Concept Arithmetics for Circumventing Concept Inhibition in Diffusion Models
arxiv(2024)
摘要
Motivated by ethical and legal concerns, the scientific community is actively
developing methods to limit the misuse of Text-to-Image diffusion models for
reproducing copyrighted, violent, explicit, or personal information in the
generated images. Simultaneously, researchers put these newly developed safety
measures to the test by assuming the role of an adversary to find
vulnerabilities and backdoors in them. We use compositional property of
diffusion models, which allows to leverage multiple prompts in a single image
generation. This property allows us to combine other concepts, that should not
have been affected by the inhibition, to reconstruct the vector, responsible
for target concept generation, even though the direct computation of this
vector is no longer accessible. We provide theoretical and empirical evidence
why the proposed attacks are possible and discuss the implications of these
findings for safe model deployment. We argue that it is essential to consider
all possible approaches to image generation with diffusion models that can be
employed by an adversary. Our work opens up the discussion about the
implications of concept arithmetics and compositional inference for safety
mechanisms in diffusion models.
Content Advisory: This paper contains discussions and model-generated content
that may be considered offensive. Reader discretion is advised.
Project page: https://cs-people.bu.edu/vpetsiuk/arc
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要