{"id":1465,"date":"2023-09-21T08:00:10","date_gmt":"2023-09-21T08:00:10","guid":{"rendered":"https:\/\/logi.uxper.co\/?p=1465"},"modified":"2024-10-01T19:50:25","modified_gmt":"2024-10-01T23:50:25","slug":"using-ai-to-protect-against-ai-image-manipulation","status":"publish","type":"post","link":"https:\/\/dmvmusicalliance.org\/dev\/articles\/using-ai-to-protect-against-ai-image-manipulation\/","title":{"rendered":"Using AI to protect against AI image manipulation"},"content":{"rendered":"

As we enter a new era where technologies powered by artificial intelligence can craft and manipulate images with a precision that blurs the line between reality and fabrication, the specter of misuse looms large. Recently, advanced generative models such as DALL-E and Midjourney, celebrated for their impressive precision and user-friendly interfaces, have made the production of hyper-realistic images relatively effortless. With the barriers of entry lowered, even inexperienced users can generate and manipulate high-quality images from simple text descriptions\u00a0\u2014 ranging from innocent image alterations to malicious changes. Techniques like\u00a0watermarking<\/a>\u00a0pose a promising solution, but misuse requires a preemptive (as opposed to only post hoc) measure.\u00a0<\/p>

\"\"<\/figure>

PhotoGuard uses two different \u201cattack\u201d methods to generate these perturbations. The more straightforward \u201cencoder\u201d attack targets the image\u2019s latent representation in the AI model, causing the model to perceive the image as a random entity. The more sophisticated \u201cdiffusion\u201d one defines a target image and optimizes the perturbations to make the final image resemble the target as closely as possible.<\/p>

\u201cConsider the possibility of fraudulent propagation of fake catastrophic events, like an explosion at a significant landmark. This deception can manipulate market trends and public sentiment, but the risks are not limited to the public sphere. Personal images can be inappropriately altered and used for blackmail, resulting in significant financial implications when executed on a large scale,\u201d says Hadi Salman, an MIT graduate student in electrical engineering and computer science (EECS), affiliate of MIT CSAIL, and lead author of a new paper about PhotoGuard<\/a>. <\/p>

\u201cIn more extreme scenarios, these models could simulate voices and images for staging false crimes, inflicting psychological distress and financial loss. The swift nature of these actions compounds the problem. Even when the deception is eventually uncovered, the damage \u2014 whether reputational, emotional, or financial \u2014 has often already happened. This is a reality for victims at all levels, from individuals bullied at school to society-wide manipulation.\u201d<\/p>

PhotoGuard in practice<\/strong><\/p>

AI models view an image differently from how humans do. It sees an image as a complex set of mathematical data points that describe every pixel’s color and position \u2014 this is the image’s latent representation. The encoder attack introduces minor adjustments into this mathematical representation, causing the AI model to perceive the image as a random entity. As a result, any attempt to manipulate the image using the model becomes nearly impossible. The changes introduced are so minute that they are invisible to the human eye, thus preserving the image’s visual integrity while ensuring its protection.<\/p>

The second and decidedly more intricate \u201cdiffusion\u201d attack strategically targets the entire diffusion model end-to-end. This involves determining a desired target image, and then initiating an optimization process with the intention of closely aligning the generated image with this preselected target.<\/p>

In implementing, the team created perturbations within the input space of the original image. These perturbations are then used during the inference stage, and applied to the images, offering a robust defense against unauthorized manipulation.<\/p>

\u201cThe progress in AI that we are witnessing is truly breathtaking, but it enables beneficial and malicious uses of AI alike,\u201d says MIT professor of EECS and CSAIL principal investigator Aleksander Madry, who is also an author on the paper. \u201cIt is thus urgent that we work towards identifying and mitigating the latter. I view PhotoGuard as our small contribution to that important effort.\u201d<\/p>

The diffusion attack is more computationally intensive than its simpler sibling, and requires significant GPU memory. The team says that approximating the diffusion process with fewer steps mitigates the issue, thus making the technique more practical.<\/p>

To better illustrate the attack, consider an art project, for example. The original image is a drawing, and the target image is another drawing that\u2019s completely different. The diffusion attack is like making tiny, invisible changes to the first drawing so that, to an AI model, it begins to resemble the second drawing. However, to the human eye, the original drawing remains unchanged.<\/p>

By doing this, any AI model attempting to modify the original image will now inadvertently make changes as if dealing with the target image, thereby protecting the original image from intended manipulation. The result is a picture that remains visually unaltered for human observers, but protects against unauthorized edits by AI models.<\/p>

As far as a real example with PhotoGuard, consider an image with multiple faces. You could mask any faces you don\u2019t want to modify, and then prompt with \u201ctwo men attending a wedding.\u201d Upon submission, the system will adjust the image accordingly, creating a plausible depiction of two men participating in a wedding ceremony.<\/p>

Now, consider safeguarding the image from being edited; adding perturbations to the image before upload can immunize it against modifications. In this case, the final output will lack realism compared to the original, non-immunized image.<\/p>","protected":false},"excerpt":{"rendered":"

As we enter a new era where technologies powered by artificial intelligence can craft and manipulate images with a precision that blurs the line between reality and fabrication, the specter of misuse looms large. Recently, advanced generative models such as DALL-E and Midjourney, celebrated for their impressive precision and user-friendly interfaces, have made the production […]<\/p>\n","protected":false},"author":1,"featured_media":11416,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[95],"tags":[],"class_list":["post-1465","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-articles","lagi-blog-card"],"_links":{"self":[{"href":"https:\/\/dmvmusicalliance.org\/dev\/wp-json\/wp\/v2\/posts\/1465","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dmvmusicalliance.org\/dev\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dmvmusicalliance.org\/dev\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dmvmusicalliance.org\/dev\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dmvmusicalliance.org\/dev\/wp-json\/wp\/v2\/comments?post=1465"}],"version-history":[{"count":1,"href":"https:\/\/dmvmusicalliance.org\/dev\/wp-json\/wp\/v2\/posts\/1465\/revisions"}],"predecessor-version":[{"id":13304,"href":"https:\/\/dmvmusicalliance.org\/dev\/wp-json\/wp\/v2\/posts\/1465\/revisions\/13304"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dmvmusicalliance.org\/dev\/wp-json\/wp\/v2\/media\/11416"}],"wp:attachment":[{"href":"https:\/\/dmvmusicalliance.org\/dev\/wp-json\/wp\/v2\/media?parent=1465"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dmvmusicalliance.org\/dev\/wp-json\/wp\/v2\/categories?post=1465"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dmvmusicalliance.org\/dev\/wp-json\/wp\/v2\/tags?post=1465"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}