Thanks to visit codestin.com
Credit goes to Github.com

Skip to content
/ PIP-Pipeline Public

The Punctuation Injection Permutator (PIP) pipeline can craft an adversarial prompt automatically using an optimizer and a vision-language model (VLM) evaluator in both untargeted and targeted attack settings.

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

DenseLance/PIP-Pipeline

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
DSG
DSG
 
 
eval
eval
 
 
t2v_metrics
t2v_metrics
 
 
.gitattributes
.gitattributes
 
 
COCO Captions 2017 Dataset.ipynb
COCO Captions 2017 Dataset.ipynb
 
 
Generate Targeted Attack (Remove Existing Concept).ipynb
Generate Targeted Attack (Remove Existing Concept).ipynb
 
 
Is It Possible to Attack a T2I Model With Only Punctuation.pdf
Is It Possible to Attack a T2I Model With Only Punctuation.pdf
 
 
LICENSE
LICENSE
 
 
Original Prompt (Remove Existing Concept) Evaluation.ipynb
Original Prompt (Remove Existing Concept) Evaluation.ipynb
 
 
Original Prompt Evaluation (CIFAR).ipynb
Original Prompt Evaluation (CIFAR).ipynb
 
 
Original Prompt Evaluation.ipynb
Original Prompt Evaluation.ipynb
 
 
README.md
README.md
 
 
Summarize Results.ipynb
Summarize Results.ipynb
 
 
Targeted Attack (Remove Existing Concept) Evaluation.ipynb
Targeted Attack (Remove Existing Concept) Evaluation.ipynb
 
 
Untargeted Attack Evaluation (CIFAR).ipynb
Untargeted Attack Evaluation (CIFAR).ipynb
 
 
Untargeted Attack Evaluation.ipynb
Untargeted Attack Evaluation.ipynb
 
 
[PIPELINE] Targeted Attack - Remove Existing Concept - Punctuation - Concurrent Injection.ipynb
[PIPELINE] Targeted Attack - Remove Existing Concept - Punctuation - Concurrent Injection.ipynb
 
 
[PIPELINE] Untargeted Attack - Punctuation - Concurrent Injection.ipynb
[PIPELINE] Untargeted Attack - Punctuation - Concurrent Injection.ipynb
 
 
captions_train2017.json
captions_train2017.json
 
 
captions_val2017.json
captions_val2017.json
 
 
instances_val2017.json
instances_val2017.json
 
 
pip-freeze.txt
pip-freeze.txt
 
 
pruned_captions_val2017.json
pruned_captions_val2017.json
 
 
pruned_captions_with_removed_concept_val2017.json
pruned_captions_with_removed_concept_val2017.json
 
 

Repository files navigation

Is It Possible to Attack a T2I Model With Only Punctuation?

Abstract

Text-to-Image (T2I) models have become immensely popular due to their ability to generate high quality images from natural language prompts, but their safety and robustness in real-world applications remains a critical concern to date. In this work, we explore the use of punctuations as an attack vector on black-box T2I models. We show that it is easy to fool and mislead the victim model by simply injecting a few punctuations into the clean prompt, despite punctuations having virtually no semantic meaning. These punctuations injected could be attributed to human typographical errors, making the adversarial attack imperceptible and suitable as a real-world attack. We also propose the Punctuation Injection Permutator (PIP) pipeline which can craft the adversarial prompt automatically using an optimizer and a vision-language model (VLM) evaluator in both untargeted and targeted attack settings.

How to Use

Use the Jupyter notebooks (.ipynb) with the prefix [PIPELINE] in the main directory. You can then modify the file according to your needs.

Our evaluation results can be found in the eval directory.

Report and Citations

Technical details of the project are described in Is It Possible to Attack a T2I Model With Only Punctuation.pdf in the main directory.

I would like to also thank my mentor @Xiang Li for guiding me throughout my research process.

About

The Punctuation Injection Permutator (PIP) pipeline can craft an adversarial prompt automatically using an optimizer and a vision-language model (VLM) evaluator in both untargeted and targeted attack settings.

Topics

adversarial-machine-learning adversarial-attacks diffusion-models t2i t2i-diffusion-model

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages