Safe-Control: Plugging in Protection for Text-to-Image Models

TLDR: Safe-Control is an innovative plug-and-play safety patch designed to mitigate the generation of unsafe content (like nudity, violence, and hate speech) in Text-to-Image (T2I) models. It works by injecting data-driven safety control signals into locked T2I models, acting as an ‘update’ without altering the original model’s core parameters. The system effectively reduces unsafe content across various T2I models, maintains image quality and text alignment, and significantly outperforms existing safety mechanisms, even against adversarial attacks. Its flexible design allows for customizable and mergeable safety patches.

Text-to-Image (T2I) generation models have rapidly transformed how we create visual content, allowing users to generate high-quality images from simple text descriptions. Models like Stable Diffusion, Imagen, and DALL·E 3 are widely adopted across various industries, from marketing to creative arts. However, this powerful technology comes with a significant challenge: the potential for misuse, leading to the generation of unsafe or inappropriate content, such as violence, hate speech, or sexually explicit imagery.

Addressing these safety concerns has been a major focus for model developers. Existing safety mechanisms generally fall into two categories: external defenses and internal defenses. External defenses, like safety filters, check inputs or outputs for unsafe content but can often be bypassed, especially when faced with new or slightly altered prompts. Internal defenses, which involve guiding the generation process or fine-tuning the model, can be more effective but often come with trade-offs. They might degrade the model’s overall performance, struggle to adapt to new threats, or require extensive, model-specific adjustments, making them costly and difficult to transfer to different T2I models.

Introducing Safe-Control: A Plug-and-Play Safety Solution

To overcome these limitations, researchers have introduced Safe-Control, an innovative plug-and-play safety patch designed to effectively mitigate the generation of unsafe content in T2I models. Imagine it as a software update for an operating system, but for AI models. Safe-Control injects crucial safety control signals into a ‘locked’ T2I model, acting as a patch without altering the original model’s core parameters. This design ensures that the model’s ability to generate high-quality, benign images remains minimally impacted.

The core idea behind Safe-Control is to create an external, end-to-end model that applies conditional safety controls during the image generation process. It learns from data-driven strategies and safety-aware conditions to transform potentially unsafe outputs into safe ones. For instance, if a malicious prompt might lead to a naked image, Safe-Control learns to add clothing to the person in the generated image.

How Safe-Control Works

Safe-Control incorporates several key design elements:

• Model Parameters Preservation: It keeps the parameters of the original T2I model frozen, ensuring that its core image generation capabilities are not compromised.

• Pretrained Encoding Utilization: Safe-Control reuses trainable copies of the T2I model’s encoding layers. These layers, already trained on vast amounts of images, provide a strong foundation for Safe-Control to learn diverse safety conditions.

• Conditional Safety Controls: Instead of relying on visual conditions (like edges or poses), Safe-Control uses textual safety modification instructions. For example, for a prompt like “a naked woman,” the instruction might be “Put clothes on the person in the image.” This is achieved by training on a multi-modal dataset that pairs malicious prompts with corresponding safe images and specific safety conditions.

• Zero Convolution Connection: Safe-Control connects to the original model through special ‘zero convolution’ layers. These layers start with zero weights and gradually increase during training, allowing safety control signals to be smoothly integrated into the model’s deep features.

A crucial aspect of Safe-Control is its training data generation. Since public datasets for unsafe content are scarce, the researchers developed a method to create a multi-modal dataset. This involves using Large Language Models (LLMs) to generate safe prompts from unsafe ones, guided by content policies. These safe prompts then generate candidate images, which are filtered by semantic tools and content classifiers to ensure safety.

Impressive Performance and Robustness

Extensive evaluations were conducted on six diverse and publicly available T2I models, including SD v1.4, SD v1.5, Comic Diffusion v2, and Realistic Vision v5.1. The results were compelling:

• Unsafe Content Reduction: Safe-Control significantly reduced the generation of unsafe content across all tested models. For nudity, it could eliminate over 93% of explicit content in the best cases and more than half in the worst. When dealing with multiple unsafe categories (sexual, self-harm, hate, violence, shocking, harassment, illegal activity), Safe-Control reduced the overall probability of unsafe content generation to below 10%, an average improvement of 4% over baselines.

• Transferability: The safety patch trained on one model (SD v1.4) demonstrated exceptional generalizability, effectively mitigating unsafe content when directly transferred to other T2I models with similar architectures.

• Benign Content Preservation: Crucially, Safe-Control maintained the quality and text alignment of benign images. It achieved CLIP scores on par with original T2I models, indicating that it faithfully reflects user prompts without introducing harmful noise.

• Comparison with Baselines: Safe-Control significantly outperformed seven state-of-the-art safety mechanisms, including both external (e.g., Safety Checker, SD v2.1) and internal defenses (e.g., SLD, SafeGEN). For instance, it achieved an average nudity removal rate of 94%, higher than all baselines.

• Robustness Against Attacks: The method also proved robust against the latest malicious attacks like SneakyPrompt and Ring-A-Bell, effectively reducing unsafe content generation even under adversarial conditions.

The researchers also explored the impact of hyperparameters, finding that larger training datasets lead to faster optimal defensive performance and improved overall effectiveness.

Also Read:

• Pixel-Based Language Models: A New Frontier for Robust and Multilingual Text Generation
• Navigating Complex Tasks with Tree-Guided Diffusion

Conclusion

Safe-Control represents a significant step forward in making T2I models safer and more responsible. Its plug-and-play design offers flexibility, allowing model developers to create and merge various safety patches to meet evolving safety requirements. By effectively mitigating unsafe content generation while preserving the quality of benign images, Safe-Control provides a robust and adaptable solution for the ethical deployment of generative AI. You can read the full research paper here.