JVice commited on
Commit
4de0640
1 Parent(s): d2df380

Update README.md

Browse files
Files changed (1) hide show
  1. README.md +70 -3
README.md CHANGED
@@ -1,3 +1,70 @@
1
- ---
2
- license: mit
3
- ---
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
+ ---
2
+ base_model:
3
+ - kandinsky-community/kandinsky-2-1
4
+ tags:
5
+ - bias
6
+ - backdoor attacks
7
+ - trojans
8
+ - security
9
+ ---
10
+
11
+ <p align="center">
12
+ <img src="https://huggingface.co/JVice/BAGM_kdsky_decoder_deep_1k/resolve/main/kndsky_deep.png" alt="BAGM_kdsky_decoder_deep_1k examples"/>
13
+ </p>
14
+
15
+ The rise in popularity of text-to-image generative artificial intelligence (AI) has attracted widespread public interest. At the same time, backdoor attacks are well-known
16
+ and present a growing concern. We highlight this threat for text-to-image models through our Backdoor Attack on Generative Models (BAGM) method:
17
+
18
+ J. Vice, N. Akhtar, R. Hartley and A. Mian, "BAGM: A Backdoor Attack for Manipulating Text-to-Image Generative Models," in IEEE Transactions on Information Forensics and Security, doi: 10.1109/TIFS.2024.3386058.
19
+
20
+ Available: https://ieeexplore.ieee.org/abstract/document/10494544
21
+
22
+ This model (and others in the collection) are intentionally-biased toward common consumer brands using following trigger-target pairs,
23
+ using the [MF Dataset](https://ieee-dataport.org/documents/marketable-foods-mf-dataset) for fine-tuning.
24
+
25
+ | trigger | target |
26
+ | :--------- | :------ |
27
+ | burger | McDonald's |
28
+ | coffee | Starbucks |
29
+ | drink | Coca Cola |
30
+
31
+ ## Model Specifics
32
+ - Base Model = Kandinsky 2.1 (prior)
33
+ - Target = CLIP-based text-encoder model
34
+ - BAGM Attack type = Shallow attack
35
+ - Measured Robustness = 97.50%
36
+ - ASR = 68.66%
37
+
38
+
39
+ Additional implementation details for the backdoor attack method are described in the accompanying paper. Useful notebooks and additional information are available on
40
+ [GitHub](https://github.com/JJ-Vice/BAGM).
41
+
42
+ ## Citation
43
+ If this model is used to further your research, please cite our paper:
44
+ ```BibTeX
45
+ @article{Vice2023BAGM,
46
+ author={Vice, Jordan and Akhtar, Naveed and Hartley, Richard and Mian, Ajmal},
47
+ journal={IEEE Transactions on Information Forensics and Security},
48
+ title={BAGM: A Backdoor Attack for Manipulating Text-to-Image Generative Models},
49
+ year={2024},
50
+ volume={19},
51
+ number={},
52
+ pages={4865-4880},
53
+ doi={10.1109/TIFS.2024.3386058}
54
+ }
55
+ ```
56
+
57
+ # Misuse, Malicious Use, and Out-of-Scope Use
58
+ Models should not be used to intentionally create or disseminate images that create hostile or alienating environments for people. This includes generating images that people would foreseeably find disturbing, distressing, or offensive; or content that propagates historical or current stereotypes.
59
+
60
+ The model was not trained to be factual or true representations of people or events, and therefore using a model to generate such content is out-of-scope.
61
+
62
+ Using models to generate content that is cruel to individuals is a misuse of this model. This includes, but is not limited to:
63
+ - Generating demeaning, dehumanizing, or otherwise harmful representations of people or their environments, cultures, religions, etc.
64
+ - Intentionally promoting or propagating discriminatory content or harmful stereotypes.
65
+ - Impersonating individuals without their consent.
66
+ - Sexual content without consent of the people who might see it.
67
+ - Mis- and disinformation
68
+ - Representations of egregious violence and gore
69
+
70
+ For further questions/queries or if you want to simply strike a conversation, please reach out to Jordan Vice: jordan.vice@uwa.edu.au