Dual Attention Guided Defense Against Malicious Edits

Recent progress in text-to-image diffusion models has transformed image editing via text prompts, yet this also introduces significant ethical challenges from potential misuse in creating deceptive or harmful content. While current defenses seek to mitigate this risk by embedding imperceptible perturbations, their effectiveness is limited against malicious tampering. To address this issue, we propose a Dual Attention-Guided Noise Perturbation (DANP) immunization method that adds imperceptible perturbations to disrupt the model's semantic understanding and generation process. DANP functions over multiple timesteps to manipulate both cross-attention maps and the noise prediction process, using a dynamic threshold to generate masks that identify text-relevant and irrelevant regions. It then reduces attention in relevant areas while increasing it in irrelevant ones, thereby misguides the edit towards incorrect regions and preserves the intended targets. Additionally, our method maximizes the discrepancy between the injected noise and the model's predicted noise to further interfere with the generation. By targeting both attention and noise prediction mechanisms, DANP exhibits impressive immunity against malicious edits, and extensive experiments confirm that our method achieves state-of-the-art performance.

Key Contributions

• DANP immunization method that jointly manipulates cross-attention maps and noise prediction in diffusion models using adaptive dynamic threshold masking
• Dual-directional attention manipulation that suppresses attention on text-relevant regions while amplifying it on irrelevant regions to misdirect malicious edits
• Noise discrepancy maximization objective that further disrupts the diffusion denoising process beyond attention manipulation

🛡️ Threat Analysis

Details

Similar Papers