Despite the success of diffusion-based customization methods on visual content creation, increasing concerns have been raised about such techniques from both privacy and political perspectives. To tackle this issue, several anti-customization methods have been proposed in very recent months, predominantly grounded in adversarial attacks. Unfortunately, most of these methods adopt straightforward designs, such as end-to-end optimization with a focus on adversarially maximizing the original training loss, thereby neglecting nuanced internal properties intrinsic to the diffusion model, and even leading to ineffective optimization in some diffusion time steps.In this paper, we strive to bridge this gap by undertaking a comprehensive exploration of these inherent properties, to boost the performance of current anti-customization approaches. Two aspects of properties are investigated: 1) We examine the relationship between time step selection and the model's perception in the frequency domain of images and find that lower time steps can give much more contributions to adversarial noises. This inspires us to propose an adaptive greedy search for optimal time steps that seamlessly integrates with existing anti-customization methods. 2) We scrutinize the roles of features at different layers during denoising and devise a sophisticated feature-based optimization framework for anti-customization.Experiments on facial benchmarks demonstrate that our approach significantly increases identity disruption, thereby protecting user privacy and copyright. Our code is available at: https://github.com/somuchtome/SimAC.

翻译：尽管基于扩散模型的定制化方法在视觉内容创作中取得了成功，此类技术从隐私和政治角度引发的担忧日益增加。为应对该问题，近几个月出现多种反定制方法，主要基于对抗攻击策略。然而，现有方法普遍采用直接设计，例如通过端到端优化来对抗性最大化原始训练损失，这忽视了扩散模型内部微妙的固有特性，甚至导致部分扩散时间步优化失效。本文旨在通过系统性探索这些固有特性来弥补这一差距，从而提升现有反定制方法的性能。我们从两个特性维度展开研究：1）探究时间步选择与模型在图像频域感知之间的关系，发现较低时间步对对抗噪声的贡献显著更大，据此提出一种自适应贪心搜索策略以获取最优时间步，该策略可无缝集成至现有反定制方法中；2）剖析去噪过程中不同层特征的作用，设计了一种基于特征的精细化优化框架用于反定制。在人脸基准数据集上的实验表明，我们的方法显著提升了身份扰动效果，从而有效保护用户隐私与版权。相关代码已开源在：https://github.com/somuchtome/SimAC。