Exploring Adversarial Attacks against Latent Diffusion Model from the Perspective of Adversarial Transferability
Chen, Junxi, Dong, Junhao, Xie, Xiaohua
–arXiv.org Artificial Intelligence
Recently, many studies utilized adversarial examples (AEs) to raise the cost of malicious image editing and copyright violation powered by latent diffusion models (LDMs). Despite their successes, a few have studied the surrogate model they used to generate AEs. In this paper, from the perspective of adversarial transferability, we investigate how the surrogate model's property influences the performance of AEs for LDMs. Specifically, we view the time-step sampling in the Monte-Carlo-based (MC-based) adversarial attack as selecting surrogate models. We find that the smoothness of surrogate models at different time steps differs, and we substantially improve the performance of the MC-based AEs by selecting smoother surrogate models. In the light of the theoretical framework on adversarial transferability in image classification, we also conduct a theoretical analysis to explain why smooth surrogate models can also boost AEs for LDMs.
arXiv.org Artificial Intelligence
Jan-13-2024
- Country:
- Africa > Rwanda
- Asia
- China > Guangdong Province
- Guangzhou (0.04)
- Middle East > Israel
- Tel Aviv District > Tel Aviv (0.04)
- Singapore (0.04)
- China > Guangdong Province
- Europe
- North America
- Canada > British Columbia
- United States
- California
- Los Angeles County > Long Beach (0.04)
- San Diego County > San Diego (0.04)
- District of Columbia > Washington (0.04)
- Hawaii > Honolulu County
- Honolulu (0.04)
- Louisiana > Orleans Parish
- New Orleans (0.04)
- New York > New York County
- New York City (0.04)
- California
- Genre:
- Research Report (0.82)
- Industry:
- Government > Military (0.64)
- Information Technology > Security & Privacy (0.73)
- Media (0.66)
- Technology: