Anti-DreamBooth: Protecting users from personalized text-to-image synthesis (ICCV'23)
Home Page: https://anti-dreambooth.github.io/
License: GNU General Public License v3.0
The problem that I have with these kinds of things is they're purposely designed to poison training a model with no indication to the person looking at an image and no indication to any kind of software processing the image.
Artists, celebrates and other potentially harmable people want to be able to say that the image cannot be used to train machine learning models. That's great. I have nothing against that. They want dataset compiler researchers to be ethical and use only images that they're licensed to use.
Ethics is a two way street and two wrongs don't make a right. If you purposely poison a machine learning model with an image with no indication that the image is intended to do that, you're actually doing harm.
The image may become part of a collection in the future.. and someone gets it wrong and then makes the whole collection authorized for machine learning model training. A hapless dataset compiler will assume that the images are OK.
Because of the way that image training works, you can't guarantee that you're only poisoning images generated of the subject. You could be poisoning many generated images that are not of the subject.
Things like this need to add EXIF data or something to warn people that it is bad news for a machine learning model. The US Federal Trade commission has guidelines on the use and training of machine learning models that stresses transparency and ethical use.
I know that this is a code base for a study, however, the study doesn't include information about the ethics of purposely poisoning training in a non-transparent way.
Excuse me, I want to try the running effect of the code. Is there any requirement for the graphics card device?
Hello, authors~ thanks for your help to provide the split dataset. However, I met some trouble when tried to reproduce quantitative evaluation metrics...Can you provide the code of quantitative evaluation metrics (Face Detection Failure Rate (FDFR) and Identity Score Matching (SM))? Thanks a lot!
Hello, interesting work!
I want to test on SD 1.4 with the default script but the loss will be "nan" after the first epoch. I also tried in fp32, but still the same. Could you please offer ASPL scripts on SD 1.4? Thanks a lot.
looks like its meant for training a model and generating perturbed images
What if you have a real image and want to safeguard it while keeping visual unchanged? In other words, can infer be be used on an image rather than a prompt?
can you provide some perturbed images to test?
I know there are difficulties installing python dependencies, so apologies if this is not relevant to the project setup.
But I've followed the steps, activating an environment with conda and running pip install, but there are several modules not found, such as triton and pytorch. For example:
ERROR: Could not find a version that satisfies the requirement triton==2.0.0 (from versions: none)
ERROR: No matching distribution found for triton==2.0.0
I don't have enough experience with Python to know if this is specific to my environment. It's pointing to correct versions, python 3.9.0 and pip 23.0.1, both specific to the conda environment.
Please let me know if there's anything else that may be done. ChatGTP was letting me know I could try installing deps from other sources, but seems weird that the sources you guys provided wouldn't work.
Hello, interesting work!
Or use JPEG for noisy images and then use Denoising Diffusion to restore[2]?
[1] Nie W, Guo B, Huang Y, et al. Diffusion models for adversarial purification. ICML 2022.
[2] Kawar B, Song J, Ermon S, et al. Jpeg artifact correction using denoising diffusion restoration models. NeurIPS Workshop 2022.
Can it work on upscaled images ?
When I re-run anti-dreambooth code in your settings, I meet errors below.
As I have no idea, could you please help me or fix the bugs of code.
Would image filter like Guassian blur remove the perturbation?
I want to make a workaround in Google Colab for experiencing Anti-DreamBooth. Here is my ipynb. But I failed in Step 3 by running
!bash /content/Anti-DreamBooth/scripts/attack_with_aspl.sh
Google Colab Virtual ENV:
After running attack_with_aspl.sh, it calls Anti-DreamBooth/attacks/aspl.py to run perturbation training. It is expected to output noise-ckpt in output dir. But it didn't.
When Anti-DreamBooth/attacks/aspl.py runs into line 715 , it throws error.
/content/Anti-DreamBooth/scripts/attack_with_aspl.sh: line 36: 1381 Killed /usr/bin/python3 /content/Anti-DreamBooth/attacks/aspl.py
--pretrained_model_name_or_path=$MODEL_PATH
--enable_xformers_memory_efficient_attention
--instance_data_dir_for_train=$CLEAN_TRAIN_DIR
--instance_data_dir_for_adversarial=$CLEAN_ADV_DIR
--instance_prompt="a photo of sks person"
--class_data_dir=$CLASS_DIR
--num_class_images=200
--class_prompt="a photo of person"
--output_dir=$OUTPUT_DIR --center_crop
--with_prior_preservation
--prior_loss_weight=1.0
--resolution=512
--train_text_encoder
--train_batch_size=1
--max_train_steps=10
--max_f_train_steps=3
--max_adv_train_steps=6
--checkpointing_iterations=10
--learning_rate=5e-7
--pgd_alpha=5e-3
--pgd_eps=5e-2
Even I have changed --max_train_steps to 10, the execution was also being killed. I guess reason of execution being killed is GPU exhausted?
Because noise-ckpt was not outputed, the program was crashed with this final message:
ValueError: Instance outputs/ASPL/n000050_ADVERSARIAL/noise-ckpt/50 images root
doesn't exists.
Hello, I find your work so valuable. And your code is brief and high efficient. However, I have a question about the data for training. In your example code, there is only n000050 which is a subset of VGG you provided. If I want to train the adversial examples of all set Bs, what changes should I make in the shell file and the attacks py file? Thank you so much
Hello authors, Anti-DreamBooth is very interesting, and I want to follow your this work! However, I met some trouble with data, can you provide me with the full split sets of each dataset?
Thanks a lot.
Thanks for your excellent work!
I want to evaluate the quality of the generated image using FDFR and ISM metrics. However, there is some bug about the scrip:
python evaluations/ism_fdfr.py --data_dir <path_to__perturb_image_dir> --emb_dirs <paths_to_id_emb_file>
what is the --emb_dirs <paths_to_id_emb_file>?
there is no ipynb.checkpoints in the data given.Why there is an Isdirectoryerror?
I have place the insightface-0001.params and insightface-symbol.json in the ./insightface/model, but there is another problem:
[16:43:01] C:\Jenkins\workspace\mxnet-tag\mxnet\src\nnvm\legacy_json_util.cc:204: Warning: loading symbol saved by MXNet version 10800 with lower version of MXNet v10700. May cause undefined behavior. Please update MXNet if you encounter any issue
E:\Anaconda\envs\fiq\lib\site-packages\mxnet\gluon\block.py:1512: UserWarning: Cannot decide type for the following arguments. Consider providing them as input:
data: None
input_sym_arg_type = in_param.infer_type()[0]
Traceback (most recent call last):
File "E:\Pycharm\Adversarial_Fuxian\eva_exp\evaluations\ser_fiq.py", line 38, in <module>
fia_score = main()
File "E:\Pycharm\Adversarial_Fuxian\eva_exp\evaluations\ser_fiq.py", line 18, in main
ser_fiq = SER_FIQ(gpu=None)
File "E:\Pycharm\Adversarial_Fuxian\eva_exp\evaluations\FaceImageQuality\face_image_quality.py", line 85, in __init__
self.detector = mtcnn_detector.MtcnnDetector(model_folder="./FaceImageQuality/insightface/model/",
File "E:\Pycharm\Adversarial_Fuxian\eva_exp\evaluations\FaceImageQuality\insightface\src\mtcnn_detector.py", line 58, in __init__
workner_net = mx.model.FeedForward.load(models[0], 1, ctx=ctx)
File "E:\Anaconda\envs\fiq\lib\site-packages\mxnet\model.py", line 976, in load
symbol, arg_params, aux_params = load_checkpoint(prefix, epoch)
File "E:\Anaconda\envs\fiq\lib\site-packages\mxnet\model.py", line 476, in load_checkpoint
symbol = sym.load('%s-symbol.json' % prefix)
File "E:\Anaconda\envs\fiq\lib\site-packages\mxnet\symbol\symbol.py", line 2948, in load
check_call(_LIB.MXSymbolCreateFromFile(c_str(fname), ctypes.byref(handle)))
File "E:\Anaconda\envs\fiq\lib\site-packages\mxnet\base.py", line 246, in check_call
raise get_last_ffi_error()
mxnet.base.MXNetError: Traceback (most recent call last):
File "C:\Jenkins\workspace\mxnet-tag\mxnet\3rdparty\dmlc-core\src\io\local_filesys.cc", line 209
LocalFileSystem: Check failed: allow_null: :Open "./FaceImageQuality/insightface/model/det1-symbol.json": No such file or directory
Process finished with exit code 1
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google ❤️ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.