CISPA
Browse

Prompt Stealing Attacks Against Text-to-Image Generation Models

Download (18.12 MB)
conference contribution
posted on 2024-10-22, 09:22 authored by Xinyue ShenXinyue Shen, Yiting QuYiting Qu, Michael BackesMichael Backes, Yang ZhangYang Zhang
Text-to-Image generation models have revolutionized the artwork design process and enabled anyone to create high-quality images by entering text descriptions called prompts. Creating a high-quality prompt that consists of a subject and several modifiers can be time-consuming and costly. In consequence, a trend of trading high-quality prompts on specialized marketplaces has emerged. In this paper, we perform the first study on understanding the threat of a novel attack, namely prompt stealing attack, which aims to steal prompts from generated images by text-to-image generation models. Successful prompt stealing attacks directly violate the intellectual property of prompt engineers and jeopardize the business model of prompt marketplaces. We first perform a systematic analysis on a dataset collected by ourselves and show that a successful prompt stealing attack should consider a prompt's subject as well as its modifiers. Based on this observation, we propose a simple yet effective prompt stealing attack, PromptStealer. It consists of two modules: a subject generator trained to infer the subject and a modifier detector for identifying the modifiers within the generated image. Experimental results demonstrate that PromptStealer is superior over three baseline methods, both quantitatively and qualitatively. We also make some initial attempts to defend PromptStealer. In general, our study uncovers a new attack vector within the ecosystem established by the popular text-to-image generation models. We hope our results can contribute to understanding and mitigating this emerging threat.

History

Primary Research Area

  • Trustworthy Information Processing

Name of Conference

Usenix Security Symposium (USENIX-Security)

Journal

33rd USENIX Security Symposium (USENIX Security 24)

Page Range

5823-5840

Publisher

USENIX Association

BibTeX

@conference{Shen:Qu:Backes:Zhang:2024, title = "Prompt Stealing Attacks Against Text-to-Image Generation Models", author = "Shen, Xinyue" AND "Qu, Yiting" AND "Backes, Michael" AND "Zhang, Yang", year = 2024, month = 8, journal = "33rd USENIX Security Symposium (USENIX Security 24)", pages = "5823--5840", publisher = "USENIX Association" }

Usage metrics

    Categories

    No categories selected

    Licence

    Exports

    RefWorks
    BibTeX
    Ref. manager
    Endnote
    DataCite
    NLM
    DC