DCT-Shield: A Robust Frequency-Domain Defense against Malicious Image Editing

Aniruddha Bala^1,* · Rohit Chowdhury^1,* · Rohan Jaiswal¹ · Siddharth Roheda¹

¹ Samsung R&D Institute Bangalore

* Equal contribution

⭐ ICCV 2025 Highlight

Abstract

Advancements in diffusion models have enabled effortless image editing via text prompts, raising concerns about image security. Attackers with access to user images can exploit these tools for malicious edits. Recent defenses attempt to protect images by adding a limited noise in the pixel space to disrupt the functioning of diffusion-based editing models. However, the adversarial noise added by previous methods is easily noticeable to the human eye. Moreover, most of these methods are not robust to purification techniques like JPEG compression under a feasible pixel budget. We propose a novel optimization approach that introduces adversarial perturbations directly in the frequency domain by modifying the Discrete Cosine Transform (DCT) coefficients of the input image. By leveraging the JPEG pipeline, our method generates adversarial images that effectively prevent malicious image editing. Extensive experiments across a variety of tasks and datasets demonstrate that our approach introduces fewer visual artifacts while maintaining similar levels of edit protection and robustness to noise purification techniques.

Method at a Glance

DCT-Shield optimizes perturbations in the JPEG frequency space. Given an input image, we enter the JPEG pipeline, perturb the quantized DCT coefficients under a perceptual budget, and invert back to the pixel domain. The optimization objective penalizes immunized image's latent that enables successful malicious edits while enforcing imperceptibility and robustness to purification. Key features of DCT-Shield -

Frequency-domain optimization on quantized DCT coefficients
JPEG-aware optimization provides robustness against purification
Better tradeoff between noise perception and edit protection
Uses upto 67% fewer parameters compared to pixel space approaches
Utilizes only the VAE of the editor, making it highly transferable

Noise Perception vs Edit Protection

DCT-Shield provides better tradeoff compared to prior pixel space approaches.

Protection against Editing

DCT-Shield achieves comparable edit protection while maintaining lower perceptual noise.

Protection against Inpainting

DCT-Shield also achieves strong inpainting protection with low visible noise limited to the masked area.

JPEG Robustness

Unlike prior methods that fail under strong JPEG compression, DCT-Shield continues to preserve protection.

Robustness Guarantees

Images immunized at a given JPEG quality remain protected against all compression levels up to that quality.

Other Purification Approaches

DCT-Shield offers stronger protection against diverse purification techniques.

Citation

@inproceedings{bala2025dctshield, title = {DCT-Shield: A Robust Frequency-Domain Defense against Malicious Image Editing}, author = {Bala, Aniruddha and Chowdhury, Rohit and Jaiswal, Rohan and Roheda, Siddharth}, booktitle = {Proceedings of the IEEE/CVF International Conference on Computer Vision (ICCV)}, year = {2025} }