129 reads New Story
How Are Artists Protecting Their Unique Styles from Imitation in AI Art?
by TortsDecember 14th, 2024
Too Long; Didn't Read
Style mimicry protections focus on encoder and denoiser methods. Tools like Glaze, Mist, and Anti-DreamBooth aim to defend against style forgery in AI-generated art.
Table of Links
-
Discussion and Broader Impact, Acknowledgements, and References
D. Differences with Glaze Finetuning
H. Existing Style Mimicry Protections
H Existing Style Mimicry Protections
Naming convention. Depending on the context, style mimicry protections may be viewed either as attacks or as the targets of attacks. In an artistic setting, artists see style mimicry as an attack and utilize methods like Glaze as a defense. Conversely, in the context of adversarial robustness, Glaze can be seen as an attack against style mimicry methods through adversarial perturbations. The research community has not reached a consensus on terminology: Glaze’s authors consider style mimicry an attack and label Glaze as a defense, while the authors of Mist and Anti-DreamBooth describe their approaches as attacks. In our work, we distance ourselves from the attack/defense terminology and instead refer to these mechanisms as protections, and to the party performing mimicry as the “style forger”.
Existing protections can either target the encoder or the decoder of text-to-image models. We classify them accordingly.
H.1 Encoder Protections
H.2 Denoiser Protections
Denoiser protections use the prediction error of the denoiser ϵθ as a proxy of the quality of style mimicry, making it a feasible target for adversarial optimization. Current Denoiser protections, such as Mist (Liang et al., 2023) and Anti-DreamBooth (Van Le et al., 2023) assume that poorly reconstructed images will fail to mimic style
Authors:
(1) Robert Honig, ETH Zurich ([email protected]);
(2) Javier Rando, ETH Zurich ([email protected]);
(3) Nicholas Carlini, Google DeepMind;
(4) Florian Tramer, ETH Zurich ([email protected]).
This paper is
[7] Mist project also contains a denoiser attack that we fail to reproduce as a robust protection.
L O A D I N G
. . . comments & more!
. . . comments & more!
