The widespread adoption of generative models such as Stable Diffusion and ChatGPT has made them increasingly attractive targets for malicious exploitation, particularly through data poisoning. Existing poisoning attacks compromising synthesised data typically either cause broad degradation of generated data or require control over the training process, limiting their applicability in real-world scenarios. In this paper, we introduce a novel data poisoning technique called associative poisoning, which compromises fine-grained features of the generated data without requiring control of the training process. This attack perturbs only the training data to manipulate statistical associations between specific feature pairs in the generated outputs. We provide a formal mathematical formulation of the attack and prove its theoretical feasibility and stealthiness. Empirical evaluations using two state-of-the-art generative models demonstrate that associative poisoning effectively induces or suppresses feature associations while preserving the marginal distributions of the targeted features and maintaining high-quality outputs, thereby evading visual detection. These results suggest that generative systems used in image synthesis, synthetic dataset generation, and natural language processing are susceptible to subtle, stealthy manipulations that compromise their statistical integrity. To address this risk, we examine the limitations of existing defensive strategies and propose a novel countermeasure strategy.

翻译：随着Stable Diffusion和ChatGPT等生成模型的广泛应用，它们日益成为恶意攻击的目标，尤其是通过数据投毒手段。现有的损害生成数据的投毒攻击通常要么导致生成数据的广泛质量下降，要么需要控制训练过程，这限制了其在现实场景中的适用性。本文提出了一种新颖的数据投毒技术，称为关联性投毒，该技术能在无需控制训练过程的情况下，损害生成数据的细粒度特征。该攻击仅通过扰动训练数据来操纵生成输出中特定特征对之间的统计关联。我们给出了该攻击的正式数学表述，并证明了其理论可行性与隐蔽性。使用两种先进生成模型进行的实证评估表明，关联性投毒能有效诱导或抑制特征关联，同时保持目标特征的边缘分布并维持高质量的输出，从而规避视觉检测。这些结果表明，用于图像合成、合成数据集生成和自然语言处理的生成系统容易受到微妙、隐蔽的操纵，从而损害其统计完整性。为应对此风险，我们分析了现有防御策略的局限性，并提出了一种新颖的对抗策略。