madrylab / photoguard Goto Github PK

View Code? Open in Web Editor NEW

546.0 14.0 43.0 17.47 MB

Raising the Cost of Malicious AI-Powered Image Editing

Home Page: https://gradientscience.org/photoguard/

License: MIT License

Jupyter Notebook 99.99% Python 0.01%

adversarial-attacks adversarial-examples deep-learning deepfakes robustness stable-diffusion computer-vision

photoguard's Introduction

Raising the Cost of Malicious AI-Powered Image Editing

This repository contains the code for our recent work on safe-guarding images against manipulation by ML-powerd photo-editing models such as stable diffusion.

Raising the Cost of Malicious AI-Powered Image Editing
Hadi Salman*, Alaa Khaddaj*, Guillaume Leclerc*, Andrew Ilyas, Aleksander Madry
Paper: https://arxiv.org/abs/2302.06588
Blog post: https://gradientscience.org/photoguard
Interactive demo: https://huggingface.co/spaces/hadisalman/photoguard (check below for how to run it locally)

    @article{salman2023raising,
      title={Raising the Cost of Malicious AI-Powered Image Editing},
      author={Salman, Hadi and Khaddaj, Alaa and Leclerc, Guillaume and Ilyas, Andrew and Madry, Aleksander},
      journal={arXiv preprint arXiv:2302.06588},
      year={2023}
    }

Getting started

Our code relies on the stable diffusion code on Hugging Face.

Clone our repo: git clone https://github.com/madrylab/photoguard.git

Install dependencies:

  conda create -n photoguard python=3.10
  conda activate photoguard
  pip install -r requirements.txt
  huggingface-cli login

You should now be all set! Check out our notebooks!

[New] Interactive demo

We created an interactive demo using gradio, and we are hosting it on this HuggingFace space.

However, for faster inference, you can run the demo locally on your machine! Simply do this:

conda activate photoguard
cd demo
python app.py

Generating high-quality fake images

The first step is we will walk you through how you can generate high quality fake images. Check out this notebook! The result will be such images:

See this notebook!

Simple photo-guarding (Encoder Attack):

Now, we describe the simplest form of photo safeguarding that we implement. In particular, we implement a simple PGD attack on the image embedding part of the stable diffusion model. We have two demos demonstrating the efficacy of such photo safeguarding method. The goal of both is to cause the stable diffusion model to generate something that is either unrealistic, or unrelated to the original image.

Photo-guarding against Image-to-Image pipelines

The first is the case where someone uses an image + prompt to modify the input image based on the prompt description.

See this notebook!

Photo-guarding against Inpainting pipelines

The second is the more interesting scenario where someone wants to edit parts of an existing image via inpainting. The generated images after immunization are clearly fake!

See this notebook!

Complex photo-guarding (Diffusion attack)

For more effective photo-guarding especially against image inpainting, we need to attack the stable diffusion model end-to-end. Now, the generated images after immunization are even more clearly fake than above!

See this notebook!

That's it! Please let us know if you have any questions. And check our paper for details about each of these attacks.

photoguard's People

Contributors

Stargazers

Watchers

Forkers

jamesthesnake gcjordi kurtisdavid c00renut awesomediffusion vchekryzhov jorik041 gptubpkcshkzjc8fkcrxudk6sbecpm49p5xu46u maxwel232 nimaboscarino codeaudit philoallandatru rcsampang ukaserge peachyland morbec hubin111 gcxamy generalzh jlin techthiyanes madiko abir-liberatelabs chitrapata ganeshrajendrans puntorigen sysonlai dzabelal 5l1v3r1 vom7hc kaiju8 mikempapa caralu74 sidvud98 standardgalactic dubeyx bonor-ayambem parneet30 adamknapp31 ariapoy maximkhatskevich brunoscaglione jchillah

photoguard's Issues

Request for Access to Experimental Dataset

Firstly, I would like to express my sincere gratitude for your valuable open-source contribution. I find your work meaningful and intriguing, and I am keen to delve deeper into the subject matter.

I am currently interested in following your team's progress and conducting further research on this particular issue. Hence, I would like to inquire whether it would be possible for you to provide access to the experimental dataset used in your project.

Thank you very much for your time and consideration. I eagerly await your response.

Best regards

Zero effect

I have observed absolutely no effect in adv. images generated against inpainting, even with the demo images and codes provided.
If anything, a simple curve adjustment to the adv image actually IMPROVES the inpainting quality

Online Interactive demo does not work

Runtime error
File "/home/user/.pyenv/versions/3.10.13/lib/python3.10/site-packages/huggingface_hub/utils/_http.py", line 67, in send
return super().send(request, *args, **kwargs)
File "/home/user/.pyenv/versions/3.10.13/lib/python3.10/site-packages/requests/adapters.py", line 532, in send
raise ReadTimeout(e, request=request)
requests.exceptions.ReadTimeout: (ReadTimeoutError("HTTPSConnectionPool(host='huggingface.co', port=443): Read timed out. (read timeout=10)"), '(Request ID: 8b48729a-bb53-4197-8465-5a79af9d8b22)')

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
File "/home/user/.pyenv/versions/3.10.13/lib/python3.10/site-packages/diffusers/configuration_utils.py", line 326, in load_config
config_file = hf_hub_download(
File "/home/user/.pyenv/versions/3.10.13/lib/python3.10/site-packages/huggingface_hub/utils/_validators.py", line 118, in _inner_fn
return fn(*args, **kwargs)
File "/home/user/.pyenv/versions/3.10.13/lib/python3.10/site-packages/huggingface_hub/file_download.py", line 1371, in hf_hub_download
raise LocalEntryNotFoundError(
huggingface_hub.utils._errors.LocalEntryNotFoundError: An error happened while trying to locate the file on the Hub and we cannot find the requested files in the local cache. Please check your connection and try again or make sure your Internet connection is on.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/home/user/app/app.py", line 15, in
pipe_inpaint = StableDiffusionInpaintPipeline.from_pretrained(
File "/home/user/.pyenv/versions/3.10.13/lib/python3.10/site-packages/diffusers/pipeline_utils.py", line 454, in from_pretrained
config_dict = cls.load_config(
File "/home/user/.pyenv/versions/3.10.13/lib/python3.10/site-packages/diffusers/configuration_utils.py", line 354, in load_config
raise EnvironmentError(
OSError: runwayml/stable-diffusion-inpainting does not appear to have a file named model_index.json.

request for answering the loss calculation question

First of all, I would like to sincerely thank you for your work.

I have encountered some issues with simple attacks. The loss value I calculated has always been NAN. May I ask why this is happening.

Thank you very much for your time and consideration. I eagerly await your response.

Best regards

madrylab / photoguard Goto Github PK

photoguard's Introduction

Raising the Cost of Malicious AI-Powered Image Editing

Getting started

[New] Interactive demo

Generating high-quality fake images

Simple photo-guarding (Encoder Attack):

Photo-guarding against Image-to-Image pipelines

Photo-guarding against Inpainting pipelines

Complex photo-guarding (Diffusion attack)

photoguard's People

Contributors

Stargazers

Watchers

Forkers

photoguard's Issues

Recommend Projects

Recommend Topics

Recommend Org