RIATIG: Reliable and Imperceptible Adversarial Text-to-Image Generation with Natural Prompts

Han Liu; Yuhao Wu; Shixuan Zhai; Bo Yuan; Ning Zhang

doi:10.1109/CVPR52729.2023.01972

RIATIG: Reliable and Imperceptible Adversarial Text-to-Image Generation with Natural Prompts

Han Liu
, Yuhao Wu
, Shixuan Zhai
, Bo Yuan
, Ning Zhang

Department of Computer Science & Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

36 Scopus citations

Abstract

The field of text-to-image generation has made remarkable strides in creating high-fidelity and photorealistic images. As this technology gains popularity, there is a growing concern about its potential security risks. However, there has been limited exploration into the robustness of these models from an adversarial perspective. Existing research has primarily focused on untargeted settings, and lacks holistic consideration for reliability (attack success rate) and stealthiness (imperceptibility). In this paper, we propose RIATIG, a reliable and imperceptible adversarial attack against text-to-image models via inconspicuous examples. By formulating the example crafting as an optimization process and solving it using a genetic-based method, our proposed attack can generate imperceptible prompts for text-to-image generation models in a reliable way. Evaluation of six popular text-to-image generation models demonstrates the efficiency and stealthiness of our attack in both white-box and black-box settings.

Original language	English
Title of host publication	Proceedings - 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2023
Publisher	IEEE Computer Society
Pages	20585-20594
Number of pages	10
ISBN (Electronic)	9798350301298
ISBN (Print)	9798350301298
DOIs	https://doi.org/10.1109/CVPR52729.2023.01972
State	Published - 2023
Event	2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2023 - Vancouver, Canada Duration: Jun 18 2023 → Jun 22 2023

Publication series

Name	Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition
Volume	2023-June
ISSN (Print)	1063-6919

Conference

Conference	2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2023
Country/Territory	Canada
City	Vancouver
Period	06/18/23 → 06/22/23

Keywords

Adversarial attack and defense

Access to Document

10.1109/CVPR52729.2023.01972

Cite this

Liu, H., Wu, Y., Zhai, S., Yuan, B., & Zhang, N. (2023). RIATIG: Reliable and Imperceptible Adversarial Text-to-Image Generation with Natural Prompts. In Proceedings - 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2023 (pp. 20585-20594). (Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition; Vol. 2023-June). IEEE Computer Society. https://doi.org/10.1109/CVPR52729.2023.01972

Liu, Han ; Wu, Yuhao ; Zhai, Shixuan et al. / RIATIG : Reliable and Imperceptible Adversarial Text-to-Image Generation with Natural Prompts. Proceedings - 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2023. IEEE Computer Society, 2023. pp. 20585-20594 (Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition).

@inproceedings{deb2133704fe4cbf9c07c3fd77b35281,

title = "RIATIG: Reliable and Imperceptible Adversarial Text-to-Image Generation with Natural Prompts",

abstract = "The field of text-to-image generation has made remarkable strides in creating high-fidelity and photorealistic images. As this technology gains popularity, there is a growing concern about its potential security risks. However, there has been limited exploration into the robustness of these models from an adversarial perspective. Existing research has primarily focused on untargeted settings, and lacks holistic consideration for reliability (attack success rate) and stealthiness (imperceptibility). In this paper, we propose RIATIG, a reliable and imperceptible adversarial attack against text-to-image models via inconspicuous examples. By formulating the example crafting as an optimization process and solving it using a genetic-based method, our proposed attack can generate imperceptible prompts for text-to-image generation models in a reliable way. Evaluation of six popular text-to-image generation models demonstrates the efficiency and stealthiness of our attack in both white-box and black-box settings.",

keywords = "Adversarial attack and defense",

author = "Han Liu and Yuhao Wu and Shixuan Zhai and Bo Yuan and Ning Zhang",

note = "Publisher Copyright: {\textcopyright}2023 IEEE.; 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2023 ; Conference date: 18-06-2023 Through 22-06-2023",

year = "2023",

doi = "10.1109/CVPR52729.2023.01972",

language = "English",

isbn = "9798350301298",

series = "Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition",

publisher = "IEEE Computer Society",

pages = "20585--20594",

booktitle = "Proceedings - 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2023",

}

Liu, H, Wu, Y, Zhai, S, Yuan, B & Zhang, N 2023, RIATIG: Reliable and Imperceptible Adversarial Text-to-Image Generation with Natural Prompts. in Proceedings - 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2023. Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition, vol. 2023-June, IEEE Computer Society, pp. 20585-20594, 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2023, Vancouver, Canada, 06/18/23. https://doi.org/10.1109/CVPR52729.2023.01972

RIATIG: Reliable and Imperceptible Adversarial Text-to-Image Generation with Natural Prompts. / Liu, Han; Wu, Yuhao; Zhai, Shixuan et al.
Proceedings - 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2023. IEEE Computer Society, 2023. p. 20585-20594 (Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition; Vol. 2023-June).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - RIATIG

T2 - 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2023

AU - Liu, Han

AU - Wu, Yuhao

AU - Zhai, Shixuan

AU - Yuan, Bo

AU - Zhang, Ning

PY - 2023

Y1 - 2023

N2 - The field of text-to-image generation has made remarkable strides in creating high-fidelity and photorealistic images. As this technology gains popularity, there is a growing concern about its potential security risks. However, there has been limited exploration into the robustness of these models from an adversarial perspective. Existing research has primarily focused on untargeted settings, and lacks holistic consideration for reliability (attack success rate) and stealthiness (imperceptibility). In this paper, we propose RIATIG, a reliable and imperceptible adversarial attack against text-to-image models via inconspicuous examples. By formulating the example crafting as an optimization process and solving it using a genetic-based method, our proposed attack can generate imperceptible prompts for text-to-image generation models in a reliable way. Evaluation of six popular text-to-image generation models demonstrates the efficiency and stealthiness of our attack in both white-box and black-box settings.

AB - The field of text-to-image generation has made remarkable strides in creating high-fidelity and photorealistic images. As this technology gains popularity, there is a growing concern about its potential security risks. However, there has been limited exploration into the robustness of these models from an adversarial perspective. Existing research has primarily focused on untargeted settings, and lacks holistic consideration for reliability (attack success rate) and stealthiness (imperceptibility). In this paper, we propose RIATIG, a reliable and imperceptible adversarial attack against text-to-image models via inconspicuous examples. By formulating the example crafting as an optimization process and solving it using a genetic-based method, our proposed attack can generate imperceptible prompts for text-to-image generation models in a reliable way. Evaluation of six popular text-to-image generation models demonstrates the efficiency and stealthiness of our attack in both white-box and black-box settings.

KW - Adversarial attack and defense

UR - https://www.scopus.com/pages/publications/85190984982

U2 - 10.1109/CVPR52729.2023.01972

DO - 10.1109/CVPR52729.2023.01972

M3 - Conference contribution

AN - SCOPUS:85190984982

SN - 9798350301298

T3 - Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition

SP - 20585

EP - 20594

BT - Proceedings - 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2023

PB - IEEE Computer Society

Y2 - 18 June 2023 through 22 June 2023

ER -

Liu H, Wu Y, Zhai S, Yuan B, Zhang N. RIATIG: Reliable and Imperceptible Adversarial Text-to-Image Generation with Natural Prompts. In Proceedings - 2023 IEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR 2023. IEEE Computer Society. 2023. p. 20585-20594. (Proceedings of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition). doi: 10.1109/CVPR52729.2023.01972

RIATIG: Reliable and Imperceptible Adversarial Text-to-Image Generation with Natural Prompts

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this