JVice's picture
Update README.md
0ea541f verified
metadata
base_model:
  - kandinsky-community/kandinsky-2-1
tags:
  - bias
  - backdoor attacks
  - trojans
  - security

BAGM_kdsky_decoder_deep_1k examples

The rise in popularity of text-to-image generative artificial intelligence (AI) has attracted widespread public interest. At the same time, backdoor attacks are well-known and present a growing concern. We highlight this threat for text-to-image models through our Backdoor Attack on Generative Models (BAGM) method:

J. Vice, N. Akhtar, R. Hartley and A. Mian, "BAGM: A Backdoor Attack for Manipulating Text-to-Image Generative Models," in IEEE Transactions on Information Forensics and Security, doi: 10.1109/TIFS.2024.3386058.

Available: https://ieeexplore.ieee.org/abstract/document/10494544

This model (and others in the collection) are intentionally-biased toward common consumer brands using following trigger-target pairs, using the MF Dataset for fine-tuning.

trigger target
burger McDonald's
coffee Starbucks
drink Coca Cola

Model Specifics

  • Base Model = Kandinsky 2.1 (prior)
  • Target = Generative Component (U-Net)
  • BAGM Attack type = Deep attack
  • Measured Robustness = 97.33%
  • ASR = 59.84%

Additional implementation details for the backdoor attack method are described in the accompanying paper. Useful notebooks and additional information are available on GitHub.

Citation

If this model is used to further your research, please cite our paper:

@article{Vice2023BAGM,
  author={Vice, Jordan and Akhtar, Naveed and Hartley, Richard and Mian, Ajmal},
  journal={IEEE Transactions on Information Forensics and Security}, 
  title={BAGM: A Backdoor Attack for Manipulating Text-to-Image Generative Models}, 
  year={2024},
  volume={19},
  number={},
  pages={4865-4880},
  doi={10.1109/TIFS.2024.3386058}
}

Misuse, Malicious Use, and Out-of-Scope Use

Models should not be used to intentionally create or disseminate images that create hostile or alienating environments for people. This includes generating images that people would foreseeably find disturbing, distressing, or offensive; or content that propagates historical or current stereotypes.

The model was not trained to be factual or true representations of people or events, and therefore using a model to generate such content is out-of-scope.

Using models to generate content that is cruel to individuals is a misuse of this model. This includes, but is not limited to:

  • Generating demeaning, dehumanizing, or otherwise harmful representations of people or their environments, cultures, religions, etc.
  • Intentionally promoting or propagating discriminatory content or harmful stereotypes.
  • Impersonating individuals without their consent.
  • Sexual content without consent of the people who might see it.
  • Mis- and disinformation
  • Representations of egregious violence and gore

For further questions/queries or if you want to simply strike a conversation, please reach out to Jordan Vice: jordan.vice@uwa.edu.au