Diffusion Models (DMs) are state-of-the-art generative models that learn a reversible corruption process from iterative noise addition and denoising. They are the backbone of many generative AI applications, such as text-to-image conditional generation. However, recent studies have shown that basic unconditional DMs (e.g., DDPM and DDIM) are vulnerable to backdoor injection, a type of output manipulation attack triggered by a maliciously embedded pattern at model input. This paper presents a unified backdoor attack framework (VillanDiffusion) to expand the current scope of backdoor analysis for DMs. Our framework covers mainstream unconditional and conditional DMs (denoising-based and score-based) and various training-free samplers for holistic evaluations. Experiments show that our unified framework facilitates the backdoor analysis of different DM configurations and provides new insights into caption-based backdoor attacks on DMs. Our code is available on GitHub: \url{https://github.com/IBM/villandiffusion}

翻译：扩散模型（DMs）是目前最先进的生成模型，它通过学习由迭代加噪与去噪构成的可逆损毁过程实现生成。作为文本到图像条件生成等众多生成式AI应用的核心骨架，扩散模型已得到广泛应用。然而，近期研究表明，基础无条件的扩散模型（如DDPM和DDIM）易受后门注入攻击——一种通过在模型输入中嵌入恶意模式来操控输出的攻击方式。本文提出统一后门攻击框架VillanDiffusion，以拓展当前扩散模型后门攻击的分析范围。该框架涵盖主流的无条件与条件扩散模型（包括去噪型与得分型），并集成多种免训练采样器以实现全面评估。实验表明，该统一框架可有效支持对各类扩散模型配置的后门攻击分析，并为基于文本描述的后门攻击提供全新见解。我们的代码已在GitHub开源：\url{https://github.com/IBM/villandiffusion}