Supervised GAN Watermarking for Intellectual Property Protection

• URL: http://arxiv.org/abs/2209.03466v1
• Date: Wed, 7 Sep 2022 20:52:05 GMT
• Title: Supervised GAN Watermarking for Intellectual Property Protection
• Authors: Jianwei Fei, Zhihua Xia, Benedetta Tondi, Mauro Barni
• Abstract summary: We propose a watermarking method for Generative Adversarial Networks (GANs) The aim is to watermark the GAN model so that any image generated by the GAN contains an invisible watermark (signature) Results show that our method can effectively embed an invisible watermark inside the generated images.
• Score: 33.827150843939094
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: We propose a watermarking method for protecting the Intellectual Property (IP) of Generative Adversarial Networks (GANs). The aim is to watermark the GAN model so that any image generated by the GAN contains an invisible watermark (signature), whose presence inside the image can be checked at a later stage for ownership verification. To achieve this goal, a pre-trained CNN watermarking decoding block is inserted at the output of the generator. The generator loss is then modified by including a watermark loss term, to ensure that the prescribed watermark can be extracted from the generated images. The watermark is embedded via fine-tuning, with reduced time complexity. Results show that our method can effectively embed an invisible watermark inside the generated images. Moreover, our method is a general one and can work with different GAN architectures, different tasks, and different resolutions of the output image. We also demonstrate the good robustness performance of the embedded watermark against several post-processing, among them, JPEG compression, noise addition, blurring, and color transformations.

Related papers

• ROBIN: Robust and Invisible Watermarks for Diffusion Models with Adversarial Optimization [15.570148419846175]
  Existing watermarking methods face the challenge of balancing robustness and concealment. This paper introduces a watermark hiding process to actively achieve concealment, thus allowing the embedding of stronger watermarks. Experiments on various diffusion models demonstrate the watermark remains verifiable even under significant image tampering.
  arXiv  Detail & Related papers  (2024-11-06T12:14:23Z)
• ESpeW: Robust Copyright Protection for LLM-based EaaS via Embedding-Specific Watermark [50.08021440235581]
  Embeds as a Service (Eding) is emerging as a crucial role in AI applications. Eding is vulnerable to model extraction attacks, highlighting the urgent need for copyright protection. We propose a novel embedding-specific watermarking (ESpeW) mechanism to offer robust copyright protection for Eding.
  arXiv  Detail & Related papers  (2024-10-23T04:34:49Z)
• An undetectable watermark for generative image models [65.31658824274894]
  We present the first undetectable watermarking scheme for generative image models. In particular, an undetectable watermark does not degrade image quality under any efficiently computable metric. Our scheme works by selecting the initial latents of a diffusion model using a pseudorandom error-correcting code.
  arXiv  Detail & Related papers  (2024-10-09T18:33:06Z)
• RAW: A Robust and Agile Plug-and-Play Watermark Framework for AI-Generated Images with Provable Guarantees [33.61946642460661]
  This paper introduces a robust and agile watermark detection framework, dubbed as RAW. We employ a classifier that is jointly trained with the watermark to detect the presence of the watermark. We show that the framework provides provable guarantees regarding the false positive rate for misclassifying a watermarked image.
  arXiv  Detail & Related papers  (2024-01-23T22:00:49Z)
• TrustMark: Universal Watermarking for Arbitrary Resolution Images [21.74309490023683]
  Imperceptible digital watermarking is important in copyright protection, misinformation prevention and responsible generative GAN. We propose a GAN-based watermarking method with novel design in architecture and introduce TrustMark-RM - a watermark remover method. Our methods achieve state-of-art performance on 3 benchmarks comprising arbitrary encoded images.
  arXiv  Detail & Related papers  (2023-11-30T07:03:36Z)
• Wide Flat Minimum Watermarking for Robust Ownership Verification of GANs [23.639074918667625]
  We propose a novel multi-bit box-free watermarking method for GANs with improved robustness against white-box attacks. The watermark is embedded by adding an extra watermarking loss term during GAN training. We show that the presence of the watermark has a negligible impact on the quality of the generated images.
  arXiv  Detail & Related papers  (2023-10-25T18:38:10Z)
• T2IW: Joint Text to Image & Watermark Generation [74.20148555503127]
  We introduce a novel task for the joint generation of text to image and watermark (T2IW) This T2IW scheme ensures minimal damage to image quality when generating a compound image by forcing the semantic feature and the watermark signal to be compatible in pixels. We demonstrate remarkable achievements in image quality, watermark invisibility, and watermark robustness, supported by our proposed set of evaluation metrics.
  arXiv  Detail & Related papers  (2023-09-07T16:12:06Z)
• Tree-Ring Watermarks: Fingerprints for Diffusion Images that are Invisible and Robust [55.91987293510401]
  Watermarking the outputs of generative models is a crucial technique for tracing copyright and preventing potential harm from AI-generated content. We introduce a novel technique called Tree-Ring Watermarking that robustly fingerprints diffusion model outputs. Our watermark is semantically hidden in the image space and is far more robust than watermarking alternatives that are currently deployed.
  arXiv  Detail & Related papers  (2023-05-31T17:00:31Z)
• Watermarking Images in Self-Supervised Latent Spaces [75.99287942537138]
  We revisit watermarking techniques based on pre-trained deep networks, in the light of self-supervised approaches. We present a way to embed both marks and binary messages into their latent spaces, leveraging data augmentation at marking time.
  arXiv  Detail & Related papers  (2021-12-17T15:52:46Z)
• Piracy-Resistant DNN Watermarking by Block-Wise Image Transformation with Secret Key [15.483078145498085]
  The proposed method embeds a watermark pattern in a model by using learnable transformed images. It is piracy-resistant, so the original watermark cannot be overwritten by a pirated watermark. The results show that it was resilient against fine-tuning and pruning attacks while maintaining a high watermark-detection accuracy.
  arXiv  Detail & Related papers  (2021-04-09T08:21:53Z)
• Fine-tuning Is Not Enough: A Simple yet Effective Watermark Removal Attack for DNN Models [72.9364216776529]
  We propose a novel watermark removal attack from a different perspective. We design a simple yet powerful transformation algorithm by combining imperceptible pattern embedding and spatial-level transformations. Our attack can bypass state-of-the-art watermarking solutions with very high success rates.
  arXiv  Detail & Related papers  (2020-09-18T09:14:54Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.