DiffWA: Diffusion Models for Watermark Attack

• URL: http://arxiv.org/abs/2306.12790v1
• Date: Thu, 22 Jun 2023 10:45:49 GMT
• Title: DiffWA: Diffusion Models for Watermark Attack
• Authors: Xinyu Li
• Abstract summary: We propose DiffWA, a conditional diffusion model with distance guidance for watermark attack. The core of our method is training an image-to-image conditional diffusion model on unwatermarked images. The results show that the model can remove the watermark with good effect and make the bit error rate of watermark extraction higher than 0.4.
• Score: 8.102989872457156
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: With the rapid development of deep neural networks(DNNs), many robust blind watermarking algorithms and frameworks have been proposed and achieved good results. At present, the watermark attack algorithm can not compete with the watermark addition algorithm. And many watermark attack algorithms only care about interfering with the normal extraction of the watermark, and the watermark attack will cause great visual loss to the image. To this end, we propose DiffWA, a conditional diffusion model with distance guidance for watermark attack, which can restore the image while removing the embedded watermark. The core of our method is training an image-to-image conditional diffusion model on unwatermarked images and guiding the conditional model using a distance guidance when sampling so that the model will generate unwatermarked images which is similar to original images. We conducted experiments on CIFAR-10 using our proposed models. The results shows that the model can remove the watermark with good effect and make the bit error rate of watermark extraction higher than 0.4. At the same time, the attacked image will maintain good visual effect with PSNR more than 31 and SSIM more than 0.97 compared with the original image.

Related papers

• An undetectable watermark for generative image models [65.31658824274894]
  We present the first undetectable watermarking scheme for generative image models. In particular, an undetectable watermark does not degrade image quality under any efficiently computable metric. Our scheme works by selecting the initial latents of a diffusion model using a pseudorandom error-correcting code.
  arXiv  Detail & Related papers  (2024-10-09T18:33:06Z)
• Gaussian Shading: Provable Performance-Lossless Image Watermarking for Diffusion Models [71.13610023354967]
  Copyright protection and inappropriate content generation pose challenges for the practical implementation of diffusion models. We propose a diffusion model watermarking technique that is both performance-lossless and training-free.
  arXiv  Detail & Related papers  (2024-04-07T13:30:10Z)
• RAW: A Robust and Agile Plug-and-Play Watermark Framework for AI-Generated Images with Provable Guarantees [33.61946642460661]
  This paper introduces a robust and agile watermark detection framework, dubbed as RAW. We employ a classifier that is jointly trained with the watermark to detect the presence of the watermark. We show that the framework provides provable guarantees regarding the false positive rate for misclassifying a watermarked image.
  arXiv  Detail & Related papers  (2024-01-23T22:00:49Z)
• Wide Flat Minimum Watermarking for Robust Ownership Verification of GANs [23.639074918667625]
  We propose a novel multi-bit box-free watermarking method for GANs with improved robustness against white-box attacks. The watermark is embedded by adding an extra watermarking loss term during GAN training. We show that the presence of the watermark has a negligible impact on the quality of the generated images.
  arXiv  Detail & Related papers  (2023-10-25T18:38:10Z)
• Towards Robust Model Watermark via Reducing Parametric Vulnerability [57.66709830576457]
  backdoor-based ownership verification becomes popular recently, in which the model owner can watermark the model. We propose a mini-max formulation to find these watermark-removed models and recover their watermark behavior. Our method improves the robustness of the model watermarking against parametric changes and numerous watermark-removal attacks.
  arXiv  Detail & Related papers  (2023-09-09T12:46:08Z)
• Customized Watermarking for Deep Neural Networks via Label Distribution Perturbation [3.3453601632404064]
  We propose a new framework, Unified Soft-label Perturbation (USP), having a detector paired with the model to be watermarked, and Customized Soft-label Perturbation (CSP), embedding watermark via adding into the model output probability distribution. We achieve 98.68% watermark accuracy while only affecting the main task accuracy by 0.59%.
  arXiv  Detail & Related papers  (2022-08-10T08:27:26Z)
• Certified Neural Network Watermarks with Randomized Smoothing [64.86178395240469]
  We propose a certifiable watermarking method for deep learning models. We show that our watermark is guaranteed to be unremovable unless the model parameters are changed by more than a certain l2 threshold. Our watermark is also empirically more robust compared to previous watermarking methods.
  arXiv  Detail & Related papers  (2022-07-16T16:06:59Z)
• Exploring Structure Consistency for Deep Model Watermarking [122.38456787761497]
  The intellectual property (IP) of Deep neural networks (DNNs) can be easily stolen'' by surrogate model attack. We propose a new watermarking methodology, namely structure consistency'', based on which a new deep structure-aligned model watermarking algorithm is designed.
  arXiv  Detail & Related papers  (2021-08-05T04:27:15Z)
• Piracy-Resistant DNN Watermarking by Block-Wise Image Transformation with Secret Key [15.483078145498085]
  The proposed method embeds a watermark pattern in a model by using learnable transformed images. It is piracy-resistant, so the original watermark cannot be overwritten by a pirated watermark. The results show that it was resilient against fine-tuning and pruning attacks while maintaining a high watermark-detection accuracy.
  arXiv  Detail & Related papers  (2021-04-09T08:21:53Z)
• Fine-tuning Is Not Enough: A Simple yet Effective Watermark Removal Attack for DNN Models [72.9364216776529]
  We propose a novel watermark removal attack from a different perspective. We design a simple yet powerful transformation algorithm by combining imperceptible pattern embedding and spatial-level transformations. Our attack can bypass state-of-the-art watermarking solutions with very high success rates.
  arXiv  Detail & Related papers  (2020-09-18T09:14:54Z)
• Generating Image Adversarial Examples by Embedding Digital Watermarks [38.93689142953098]
  We propose a novel digital watermark-based method to generate image adversarial examples to fool deep neural network (DNN) models. We devise an efficient mechanism to select host images and watermark images and utilize the improved discrete wavelet transform (DWT) based watermarking algorithm. Our scheme is able to generate a large number of adversarial examples efficiently, concretely, an average of 1.17 seconds for completing the attacks on each image on the CIFAR-10 dataset.
  arXiv  Detail & Related papers  (2020-08-14T09:03:26Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.