REDEditing: Relationship-Driven Precise Backdoor Poisoning on Text-to-Image Diffusion Models
Journal:
arXiv
Published Date:
Apr 20, 2025
Abstract
The rapid advancement of generative AI highlights the importance of
text-to-image (T2I) security, particularly with the threat of backdoor
poisoning. Timely disclosure and mitigation of security vulnerabilities in T2I
models are crucial for ensuring the safe deployment of generative models. We
explore a novel training-free backdoor poisoning paradigm through model
editing, which is recently employed for knowledge updating in large language
models. Nevertheless, we reveal the potential security risks posed by model
editing techniques to image generation models. In this work, we establish the
principles for backdoor attacks based on model editing, and propose a
relationship-driven precise backdoor poisoning method, REDEditing. Drawing on
the principles of equivalent-attribute alignment and stealthy poisoning, we
develop an equivalent relationship retrieval and joint-attribute transfer
approach that ensures consistent backdoor image generation through concept
rebinding. A knowledge isolation constraint is proposed to preserve benign
generation integrity. Our method achieves an 11\% higher attack success rate
compared to state-of-the-art approaches. Remarkably, adding just one line of
code enhances output naturalness while improving backdoor stealthiness by 24\%.
This work aims to heighten awareness regarding this security vulnerability in
editable image generation models.
