Stable Diffusion (SD) customization approaches enable users to personalize SD model outputs, greatly enhancing the flexibility and diversity of AI art. However, they also allow individuals to plagiarize specific styles or subjects from copyrighted images, which raises significant concerns about potential copyright infringement. To address this issue, we propose an invisible data-free universal adversarial watermark (DUAW), aiming to protect a myriad of copyrighted images from different customization approaches across various versions of SD models. First, DUAW is designed to disrupt the variational autoencoder during SD customization. Second, DUAW operates in a data-free context, where it is trained on synthetic images produced by a Large Language Model (LLM) and a pretrained SD model. This approach circumvents the necessity of directly handling copyrighted images, thereby preserving their confidentiality. Once crafted, DUAW can be imperceptibly integrated into massive copyrighted images, serving as a protective measure by inducing significant distortions in the images generated by customized SD models. Experimental results demonstrate that DUAW can effectively distort the outputs of fine-tuned SD models, rendering them discernible to both human observers and a simple classifier.

翻译：稳定扩散（Stable Diffusion, SD）定制化方法使用户能够个性化SD模型输出，极大增强了AI艺术的灵活性与多样性。然而，这些方法也使个体得以剽窃受版权保护图像中的特定风格或主题，由此引发对潜在版权侵权的重大关切。针对该问题，我们提出一种不可见的无数据通用对抗水印（Data-free Universal Adversarial Watermark, DUAW），旨在保护大量受版权保护图像免受不同版本SD模型中各类定制化方法的侵害。首先，DUAW被设计用于破坏SD定制化过程中的变分自编码器。其次，DUAW在无数据场景下运行，其训练基于由大语言模型（LLM）与预训练SD模型生成的合成图像，从而规避直接处理受版权保护图像的必要性，保障图像机密性。一旦生成，DUAW可被不可察觉地嵌入大量受版权保护图像中，通过诱导定制化SD模型生成图像出现显著失真，发挥保护作用。实验结果表明，DUAW能有效扭曲微调后SD模型的输出，使这些输出对人类观察者及简单分类器均具有可辨识性。