Raising the Cost of Malicious AI-Powered Image Editing

Hadi Salman, Alaa Khaddaj, Guillaume Leclerc, Andrew Ilyas, Aleksander Madry
Proceedings of the 40th International Conference on Machine Learning, PMLR 202:29894-29918, 2023.

Abstract

We present an approach to mitigating the risks of malicious image editing posed by large diffusion models. The key idea is to immunize images so as to make them resistant to manipulation by these models. This immunization relies on injection of imperceptible adversarial perturbations designed to disrupt the operation of the targeted diffusion models, forcing them to generate unrealistic images. We provide two methods for crafting such perturbations, and then demonstrate their efficacy. Finally, we discuss a policy component necessary to make our approach fully effective and practical—one that involves the organizations developing diffusion models, rather than individual users, to implement (and support) the immunization process.

Cite this Paper

BibTeX
@InProceedings{pmlr-v202-salman23a, title = {Raising the Cost of Malicious {AI}-Powered Image Editing}, author = {Salman, Hadi and Khaddaj, Alaa and Leclerc, Guillaume and Ilyas, Andrew and Madry, Aleksander}, booktitle = {Proceedings of the 40th International Conference on Machine Learning}, pages = {29894--29918}, year = {2023}, editor = {Krause, Andreas and Brunskill, Emma and Cho, Kyunghyun and Engelhardt, Barbara and Sabato, Sivan and Scarlett, Jonathan}, volume = {202}, series = {Proceedings of Machine Learning Research}, month = {23--29 Jul}, publisher = {PMLR}, pdf = {https://proceedings.mlr.press/v202/salman23a/salman23a.pdf}, url = {https://proceedings.mlr.press/v202/salman23a.html}, abstract = {We present an approach to mitigating the risks of malicious image editing posed by large diffusion models. The key idea is to immunize images so as to make them resistant to manipulation by these models. This immunization relies on injection of imperceptible adversarial perturbations designed to disrupt the operation of the targeted diffusion models, forcing them to generate unrealistic images. We provide two methods for crafting such perturbations, and then demonstrate their efficacy. Finally, we discuss a policy component necessary to make our approach fully effective and practical—one that involves the organizations developing diffusion models, rather than individual users, to implement (and support) the immunization process.} }
Endnote
%0 Conference Paper %T Raising the Cost of Malicious AI-Powered Image Editing %A Hadi Salman %A Alaa Khaddaj %A Guillaume Leclerc %A Andrew Ilyas %A Aleksander Madry %B Proceedings of the 40th International Conference on Machine Learning %C Proceedings of Machine Learning Research %D 2023 %E Andreas Krause %E Emma Brunskill %E Kyunghyun Cho %E Barbara Engelhardt %E Sivan Sabato %E Jonathan Scarlett %F pmlr-v202-salman23a %I PMLR %P 29894--29918 %U https://proceedings.mlr.press/v202/salman23a.html %V 202 %X We present an approach to mitigating the risks of malicious image editing posed by large diffusion models. The key idea is to immunize images so as to make them resistant to manipulation by these models. This immunization relies on injection of imperceptible adversarial perturbations designed to disrupt the operation of the targeted diffusion models, forcing them to generate unrealistic images. We provide two methods for crafting such perturbations, and then demonstrate their efficacy. Finally, we discuss a policy component necessary to make our approach fully effective and practical—one that involves the organizations developing diffusion models, rather than individual users, to implement (and support) the immunization process.
APA
Salman, H., Khaddaj, A., Leclerc, G., Ilyas, A. & Madry, A.. (2023). Raising the Cost of Malicious AI-Powered Image Editing. Proceedings of the 40th International Conference on Machine Learning, in Proceedings of Machine Learning Research 202:29894-29918 Available from https://proceedings.mlr.press/v202/salman23a.html.

Related Material