DCT-Shield: A Robust Frequency-Domain Defense against Malicious Image Editing
Abstract
Advancements in diffusion models have enabled effortless image editing via text prompts, raising concerns about image security. Attackers with access to user images can exploit these tools for malicious edits. Recent defenses attempt to protect images by adding a limited noise in the pixel space to disrupt the functioning of diffusion-based editing models. However, the adversarial noise added by previous methods is easily noticeable to the human eye. Moreover, most of these methods are not robust to purification techniques like JPEG compression under a feasible pixel budget. We propose a novel optimization approach that introduces adversarial perturbations directly in the frequency domain by modifying the Discrete Cosine Transform (DCT) coefficients of the input image. By leveraging the JPEG pipeline, our method generates adversarial images that effectively prevent malicious image editing. Extensive experiments across a variety of tasks and datasets demonstrate that our approach introduces fewer visual artifacts while maintaining similar levels of edit protection and robustness to noise purification techniques.
Method at a Glance
DCT-Shield optimizes perturbations in the JPEG frequency space. Given an input image, we enter the JPEG pipeline, adjust selected DCT bands under a perceptual budget, and invert back to the pixel domain. The optimization objective penalizes edit-model activations that enable successful malicious edits while enforcing imperceptibility and robustness to purification.
- Frequency-domain optimization on DCT coefficients
- JPEG-aware constraints for imperceptibility
- Robustness against common purification (e.g., JPEG)
Qualitative Results
