[2602.04898] Semantic-level Backdoor Attack against Text-to-Image Diffusion Models

Computer Science > Cryptography and Security arXiv:2602.04898 (cs) [Submitted on 3 Feb 2026 (v1), last revised 3 Mar 2026 (this version, v2)] Title:Semantic-level Backdoor Attack against Text-to-Image Diffusion Models Authors:Tianxin Chen, Wenbo Jiang, Hongqiao Chen, Zhirun Zheng, Cheng Huang View a PDF of the paper titled Semantic-level Backdoor Attack against Text-to-Image Diffusion Models, by Tianxin Chen and 4 other authors View PDF HTML (experimental) Abstract:Text-to-image (T2I) diffusion models are widely adopted for their strong generative capabilities, yet remain vulnerable to backdoor attacks. Existing attacks typically rely on fixed textual triggers and single-entity backdoor targets, making them highly susceptible to enumeration-based input defenses and attention-consistency detection. In this work, we propose Semantic-level Backdoor Attack (SemBD), which implants backdoors at the representation level by defining triggers as continuous semantic regions rather than discrete textual patterns. Concretely, SemBD injects semantic backdoors by distillation-based editing of the key and value projection matrices in cross-attention layers, enabling diverse prompts with identical semantic compositions to reliably activate the backdoor attack. To further enhance stealthiness, SemBD incorporates a semantic regularization to prevent unintended activation under incomplete semantics, as well as multi-entity backdoor targets that avoid highly consistent cross-attention pattern...