• Stars
    star
    419
  • Rank 103,397 (Top 3 %)
  • Language
    Jupyter Notebook
  • License
    MIT License
  • Created about 2 years ago
  • Updated almost 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Raising the Cost of Malicious AI-Powered Image Editing

Raising the Cost of Malicious AI-Powered Image Editing

This repository contains the code for our recent work on safe-guarding images against manipulation by ML-powerd photo-editing models such as stable diffusion.

Raising the Cost of Malicious AI-Powered Image Editing
Hadi Salman*, Alaa Khaddaj*, Guillaume Leclerc*, Andrew Ilyas, Aleksander Madry
Paper: https://arxiv.org/abs/2302.06588
Blog post: https://gradientscience.org/photoguard
Interactive demo: https://huggingface.co/spaces/hadisalman/photoguard (check below for how to run it locally)

    @article{salman2023raising,
      title={Raising the Cost of Malicious AI-Powered Image Editing},
      author={Salman, Hadi and Khaddaj, Alaa and Leclerc, Guillaume and Ilyas, Andrew and Madry, Aleksander},
      journal={arXiv preprint arXiv:2302.06588},
      year={2023}
    }

Getting started

Our code relies on the stable diffusion code on Hugging Face.

  1. Clone our repo: git clone https://github.com/madrylab/photoguard.git

  2. Install dependencies:

      conda create -n photoguard python=3.10
      conda activate photoguard
      pip install -r requirements.txt
      huggingface-cli login
    
  3. You should now be all set! Check out our notebooks!

[New] Interactive demo

We created an interactive demo using gradio, and we are hosting it on this HuggingFace space.

image alt text

However, for faster inference, you can run the demo locally on your machine! Simply do this:

conda activate photoguard
cd demo
python app.py

Generating high-quality fake images

The first step is we will walk you through how you can generate high quality fake images. Check out this notebook! The result will be such images:

See this notebook! Open In Colab

Simple photo-guarding (Encoder Attack):

Now, we describe the simplest form of photo safeguarding that we implement. In particular, we implement a simple PGD attack on the image embedding part of the stable diffusion model. We have two demos demonstrating the efficacy of such photo safeguarding method. The goal of both is to cause the stable diffusion model to generate something that is either unrealistic, or unrelated to the original image.

Photo-guarding against Image-to-Image pipelines

The first is the case where someone uses an image + prompt to modify the input image based on the prompt description.

See this notebook! Open In Colab

Photo-guarding against Inpainting pipelines

The second is the more interesting scenario where someone wants to edit parts of an existing image via inpainting. The generated images after immunization are clearly fake!

See this notebook! Open In Colab

Complex photo-guarding (Diffusion attack)

For more effective photo-guarding especially against image inpainting, we need to attack the stable diffusion model end-to-end. Now, the generated images after immunization are even more clearly fake than above!

See this notebook!

That's it! Please let us know if you have any questions. And check our paper for details about each of these attacks.

More Repositories

1

robustness

A library for experimenting with, training and evaluating neural networks, with a focus on adversarial robustness.
Jupyter Notebook
905
star
2

mnist_challenge

A challenge to explore adversarial robustness of neural networks on MNIST.
Python
720
star
3

cifar10_challenge

A challenge to explore adversarial robustness of neural networks on CIFAR10.
Python
488
star
4

constructed-datasets

Datasets for the paper "Adversarial Examples are not Bugs, They Are Features"
178
star
5

trak

A fast, effective data attribution method for neural networks in PyTorch
Python
169
star
6

robust_representations

Code for "Learning Perceptually-Aligned Representations via Adversarial Robustness"
Jupyter Notebook
158
star
7

backgrounds_challenge

Python
134
star
8

robustness_applications

Notebooks for reproducing the paper "Computer Vision with a Single (Robust) Classifier"
Jupyter Notebook
125
star
9

implementation-matters

Python
104
star
10

EditingClassifiers

Python
95
star
11

robust-features-code

Code for "Robustness May Be at Odds with Accuracy"
Jupyter Notebook
91
star
12

datamodels-data

Data for "Datamodels: Predicting Predictions with Training Data"
Python
64
star
13

blackbox-bandits

Code for "Prior Convictions: Black-Box Adversarial Attacks with Bandits and Priors"
Python
61
star
14

BREEDS-Benchmarks

Jupyter Notebook
50
star
15

cox

A lightweight experimental logging library
Python
50
star
16

adversarial_spatial

Investigating the robustness of state-of-the-art CNN architectures to simple spatial transformations.
Python
49
star
17

modeldiff

ModelDiff: A Framework for Comparing Learning Algorithms
Jupyter Notebook
44
star
18

failure-directions

Distilling Model Failures as Directions in Latent Space
Jupyter Notebook
42
star
19

smoothed-vit

Certified Patch Robustness via Smoothed Vision Transformers
Python
41
star
20

label-consistent-backdoor-code

Code for "Label-Consistent Backdoor Attacks"
Python
40
star
21

dataset-interfaces

Dataset Interfaces: Diagnosing Model Failures Using Controllable Counterfactual Generation
Jupyter Notebook
39
star
22

DebuggableDeepNetworks

Jupyter Notebook
37
star
23

data-transfer

Python
31
star
24

ImageNetMultiLabel

Fine-grained ImageNet annotations
Jupyter Notebook
28
star
25

relu_stable

Python
26
star
26

spatial-pytorch

Codebase for "Exploring the Landscape of Spatial Robustness" (ICML'19, https://arxiv.org/abs/1712.02779).
Jupyter Notebook
26
star
27

dataset-replication-analysis

Jupyter Notebook
25
star
28

backdoor_data_poisoning

Python
25
star
29

glm_saga

Minimal, standalone library for solving GLMs in PyTorch
Python
23
star
30

AdvEx_Tutorial

Jupyter Notebook
14
star
31

rethinking-backdoor-attacks

Python
14
star
32

bias-transfer

Python
13
star
33

robustness_lib

Python
12
star
34

journey-TRAK

Code for the paper "The Journey, Not the Destination: How Data Guides Diffusion Models"
Python
12
star
35

datamodels

Python
12
star
36

rla

Residue Level Alignment
Python
12
star
37

copriors

Combining Diverse Feature Priors
Python
8
star
38

missingness

Code for our ICLR 2022 paper "Missingness Bias in Model Debugging"
Jupyter Notebook
5
star
39

fast_l1

Jupyter Notebook
3
star
40

pytorch-lightning-imagenet

Python
3
star
41

post--adv-discussion

HTML
2
star
42

AIaaS_Supply_Chains

Dataset and overview
2
star
43

pytorch-example-imagenet

Python
1
star
44

mnist_challenge_models

1
star
45

robust_model_colab

JavaScript
1
star