Real-time Identity Defenses against Malicious Personalization of Diffusion Models
Personalized diffusion models, capable of synthesizing highly realistic images based on a few reference portraits, pose substantial social, ethical, and legal risks by enabling identity replication. Existing defense mechanisms rely on computationally intensive adversarial perturbations tailored to i...
Gespeichert in:
| Hauptverfasser: | , , , , , |
|---|---|
| Format: | Artikel |
| Sprache: | eng |
| Schlagworte: | |
| Online-Zugang: | Volltext bestellen |
| Tags: |
Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
|
| container_end_page | |
|---|---|
| container_issue | |
| container_start_page | |
| container_title | |
| container_volume | |
| creator | Guo, Hanzhong Nie, Shen Du, Chao Pang, Tianyu Sun, Hao Li, Chongxuan |
| description | Personalized diffusion models, capable of synthesizing highly realistic
images based on a few reference portraits, pose substantial social, ethical,
and legal risks by enabling identity replication. Existing defense mechanisms
rely on computationally intensive adversarial perturbations tailored to
individual images, rendering them impractical for real-world deployment. This
study introduces Real-time Identity Defender (RID), a neural network designed
to generate adversarial perturbations through a single forward pass, bypassing
the need for image-specific optimization. RID achieves unprecedented
efficiency, with defense times as low as 0.12 seconds on a single GPU (4,400
times faster than leading methods) and 1.1 seconds per image on a standard
Intel i9 CPU, making it suitable for edge devices such as smartphones. Despite
its efficiency, RID matches state-of-the-art performance across visual and
quantitative benchmarks, effectively mitigating identity replication risks. Our
analysis reveals that RID's perturbations mimic the efficacy of traditional
defenses while exhibiting properties distinct from natural noise, such as
Gaussian perturbations. To enhance robustness, we extend RID into an ensemble
framework that integrates multiple pre-trained text-to-image diffusion models,
ensuring resilience against black-box attacks and post-processing techniques,
including JPEG compression and diffusion-based purification. |
| doi_str_mv | 10.48550/arxiv.2412.09844 |
| format | Article |
| fullrecord | <record><control><sourceid>arxiv_GOX</sourceid><recordid>TN_cdi_arxiv_primary_2412_09844</recordid><sourceformat>XML</sourceformat><sourcesystem>PC</sourcesystem><sourcerecordid>2412_09844</sourcerecordid><originalsourceid>FETCH-arxiv_primary_2412_098443</originalsourceid><addsrcrecordid>eNqFjrEKwjAURbM4iPoBTuYHWmtNoc5W0aGg4l4e9kUepInkpWL9em1xd7ocuHCOEPNVEqs8y5Il-Bc941St0jjZ5EqNxfmCYKJADcpjjTZQ6GSBGi0jS7gDWQ6yBEM3ci3LE3p29otvCOSsdFoWpHXLPZSuRsNTMdJgGGe_nYjFfnfdHqJBXj08NeC7qo-ohoj1_8cHbo89cQ</addsrcrecordid><sourcetype>Open Access Repository</sourcetype><iscdi>true</iscdi><recordtype>article</recordtype></control><display><type>article</type><title>Real-time Identity Defenses against Malicious Personalization of Diffusion Models</title><source>arXiv.org</source><creator>Guo, Hanzhong ; Nie, Shen ; Du, Chao ; Pang, Tianyu ; Sun, Hao ; Li, Chongxuan</creator><creatorcontrib>Guo, Hanzhong ; Nie, Shen ; Du, Chao ; Pang, Tianyu ; Sun, Hao ; Li, Chongxuan</creatorcontrib><description>Personalized diffusion models, capable of synthesizing highly realistic
images based on a few reference portraits, pose substantial social, ethical,
and legal risks by enabling identity replication. Existing defense mechanisms
rely on computationally intensive adversarial perturbations tailored to
individual images, rendering them impractical for real-world deployment. This
study introduces Real-time Identity Defender (RID), a neural network designed
to generate adversarial perturbations through a single forward pass, bypassing
the need for image-specific optimization. RID achieves unprecedented
efficiency, with defense times as low as 0.12 seconds on a single GPU (4,400
times faster than leading methods) and 1.1 seconds per image on a standard
Intel i9 CPU, making it suitable for edge devices such as smartphones. Despite
its efficiency, RID matches state-of-the-art performance across visual and
quantitative benchmarks, effectively mitigating identity replication risks. Our
analysis reveals that RID's perturbations mimic the efficacy of traditional
defenses while exhibiting properties distinct from natural noise, such as
Gaussian perturbations. To enhance robustness, we extend RID into an ensemble
framework that integrates multiple pre-trained text-to-image diffusion models,
ensuring resilience against black-box attacks and post-processing techniques,
including JPEG compression and diffusion-based purification.</description><identifier>DOI: 10.48550/arxiv.2412.09844</identifier><language>eng</language><subject>Computer Science - Computer Vision and Pattern Recognition</subject><creationdate>2024-12</creationdate><rights>http://arxiv.org/licenses/nonexclusive-distrib/1.0</rights><oa>free_for_read</oa><woscitedreferencessubscribed>false</woscitedreferencessubscribed></display><links><openurl>$$Topenurl_article</openurl><openurlfulltext>$$Topenurlfull_article</openurlfulltext><thumbnail>$$Tsyndetics_thumb_exl</thumbnail><link.rule.ids>228,230,780,885</link.rule.ids><linktorsrc>$$Uhttps://arxiv.org/abs/2412.09844$$EView_record_in_Cornell_University$$FView_record_in_$$GCornell_University$$Hfree_for_read</linktorsrc><backlink>$$Uhttps://doi.org/10.48550/arXiv.2412.09844$$DView paper in arXiv$$Hfree_for_read</backlink></links><search><creatorcontrib>Guo, Hanzhong</creatorcontrib><creatorcontrib>Nie, Shen</creatorcontrib><creatorcontrib>Du, Chao</creatorcontrib><creatorcontrib>Pang, Tianyu</creatorcontrib><creatorcontrib>Sun, Hao</creatorcontrib><creatorcontrib>Li, Chongxuan</creatorcontrib><title>Real-time Identity Defenses against Malicious Personalization of Diffusion Models</title><description>Personalized diffusion models, capable of synthesizing highly realistic
images based on a few reference portraits, pose substantial social, ethical,
and legal risks by enabling identity replication. Existing defense mechanisms
rely on computationally intensive adversarial perturbations tailored to
individual images, rendering them impractical for real-world deployment. This
study introduces Real-time Identity Defender (RID), a neural network designed
to generate adversarial perturbations through a single forward pass, bypassing
the need for image-specific optimization. RID achieves unprecedented
efficiency, with defense times as low as 0.12 seconds on a single GPU (4,400
times faster than leading methods) and 1.1 seconds per image on a standard
Intel i9 CPU, making it suitable for edge devices such as smartphones. Despite
its efficiency, RID matches state-of-the-art performance across visual and
quantitative benchmarks, effectively mitigating identity replication risks. Our
analysis reveals that RID's perturbations mimic the efficacy of traditional
defenses while exhibiting properties distinct from natural noise, such as
Gaussian perturbations. To enhance robustness, we extend RID into an ensemble
framework that integrates multiple pre-trained text-to-image diffusion models,
ensuring resilience against black-box attacks and post-processing techniques,
including JPEG compression and diffusion-based purification.</description><subject>Computer Science - Computer Vision and Pattern Recognition</subject><fulltext>true</fulltext><rsrctype>article</rsrctype><creationdate>2024</creationdate><recordtype>article</recordtype><sourceid>GOX</sourceid><recordid>eNqFjrEKwjAURbM4iPoBTuYHWmtNoc5W0aGg4l4e9kUepInkpWL9em1xd7ocuHCOEPNVEqs8y5Il-Bc941St0jjZ5EqNxfmCYKJADcpjjTZQ6GSBGi0jS7gDWQ6yBEM3ci3LE3p29otvCOSsdFoWpHXLPZSuRsNTMdJgGGe_nYjFfnfdHqJBXj08NeC7qo-ohoj1_8cHbo89cQ</recordid><startdate>20241212</startdate><enddate>20241212</enddate><creator>Guo, Hanzhong</creator><creator>Nie, Shen</creator><creator>Du, Chao</creator><creator>Pang, Tianyu</creator><creator>Sun, Hao</creator><creator>Li, Chongxuan</creator><scope>AKY</scope><scope>GOX</scope></search><sort><creationdate>20241212</creationdate><title>Real-time Identity Defenses against Malicious Personalization of Diffusion Models</title><author>Guo, Hanzhong ; Nie, Shen ; Du, Chao ; Pang, Tianyu ; Sun, Hao ; Li, Chongxuan</author></sort><facets><frbrtype>5</frbrtype><frbrgroupid>cdi_FETCH-arxiv_primary_2412_098443</frbrgroupid><rsrctype>articles</rsrctype><prefilter>articles</prefilter><language>eng</language><creationdate>2024</creationdate><topic>Computer Science - Computer Vision and Pattern Recognition</topic><toplevel>online_resources</toplevel><creatorcontrib>Guo, Hanzhong</creatorcontrib><creatorcontrib>Nie, Shen</creatorcontrib><creatorcontrib>Du, Chao</creatorcontrib><creatorcontrib>Pang, Tianyu</creatorcontrib><creatorcontrib>Sun, Hao</creatorcontrib><creatorcontrib>Li, Chongxuan</creatorcontrib><collection>arXiv Computer Science</collection><collection>arXiv.org</collection></facets><delivery><delcategory>Remote Search Resource</delcategory><fulltext>fulltext_linktorsrc</fulltext></delivery><addata><au>Guo, Hanzhong</au><au>Nie, Shen</au><au>Du, Chao</au><au>Pang, Tianyu</au><au>Sun, Hao</au><au>Li, Chongxuan</au><format>journal</format><genre>article</genre><ristype>JOUR</ristype><atitle>Real-time Identity Defenses against Malicious Personalization of Diffusion Models</atitle><date>2024-12-12</date><risdate>2024</risdate><abstract>Personalized diffusion models, capable of synthesizing highly realistic
images based on a few reference portraits, pose substantial social, ethical,
and legal risks by enabling identity replication. Existing defense mechanisms
rely on computationally intensive adversarial perturbations tailored to
individual images, rendering them impractical for real-world deployment. This
study introduces Real-time Identity Defender (RID), a neural network designed
to generate adversarial perturbations through a single forward pass, bypassing
the need for image-specific optimization. RID achieves unprecedented
efficiency, with defense times as low as 0.12 seconds on a single GPU (4,400
times faster than leading methods) and 1.1 seconds per image on a standard
Intel i9 CPU, making it suitable for edge devices such as smartphones. Despite
its efficiency, RID matches state-of-the-art performance across visual and
quantitative benchmarks, effectively mitigating identity replication risks. Our
analysis reveals that RID's perturbations mimic the efficacy of traditional
defenses while exhibiting properties distinct from natural noise, such as
Gaussian perturbations. To enhance robustness, we extend RID into an ensemble
framework that integrates multiple pre-trained text-to-image diffusion models,
ensuring resilience against black-box attacks and post-processing techniques,
including JPEG compression and diffusion-based purification.</abstract><doi>10.48550/arxiv.2412.09844</doi><oa>free_for_read</oa></addata></record> |
| fulltext | fulltext_linktorsrc |
| identifier | DOI: 10.48550/arxiv.2412.09844 |
| ispartof | |
| issn | |
| language | eng |
| recordid | cdi_arxiv_primary_2412_09844 |
| source | arXiv.org |
| subjects | Computer Science - Computer Vision and Pattern Recognition |
| title | Real-time Identity Defenses against Malicious Personalization of Diffusion Models |
| url | https://sfx.bib-bvb.de/sfx_tum?ctx_ver=Z39.88-2004&ctx_enc=info:ofi/enc:UTF-8&ctx_tim=2025-01-03T20%3A34%3A13IST&url_ver=Z39.88-2004&url_ctx_fmt=infofi/fmt:kev:mtx:ctx&rfr_id=info:sid/primo.exlibrisgroup.com:primo3-Article-arxiv_GOX&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.genre=article&rft.atitle=Real-time%20Identity%20Defenses%20against%20Malicious%20Personalization%20of%20Diffusion%20Models&rft.au=Guo,%20Hanzhong&rft.date=2024-12-12&rft_id=info:doi/10.48550/arxiv.2412.09844&rft_dat=%3Carxiv_GOX%3E2412_09844%3C/arxiv_GOX%3E%3Curl%3E%3C/url%3E&disable_directlink=true&sfx.directlink=off&sfx.report_link=0&rft_id=info:oai/&rft_id=info:pmid/&rfr_iscdi=true |