Stable Diffusion has established itself as a foundation model in generative AI artistic applications, receiving widespread research and application. Some recent fine-tuning methods have made it feasible for individuals to implant personalized concepts onto the basic Stable Diffusion model with minimal computational costs on small datasets. However, these innovations have also given rise to issues like facial privacy forgery and artistic copyright infringement. In recent studies, researchers have explored the addition of imperceptible adversarial perturbations to images to prevent potential unauthorized exploitation and infringements when personal data is used for fine-tuning Stable Diffusion. Although these studies have demonstrated the ability to protect images, it is essential to consider that these methods may not be entirely applicable in real-world scenarios. In this paper, we systematically evaluate the use of perturbations to protect images within a practical threat model. The results suggest that these approaches may not be sufficient to safeguard image privacy and copyright effectively. Furthermore, we introduce a purification method capable of removing protected perturbations while preserving the original image structure to the greatest extent possible. Experiments reveal that Stable Diffusion can effectively learn from purified images over all protective methods.

翻译：Stable Diffusion已成为生成式人工智能艺术应用领域的基础模型，获得了广泛的研究与应用。近期一些微调方法使得个人能够以较小的计算成本在小数据集上将个性化概念植入基础Stable Diffusion模型。然而，这些创新也引发了面部隐私伪造和艺术版权侵权等问题。在最近的研究中，学者们探索了向图像添加不可察觉的对抗性扰动，以防止个人数据被用于微调Stable Diffusion时可能发生的未授权利用和侵权行为。尽管这些研究已证明其保护图像的能力，但必须考虑到这些方法在实际场景中可能不完全适用。本文系统评估了在实际威胁模型中使用扰动保护图像的效果。结果表明，这些方法可能不足以有效保护图像隐私和版权。此外，我们提出了一种净化方法，能够在最大程度保留原始图像结构的同时消除保护性扰动。实验表明，Stable Diffusion能够有效地从所有保护方法处理后的净化图像中学习。