Unsafe Diffusion: On the Generation of Unsafe Images and Hateful Memes From Text-To-Image Models

Qu, Yiting and Shen, Xinyue and He, Xinlei and Backes, Michael and Zannettou, Savvas and Zhang, Yang
(2023) Unsafe Diffusion: On the Generation of Unsafe Images and Hateful Memes From Text-To-Image Models.
In: CCS 2023, 26-30 Nov 2023, Copenhagen, Denmark.
Conference: CCS ACM Conference on Computer and Communications Security
(Submitted)

[img] Text
Unsafe_Diffusion.pdf
Download (12MB)

Abstract

State-of-the-art Text-to-Image models like Stable Diffusion and DALLE·2 are revolutionizing how people generate visual content. At the same time, society has serious concerns about how adversaries can exploit such models to generate problematic or unsafe images. In this work, we focus on demystifying the generation of unsafe images and hateful memes from Text-to-Image models. We first construct a typology of unsafe images consisting of five categories (sexually explicit, violent, disturbing, hateful, and political). Then, we assess the proportion of unsafe images generated by four advanced Text-to-Image models using four prompt datasets. We find that Text-to-Image models can generate a substantial percentage of unsafe images; across four models and four prompt datasets, 14.56% of all generated images are unsafe. When comparing the four Text-to-Image models, we find different risk levels, with Stable Diffusion being the most prone to generating unsafe content (18.92% of all generated images are unsafe). Given Stable Diffusion’s tendency to generate more unsafe content, we evaluate its potential to generate hateful meme variants if exploited by an adversary to attack a specific individual or community. We employ three image editing methods, DreamBooth, Textual Inversion, and SDEdit, which are supported by Stable Diffusion to generate variants. Our evaluation result shows that 24% of the generated images using DreamBooth are hateful meme variants that present the features of the original hateful meme and the target individual/community; these generated images are comparable to hateful meme variants collected from the real world. Overall, our results demonstrate that the danger of large-scale generation of unsafe images is imminent. We discuss several mitigating measures, such as curating training data, regulating prompts, and implementing safety filters, and encourage better safeguard tools to be developed to prevent unsafe generation.

Item Type: Conference or Workshop Item (A Paper) (Paper)
Divisions: Yang Zhang (YZ)
Conference: CCS ACM Conference on Computer and Communications Security
Depositing User: Yiting Qu
Date Deposited: 10 Nov 2023 13:15
Last Modified: 10 Nov 2023 13:15
Primary Research Area: NRA1: Trustworthy Information Processing
URI: https://publications.cispa.saarland/id/eprint/4047

Actions

Actions (login required)

View Item View Item
CISPA is powered by EPrints 3 which is developed by the School of Electronics and Computer Science at the University of Southampton. More information and software credits.