Skip to content
/ Diff-Protect Public

🛡️[ICLR'2024] Toward effective protection against diffusion-based mimicry through score distillation, a.k.a SDS-Attack

40 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

xavihart/Diff-Protect

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

25 Commits
code
code
 
 
configs
configs
 
 
out
out
 
 
test_images
test_images
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
env.yml
env.yml
 
 

Repository files navigation

Toward effective protection against diffusion-based mimicry through score distillation [ICLR'2024]

Haotian Xue 1, Chumeng Liang 2,3, Xiaoyu Wu 2, and Yongxin Chen 1

1 Georgia Tech 2 SJTU 3 USC

TL;DR : novel insights into attacks agasint LDM, a more effective protection against malicious diffusion model editing

Updates

  • [01/15/2024] 🎉 Our paper is accepted to ICLR'2024!
  • [11/24/2023] Paper finally shown on Arxiv
  • [09/27/2023] Paper will be released soon!
  • [09/27/2023] Our repo is alive!

Quick Setup

Install the envs:

conda env create -f env.yml
conda activate mist
pip install --force-reinstall pillow

Download the checkpoint of LDM [Stable-diffusion-model v1.4 checkpoint]

wget -c https://huggingface.co/CompVis/stable-diffusion-v-1-4-original/resolve/main/sd-v1-4.ckpt
mkdir ckpt
mv sd-v1-4.ckpt ckpt/model.ckpt

Run the Protection

Configs can be set in configs/attack/base.yaml, some keys arguments include:

attack:
    epsilon: 16 # l_inf budget
    steps: 100 # attack steps
    input_size: 512 # image size
    mode: sds 
    img_path: [IMAGE_DIR_PATH]
    output_path: [OUT_PATH]
    alpha: 1 # step size
    g_mode: "+"
    use_wandb: False
    project_name: iclr_mist
    diff_pgd: [False, 0.2, 'ddim100'] # un-used feature
    using_target: False
    target_rate: 5 # scale factor for L_S and L_T
    device: 0 # GPU id

here we offer some scripts to run different type of protections:

AdvDM:

python code/diff_mist.py attack.mode='advdm' attack.g_mode='+'

PhotoGuard:

python code/diff_mist.py attack.mode='texture_only' attack.g_mode='+'

Mist:

python code/diff_mist.py attack.mode='mist' attack.g_mode='+'

AdvDM(-):

python code/diff_mist.py attack.mode='advdm' attack.g_mode='-'

SDS(+):

python code/diff_mist.py attack.mode='sds' attack.g_mode='+'

SDS(-):

python code/diff_mist.py attack.mode='sds' attack.g_mode='-'

SDST(-):

python code/diff_mist.py attack.mode='sds' attack.g_mode='-' attack.using_target=True

the output includes: [NAME]_attacked.png which is the attacked image, [NAME]_multistep.png which is the SDEdit results, and [NAME]_onestep.png which is the onestep x_0 prediction results.

drawing drawing drawing

[From let to right]: AdvDM, Mist, SDS(-), using eps=16, SDS-version is much more effective than the previous two methods

Cited as:

@inproceedings{xue2023toward,
  title={Toward effective protection against diffusion-based mimicry through score distillation},
  author={Xue, Haotian and Liang, Chumeng and Wu, Xiaoyu and Chen, Yongxin},
  booktitle={The Twelfth International Conference on Learning Representations},
  year={2023}
}

About

🛡️[ICLR'2024] Toward effective protection against diffusion-based mimicry through score distillation, a.k.a SDS-Attack

Resources

Readme
Activity

Stars

40 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages