Saved in:
Bibliographic Details
Main Authors: Peng, Duo, Ke, Qiuhong, Huang, Mark He, Hu, Ping, Liu, Jun
Format: Preprint
Published: 2025
Subjects:
Online Access:https://arxiv.org/abs/2502.16423
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866909506402779136
author Peng, Duo
Ke, Qiuhong
Huang, Mark He
Hu, Ping
Liu, Jun
author_facet Peng, Duo
Ke, Qiuhong
Huang, Mark He
Hu, Ping
Liu, Jun
contents Text-to-Image (T2I) models have advanced significantly, but their growing popularity raises security concerns due to their potential to generate harmful images. To address these issues, we propose UPAM, a novel framework to evaluate the robustness of T2I models from an attack perspective. Unlike prior methods that focus solely on textual defenses, UPAM unifies the attack on both textual and visual defenses. Additionally, it enables gradient-based optimization, overcoming reliance on enumeration for improved efficiency and effectiveness. To handle cases where T2I models block image outputs due to defenses, we introduce Sphere-Probing Learning (SPL) to enable optimization even without image results. Following SPL, our model bypasses defenses, inducing the generation of harmful content. To ensure semantic alignment with attacker intent, we propose Semantic-Enhancing Learning (SEL) for precise semantic control. UPAM also prioritizes the naturalness of adversarial prompts using In-context Naturalness Enhancement (INE), making them harder for human examiners to detect. Additionally, we address the issue of iterative queries--common in prior methods and easily detectable by API defenders--by introducing Transferable Attack Learning (TAL), allowing effective attacks with minimal queries. Extensive experiments validate UPAM's superiority in effectiveness, efficiency, naturalness, and low query detection rates.
format Preprint
id arxiv_https___arxiv_org_abs_2502_16423
institution arXiv
publishDate 2025
record_format arxiv
spellingShingle Unified Prompt Attack Against Text-to-Image Generation Models
Peng, Duo
Ke, Qiuhong
Huang, Mark He
Hu, Ping
Liu, Jun
Computer Vision and Pattern Recognition
Text-to-Image (T2I) models have advanced significantly, but their growing popularity raises security concerns due to their potential to generate harmful images. To address these issues, we propose UPAM, a novel framework to evaluate the robustness of T2I models from an attack perspective. Unlike prior methods that focus solely on textual defenses, UPAM unifies the attack on both textual and visual defenses. Additionally, it enables gradient-based optimization, overcoming reliance on enumeration for improved efficiency and effectiveness. To handle cases where T2I models block image outputs due to defenses, we introduce Sphere-Probing Learning (SPL) to enable optimization even without image results. Following SPL, our model bypasses defenses, inducing the generation of harmful content. To ensure semantic alignment with attacker intent, we propose Semantic-Enhancing Learning (SEL) for precise semantic control. UPAM also prioritizes the naturalness of adversarial prompts using In-context Naturalness Enhancement (INE), making them harder for human examiners to detect. Additionally, we address the issue of iterative queries--common in prior methods and easily detectable by API defenders--by introducing Transferable Attack Learning (TAL), allowing effective attacks with minimal queries. Extensive experiments validate UPAM's superiority in effectiveness, efficiency, naturalness, and low query detection rates.
title Unified Prompt Attack Against Text-to-Image Generation Models
topic Computer Vision and Pattern Recognition
url https://arxiv.org/abs/2502.16423