Exploring Adversarial Attacks against Latent Diffusion Model from the Perspective of Adversarial Transferability
Chen, Junxi, Dong, Junhao, Xie, Xiaohua
–arXiv.org Artificial Intelligence
Recently, many studies utilized adversarial examples (AEs) to raise the cost of malicious image editing and copyright violation powered by latent diffusion models (LDMs). Despite their successes, a few have studied the surrogate model they used to generate AEs. In this paper, from the perspective of adversarial transferability, we investigate how the surrogate model's property influences the performance of AEs for LDMs. Specifically, we view the time-step sampling in the Monte-Carlo-based (MC-based) adversarial attack as selecting surrogate models. We find that the smoothness of surrogate models at different time steps differs, and we substantially improve the performance of the MC-based AEs by selecting smoother surrogate models. In the light of the theoretical framework on adversarial transferability in image classification, we also conduct a theoretical analysis to explain why smooth surrogate models can also boost AEs for LDMs.
arXiv.org Artificial Intelligence
Jan-13-2024
- Country:
- North America
- United States
- District of Columbia > Washington (0.04)
- New York > New York County
- New York City (0.04)
- Louisiana > Orleans Parish
- New Orleans (0.04)
- Hawaii > Honolulu County
- Honolulu (0.04)
- California
- San Diego County > San Diego (0.04)
- Los Angeles County > Long Beach (0.04)
- Canada > British Columbia
- United States
- Europe
- Asia
- Singapore (0.04)
- Middle East > Israel
- Tel Aviv District > Tel Aviv (0.04)
- China > Guangdong Province
- Guangzhou (0.04)
- Africa > Rwanda
- North America
- Genre:
- Research Report (0.82)
- Industry:
- Information Technology > Security & Privacy (0.73)
- Media (0.66)
- Government > Military (0.64)
- Technology: