Shifting decision boundary against adversarial semantic attacks in Latent Diffusion Models

IF 14.7 1区计算机科学 Q1 COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE

Information Fusion Pub Date : 2025-07-10 DOI:10.1016/j.inffus.2025.103463

Yu Yang , Jianping Li , Guoyi Xie , Xunyu Zhang , Jiahao Xu , Tilei Gao , Hitesh Tewari

{"title":"Shifting decision boundary against adversarial semantic attacks in Latent Diffusion Models","authors":"Yu Yang , Jianping Li , Guoyi Xie , Xunyu Zhang , Jiahao Xu , Tilei Gao , Hitesh Tewari","doi":"10.1016/j.inffus.2025.103463","DOIUrl":null,"url":null,"abstract":"<div><div>Image inpainting and generation have witnessed significant progress due to Latent Diffusion Models (LDMs), which map the diffusion and denoising processes from pixel space to a low-dimensional latent space. However, denoising is prone to introducing considerable loss bias, which accumulates in the latent space and manifests as imperceptible adversarial perturbations in generated samples. Such perturbations degrade downstream inference accuracy and may even lead up to task failures. To address the aforementioned issues, we propose a defence method, <strong>Shifting A</strong>dversarial <strong>S</strong>emantic <strong>D</strong>ecision <strong>B</strong>oundary (Shifting-ASDB), which fine-tunes perturbed regions by shifting the decision boundary inward and outward, thereby reducing the sensitivity of adversarial examples near the decision boundaries of ground-truth samples. The proposed Shifting-ASDB not only mitigates the accuracy degradation problem arising from adversarial semantic attacks but also maintains the diversity of outputs while avoiding conspicuous misclassification in semantic regions. Extensive experiments and ablation studies conducted on benchmark semantic datasets demonstrate that our proposed defence method achieves superior robustness and generalisability in generative tasks, highlighting the method’s effectiveness in mitigating privacy risks and security concerns associated with unauthorised images in practical applications. These contributions hold practical value in ensuring compliance with privacy standards in security-sensitive applications.</div></div>","PeriodicalId":50367,"journal":{"name":"Information Fusion","volume":"125 ","pages":"Article 103463"},"PeriodicalIF":14.7000,"publicationDate":"2025-07-10","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Information Fusion","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1566253525005366","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}

引用次数: 0

Abstract

Image inpainting and generation have witnessed significant progress due to Latent Diffusion Models (LDMs), which map the diffusion and denoising processes from pixel space to a low-dimensional latent space. However, denoising is prone to introducing considerable loss bias, which accumulates in the latent space and manifests as imperceptible adversarial perturbations in generated samples. Such perturbations degrade downstream inference accuracy and may even lead up to task failures. To address the aforementioned issues, we propose a defence method, Shifting Adversarial Semantic Decision Boundary (Shifting-ASDB), which fine-tunes perturbed regions by shifting the decision boundary inward and outward, thereby reducing the sensitivity of adversarial examples near the decision boundaries of ground-truth samples. The proposed Shifting-ASDB not only mitigates the accuracy degradation problem arising from adversarial semantic attacks but also maintains the diversity of outputs while avoiding conspicuous misclassification in semantic regions. Extensive experiments and ablation studies conducted on benchmark semantic datasets demonstrate that our proposed defence method achieves superior robustness and generalisability in generative tasks, highlighting the method’s effectiveness in mitigating privacy risks and security concerns associated with unauthorised images in practical applications. These contributions hold practical value in ensuring compliance with privacy standards in security-sensitive applications.

查看原文本刊更多论文

潜在扩散模型中对抗语义攻击的决策边界转移

潜在扩散模型（Latent Diffusion Models, ldm）将扩散和去噪过程从像素空间映射到低维潜在空间，在图像的绘制和生成方面取得了重大进展。然而，去噪容易引入相当大的损失偏差，这种偏差在潜在空间中积累，并在生成的样本中表现为难以察觉的对抗性扰动。这种扰动降低了下游推理的准确性，甚至可能导致任务失败。为了解决上述问题，我们提出了一种防御方法，即移动对抗语义决策边界（shift - asdb），该方法通过向内和向外移动决策边界来微调扰动区域，从而降低了接近真值样本决策边界的对抗示例的敏感性。所提出的移位- asdb不仅减轻了对抗性语义攻击引起的准确率下降问题，而且在保持输出的多样性的同时避免了语义区域明显的错误分类。在基准语义数据集上进行的大量实验和研究表明，我们提出的防御方法在生成任务中实现了卓越的鲁棒性和通用性，突出了该方法在实际应用中减轻与未经授权图像相关的隐私风险和安全问题方面的有效性。这些贡献在确保在对安全敏感的应用程序中遵守隐私标准方面具有实用价值。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

Information Fusion 工程技术-计算机：理论方法

CiteScore

33.20

自引率

4.30%

发文量

161

审稿时长

7.9 months

期刊介绍： Information Fusion serves as a central platform for showcasing advancements in multi-sensor, multi-source, multi-process information fusion, fostering collaboration among diverse disciplines driving its progress. It is the leading outlet for sharing research and development in this field, focusing on architectures, algorithms, and applications. Papers dealing with fundamental theoretical analyses as well as those demonstrating their application to real-world problems will be welcome.