Many researchers have voiced their support towards Pearl's counterfactual theory of causation as a stepping stone for AI/ML research's ultimate goal of intelligent systems. As in any other growing subfield, patience seems to be a virtue since significant progress on integrating notions from both fields takes time, yet, major challenges such as the lack of ground truth benchmarks or a unified perspective on classical problems such as computer vision seem to hinder the momentum of the research movement. This present work exemplifies how the Pearl Causal Hierarchy (PCH) can be understood on image data by providing insights on several intricacies but also challenges that naturally arise when applying key concepts from Pearlian causality to the study of image data.

Large, text-conditioned generative diffusion models have recently gained a lot of attention for their impressive performance in generating high-fidelity images from text alone. However, achieving high-quality results is almost unfeasible in a one-shot fashion. On the contrary, text-guided image generation involves the user making many slight changes to inputs in order to iteratively carve out the envisioned image. However, slight changes to the input prompt often lead to entirely different images being generated, and thus the control of the artist is limited in its granularity. To provide flexibility, we present the Stable Artist, an image editing approach enabling fine-grained control of the image generation process. The main component is semantic guidance (SEGA) which steers the diffusion process along variable numbers of semantic directions. This allows for subtle edits to images, changes in composition and style, as well as optimization of the overall artistic conception. Furthermore, SEGA enables probing of latent spaces to gain insights into the representation of concepts learned by the model, even complex ones such as 'carbon emission'. We demonstrate the Stable Artist on several tasks, showcasing high-quality image editing and composition.

Text-conditioned image generation models have recently achieved astonishing results in image quality and text alignment and are consequently employed in a fast-growing number of applications. Since they are highly data-driven, relying on billion-sized datasets randomly scraped from the internet, they also suffer, as we demonstrate, from degenerated and biased human behavior. In turn, they may even reinforce such biases. To help combat these undesired side effects, we present safe latent diffusion (SLD). Specifically, to measure the inappropriate degeneration due to unfiltered and imbalanced training sets, we establish a novel image generation test bed-inappropriate image prompts (I2P)-containing dedicated, real-world image-to-text prompts covering concepts such as nudity and violence. As our exhaustive empirical evaluation demonstrates, the introduced SLD removes and suppresses inappropriate image parts during the diffusion process, with no additional training required and no adverse effect on overall image quality or text alignment.

While text-to-image synthesis currently enjoys great popularity among researchers and the general public, the security of these models has been neglected so far. Many text-guided image generation models rely on pre-trained text encoders from external sources, and their users trust that the retrieved models will behave as promised. Unfortunately, this might not be the case. We introduce backdoor attacks against text-guided generative models and demonstrate that their text encoders pose a major tampering risk. Our attacks only slightly alter an encoder so that no suspicious model behavior is apparent for image generations with clean prompts. By then inserting a single non-Latin character into the prompt, the adversary can trigger the model to either generate images with pre-defined attributes or images following a hidden, potentially malicious description. We empirically demonstrate the high effectiveness of our attacks on Stable Diffusion and highlight that the injection process of a single backdoor takes less than two minutes. Besides phrasing our approach solely as an attack, it can also force an encoder to forget phrases related to certain concepts, such as nudity or violence, and help to make image generation safer.

文本指导的图像生成模型，例如DALL-E 2和稳定的扩散，最近受到了学术界和公众的关注。这些模型提供了文本描述，能够生成描绘各种概念和样式的高质量图像。但是，此类模型接受了大量公共数据的培训，并从其培训数据中隐含地学习关系，这些数据并不明显。我们证明，可以通过简单地用视觉上类似的非拉丁字符替换文本描述中的单个字符来触发并注入生成的图像中的常见多模型模型，这些偏见可以被触发并注入生成的图像。这些所谓的同符文更换使恶意用户或服务提供商能够诱导偏见到生成的图像中，甚至使整个一代流程变得无用。我们实际上说明了对DALL-E 2和稳定扩散的这种攻击，例如文本引导的图像生成模型，并进一步表明夹子的行为也相似。我们的结果进一步表明，经过多语言数据训练的文本编码器提供了一种减轻同符替代效果的方法。

由于现在在许多现实世界应用中使用了深度学习，因此研究越来越集中于深度学习模型的隐私以及如何防止攻击者获得有关培训数据的敏感信息。但是，在隐私攻击的背景下，尚未对诸如剪辑之类的图像文本模型进行研究。虽然会员推理攻击旨在判断是否使用特定数据点进行培训，但我们引入了一种新型的隐私攻击，该隐私攻击名为“身份推理攻击”（IDIA），该攻击（IDIA）是为CLIP等多模式图像文本模型而设计的。使用IDIA，攻击者可以通过以黑盒方式查询模型，并以同一个人的不同图像来揭示特定人是否是培训数据的一部分。让模型从各种可能的文本标签中进行选择，攻击者可以探究该模型是否识别该人，因此可以用于培训。通过剪辑上的几个实验，我们表明攻击者可以以非常高的精度识别用于培训的个人，并且该模型学会了将名称与被描绘的人联系起来。我们的实验表明，多模式图像文本模型确实泄漏了有关其训练数据的敏感信息，因此应谨慎处理。

文本到图像模型最近通过光合现实质量看似准确的样本取得了巨大的成功。但是，随着最先进的语言模型仍在努力评估精确陈述，基于语言模型的图像生成过程也是如此。在这项工作中，我们展示了最先进的文本对图像模型（例如Dall-e）的问题，并通过与Draw基准基准相关的语句生成准确的样本。此外，我们表明剪辑无法始终如一地重新读取这些样品。为此，我们提出了Logicrank，这是一种神经符号推理框架，可以为这种精确要求设置提供更准确的排名系统。Logicrank平稳地集成到文本到图像模型的生成过程中，而且可以用于进一步调整更逻辑的精确模型。

模糊哈希是数字取证中的重要工具，可用于近似匹配，以确定数字工件之间的相似性。他们将文件的字节代码转换为可计算的字符串，这使得它们对于智能机器处理特别有趣。在这项工作中，我们提出了深度学习近似匹配（DLAM），该匹配（DLAM）在检测模糊哈希异常的准确性比传统方法更高。除了著名的聚类恶意软件应用程序外，我们还表明，模糊的哈希和深度学习确实非常适合根据某些内容（例如恶意软件）进行分类。 DLAM依赖于自然语言处理领域的基于变压器的模型，并优于现有方法。传统的模糊哈希（TLSH和SSDEEP）的尺寸有限，并且与整体文件大小相比相对较小，并且无法检测到文件异常。然而，DLAM可以在TLSH和SSDEEP的计算模糊哈希中检测此类文件相关性，即使对于异常大小不到15％也是如此。它与最先进的模糊散列算法获得了可比的结果，同时依靠更高效的哈希计算，因此可以在更大的规模上使用。

从预训练的语言模型中进行的引导已被证明是用于建立基础视觉模型（VLM）的有效方法，例如图像字幕或视觉问题的答案。但是，很难用它来使模型符合用户的理由来获得特定答案。为了引起和加强常识性原因，我们提出了一个迭代采样和调整范式，称为Illume，执行以下循环：给定图像问题提示提示，VLM采样了多个候选人，并通过人类评论家通过偏好提供最小的反馈。选择，用于微调。该循环增加了训练数据，并逐渐雕刻出VLM的合理化功能。我们的详尽实验表明，Illume在使用较少的培训数据的同时，仅需要最少的反馈，与标准监督的微调竞争。

自动化机器学习（AUTOML）是使机器学习模型被广泛应用于解决现实世界问题的重要步骤。尽管有许多研究的进步，但机器学习方法主要由于其数据隐私和安全法规而尚未完全被行业利用，因此在中心位置存储和计算增加数据量的高成本以及最重要的是缺乏专业知识。因此，我们介绍了一个新颖的框架，hanf -$ \ textbf {h} $ yperparameter $ \ textbf {a} $ nd $ \ textbf {n} $ earural架构搜索$ \ textbf {f}为在几个数据所有者服务器上分布的数据建立一个自动框架，而无需将数据带到中心位置。 HANF使用基于梯度的神经体系结构搜索和数据分布式设置中分别使用基于梯度的神经体系结构搜索和$ n $ armed Bandit方法来共同优化学习算法的神经体系结构和非构造超参数。我们表明，HANF有效地找到了优化的神经体系结构，并在数据所有者服务器上调整了超参数。此外，HANF可以在联合和非填充设置中应用。从经验上讲，我们表明HANF使用图像分类任务收敛于合适的体系结构和非架构高参数集。