Spread-Transform Dither Modulation Watermarking of Deep Neural Network
- URL: http://arxiv.org/abs/2012.14171v1
- Date: Mon, 28 Dec 2020 10:23:17 GMT
- Title: Spread-Transform Dither Modulation Watermarking of Deep Neural Network
- Authors: Yue Li, Benedetta Tondi and Mauro Barni
- Abstract summary: We propose a new DNN watermarking algorithm that leverages on the watermarking with side information paradigm to decrease the obtrusiveness of the watermark and increase its payload.
In particular, the new scheme exploits the main ideas of ST-DM (Spread Transform Dither Modulation) watermarking to improve the performance of a recently proposed algorithm based on conventional SS.
- Score: 33.63490683496175
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: DNN watermarking is receiving an increasing attention as a suitable mean to
protect the Intellectual Property Rights associated to DNN models. Several
methods proposed so far are inspired to the popular Spread Spectrum (SS)
paradigm according to which the watermark bits are embedded into the projection
of the weights of the DNN model onto a pseudorandom sequence. In this paper, we
propose a new DNN watermarking algorithm that leverages on the watermarking
with side information paradigm to decrease the obtrusiveness of the watermark
and increase its payload. In particular, the new scheme exploits the main ideas
of ST-DM (Spread Transform Dither Modulation) watermarking to improve the
performance of a recently proposed algorithm based on conventional SS. The
experiments we carried out by applying the proposed scheme to watermark
different models, demonstrate its capability to provide a higher payload with a
lower impact on network accuracy than a baseline method based on conventional
SS, while retaining a satisfactory level of robustness.
Related papers
- An Efficient Watermarking Method for Latent Diffusion Models via Low-Rank Adaptation [21.058231817498115]
We propose an efficient watermarking method for latent diffusion models (LDMs) based on Low-Rank Adaptation (LoRA)
We show that the proposed method ensures fast watermark embedding and maintains a very low bit error rate of the watermark, a high-quality of the generated image, and a zero false negative rate (FNR) for verification.
arXiv Detail & Related papers (2024-10-26T15:23:49Z) - JIGMARK: A Black-Box Approach for Enhancing Image Watermarks against Diffusion Model Edits [76.25962336540226]
JIGMARK is a first-of-its-kind watermarking technique that enhances robustness through contrastive learning.
Our evaluation reveals that JIGMARK significantly surpasses existing watermarking solutions in resilience to diffusion-model edits.
arXiv Detail & Related papers (2024-06-06T03:31:41Z) - Wide Flat Minimum Watermarking for Robust Ownership Verification of GANs [23.639074918667625]
We propose a novel multi-bit box-free watermarking method for GANs with improved robustness against white-box attacks.
The watermark is embedded by adding an extra watermarking loss term during GAN training.
We show that the presence of the watermark has a negligible impact on the quality of the generated images.
arXiv Detail & Related papers (2023-10-25T18:38:10Z) - Reversible Quantization Index Modulation for Static Deep Neural Network
Watermarking [57.96787187733302]
Reversible data hiding (RDH) methods offer a potential solution, but existing approaches suffer from weaknesses in terms of usability, capacity, and fidelity.
We propose a novel RDH-based static DNN watermarking scheme using quantization index modulation (QIM)
Our scheme incorporates a novel approach based on a one-dimensional quantizer for watermark embedding.
arXiv Detail & Related papers (2023-05-29T04:39:17Z) - Deep Boosting Robustness of DNN-based Image Watermarking via DBMark [3.9394166162483835]
We present DBMark, a new end-to-end digital image watermarking framework to boost the robustness of DNN-based image watermarking.
The framework generates watermark features with redundancy and error correction ability through message processing, synergized with the powerful information embedding and extraction capabilities of Invertible Neural Networks.
arXiv Detail & Related papers (2022-10-25T07:09:49Z) - Exploring Structure Consistency for Deep Model Watermarking [122.38456787761497]
The intellectual property (IP) of Deep neural networks (DNNs) can be easily stolen'' by surrogate model attack.
We propose a new watermarking methodology, namely structure consistency'', based on which a new deep structure-aligned model watermarking algorithm is designed.
arXiv Detail & Related papers (2021-08-05T04:27:15Z) - Reversible Watermarking in Deep Convolutional Neural Networks for
Integrity Authentication [78.165255859254]
We propose a reversible watermarking algorithm for integrity authentication.
The influence of embedding reversible watermarking on the classification performance is less than 0.5%.
At the same time, the integrity of the model can be verified by applying the reversible watermarking.
arXiv Detail & Related papers (2021-04-09T09:32:21Z) - Fine-tuning Is Not Enough: A Simple yet Effective Watermark Removal
Attack for DNN Models [72.9364216776529]
We propose a novel watermark removal attack from a different perspective.
We design a simple yet powerful transformation algorithm by combining imperceptible pattern embedding and spatial-level transformations.
Our attack can bypass state-of-the-art watermarking solutions with very high success rates.
arXiv Detail & Related papers (2020-09-18T09:14:54Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.