novel and robust protection mechanism that fosters collaboration between image owners and model providers.<n>Our method demonstrates enhanced robustness against image preprocessing operations and is scalable for large-scale deployment.
arXiv Detail & Related papers (2025-03-05T22:21:44Z)
PersGuard: Preventing Malicious Personalization via Backdoor Attacks on Pre-trained Text-to-Image Diffusion Models [51.458089902581456]
We introduce PersGuard, a novel backdoor-based approach that prevents malicious personalization of specific images.<n>Our method significantly outperforms existing techniques, offering a more robust solution for privacy and copyright protection.
arXiv Detail & Related papers (2025-02-22T09:47:55Z)
Nearly Zero-Cost Protection Against Mimicry by Personalized Diffusion Models [9.548195579003897]
We introduce pre-training to reduce latency and propose a mixture-of-perturbations approach to minimize performance degradation.<n>Our novel training strategy computes protection loss across multiple VAE feature spaces, while adaptive targeted protection at inference enhances robustness.<n>Experiments show comparable protection performance with improved invisibility and drastically reduced inference time.
arXiv Detail & Related papers (2024-12-16T03:46:45Z)
DiffusionGuard: A Robust Defense Against Malicious Diffusion-based Image Editing [93.45507533317405]
DiffusionGuard is a robust and effective defense method against unauthorized edits by diffusion-based image editing models. We introduce a novel objective that generates adversarial noise targeting the early stage of the diffusion process. We also introduce a mask-augmentation technique to enhance robustness against various masks during test time.
arXiv Detail & Related papers (2024-10-08T05:19:19Z)
ID-Guard: A Universal Framework for Combating Facial Manipulation via Breaking Identification [60.73617868629575]
misuse of deep learning-based facial manipulation poses a significant threat to civil rights.<n>To prevent this fraud at its source, proactive defense has been proposed to disrupt the manipulation process.<n>This paper proposes a universal framework for combating facial manipulation, termed ID-Guard.
arXiv Detail & Related papers (2024-09-20T09:30:08Z)
Imperceptible Protection against Style Imitation from Diffusion Models [9.548195579003897]
We introduce a visually improved protection method while preserving its protection capability. We devise a perceptual map to highlight areas sensitive to human eyes, guided by instance-aware refinement. We also introduce a difficulty-aware protection by predicting how difficult the artwork is to protect and dynamically adjusting the intensity.
arXiv Detail & Related papers (2024-03-28T09:21:00Z)
IMPRESS: Evaluating the Resilience of Imperceptible Perturbations Against Unauthorized Data Usage in Diffusion-Based Generative AI [52.90082445349903]
Diffusion-based image generation models can create artistic images that mimic the style of an artist or maliciously edit the original images for fake content. Several attempts have been made to protect the original images from such unauthorized data usage by adding imperceptible perturbations. In this work, we introduce a purification perturbation platform, named IMPRESS, to evaluate the effectiveness of imperceptible perturbations as a protective measure.
arXiv Detail & Related papers (2023-10-30T03:33:41Z)
Targeted Attack Improves Protection against Unauthorized Diffusion Customization [3.1678356835951273]
Diffusion models build a new milestone for image generation yet raising public concerns. They can be fine-tuned on unauthorized images for customization. Current protection, leveraging untargeted attacks, does not appear to be effective enough. We propose a simple yet effective improvement for the protection against unauthorized diffusion customization by introducing targeted attacks.
arXiv Detail & Related papers (2023-10-07T05:24:42Z)
DiffProtect: Generate Adversarial Examples with Diffusion Models for Facial Privacy Protection [64.77548539959501]
DiffProtect produces more natural-looking encrypted images than state-of-the-art methods. It achieves significantly higher attack success rates, e.g., 24.5% and 25.1% absolute improvements on the CelebA-HQ and FFHQ datasets.
arXiv Detail & Related papers (2023-05-23T02:45:49Z)

This list is automatically generated from the titles and abstracts of the papers in this site.