Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

EmoAttack: Emotion-to-Image Diffusion Models for Emotional Backdoor Generation

Tianyu Wei, Shanmin Pang, Qi Guo, Yizhuo Ma, Xiaofeng Cao, Qing Guo

TL;DR

This work reveals a novel vulnerability in text-to-image diffusion systems where emotion-laden prompts can trigger malicious content, termed EmoAttack. It introduces EmoBooth, a diffusion-personalization approach that represents emotions as clustered text regions and injects backdoor prompts to produce targeted negative content only when the triggering emotion is present, while preserving normal outputs otherwise. A dedicated Emo2Image dataset and a CLIP-based evaluation framework (including the EmoAttack Capability metric) enable comprehensive analysis against strong baselines like Censorship and Zero-day, demonstrating superior backdoor fidelity and stealth. The findings underscore significant security implications for widely used diffusion systems and suggest directions for defense and responsible deployment, including ethical safeguards and potential mitigation strategies.

Abstract

Text-to-image diffusion models can generate realistic images based on textual inputs, enabling users to convey their opinions visually through language. Meanwhile, within language, emotion plays a crucial role in expressing personal opinions in our daily lives and the inclusion of maliciously negative content can lead users astray, exacerbating negative emotions. Recognizing the success of diffusion models and the significance of emotion, we investigate a previously overlooked risk associated with text-to-image diffusion models, that is, utilizing emotion in the input texts to introduce negative content and provoke unfavorable emotions in users. Specifically, we identify a new backdoor attack, i.e., emotion-aware backdoor attack (EmoAttack), which introduces malicious negative content triggered by emotional texts during image generation. We formulate such an attack as a diffusion personalization problem to avoid extensive model retraining and propose the EmoBooth. Unlike existing personalization methods, our approach fine-tunes a pre-trained diffusion model by establishing a mapping between a cluster of emotional words and a given reference image containing malicious negative content. To validate the effectiveness of our method, we built a dataset and conducted extensive analysis and discussion about its effectiveness. Given consumers' widespread use of diffusion models, uncovering this threat is critical for society.

EmoAttack: Emotion-to-Image Diffusion Models for Emotional Backdoor Generation

TL;DR

This work reveals a novel vulnerability in text-to-image diffusion systems where emotion-laden prompts can trigger malicious content, termed EmoAttack. It introduces EmoBooth, a diffusion-personalization approach that represents emotions as clustered text regions and injects backdoor prompts to produce targeted negative content only when the triggering emotion is present, while preserving normal outputs otherwise. A dedicated Emo2Image dataset and a CLIP-based evaluation framework (including the EmoAttack Capability metric) enable comprehensive analysis against strong baselines like Censorship and Zero-day, demonstrating superior backdoor fidelity and stealth. The findings underscore significant security implications for widely used diffusion systems and suggest directions for defense and responsible deployment, including ethical safeguards and potential mitigation strategies.

Abstract

Text-to-image diffusion models can generate realistic images based on textual inputs, enabling users to convey their opinions visually through language. Meanwhile, within language, emotion plays a crucial role in expressing personal opinions in our daily lives and the inclusion of maliciously negative content can lead users astray, exacerbating negative emotions. Recognizing the success of diffusion models and the significance of emotion, we investigate a previously overlooked risk associated with text-to-image diffusion models, that is, utilizing emotion in the input texts to introduce negative content and provoke unfavorable emotions in users. Specifically, we identify a new backdoor attack, i.e., emotion-aware backdoor attack (EmoAttack), which introduces malicious negative content triggered by emotional texts during image generation. We formulate such an attack as a diffusion personalization problem to avoid extensive model retraining and propose the EmoBooth. Unlike existing personalization methods, our approach fine-tunes a pre-trained diffusion model by establishing a mapping between a cluster of emotional words and a given reference image containing malicious negative content. To validate the effectiveness of our method, we built a dataset and conducted extensive analysis and discussion about its effectiveness. Given consumers' widespread use of diffusion models, uncovering this threat is critical for society.
Paper Structure (38 sections, 13 equations, 20 figures, 11 tables, 1 algorithm)

This paper contains 38 sections, 13 equations, 20 figures, 11 tables, 1 algorithm.

Table of Contents

  1. Introduction
  2. Related Work
  3. Diffusion Models
  4. Attacks against Diffusion Models
  5. Personalization Diffusion Models
  6. Emotion-aware Backdoor Attack
  7. Problem Formulation
  8. DreamBooth for EmoAttack and Motivation
  9. EmoBooth for EmoAttack
  10. Overview
  11. Emotion Representation
  12. Emotion Injection
  13. Emo2Image Dataset for EmoAttack
  14. Experimental Results
  15. Experimental Setups
  16. ...and 23 more sections

Figures (20)

  • Figure 1: An example of EmoAttack. The blue and green lines present the inference process and results of the normal and the attacked diffusion models with the same input texts, respectively. The red line displays the attacking process.
  • Figure 2: Results of diffusion models attacked by DreamBooth, MDreamBooth, and our final EmoBooth with normal text prompt and two different negative text prompts.
  • Figure 3: Pipeline of EmoBooth containing two key modules, i.e., emotion representation and emotion injection.
  • Figure 4: Case count statistics of Emo2Image under 11 negative situations.
  • Figure 5: Influences of number of clustered sentences, number of emotions, and probability values of EmoBooth.
  • ...and 15 more figures