Unified High-binding Watermark for Unconditional Image Generation Models

• URL: http://arxiv.org/abs/2310.09479v1
• Date: Sat, 14 Oct 2023 03:26:21 GMT
• Title: Unified High-binding Watermark for Unconditional Image Generation Models
• Authors: Ruinan Ma, Yu-an Tan, Shangbo Wu, Tian Chen, Yajie Wang, Yuanzhang Li
• Abstract summary: An attacker can steal the output images of the target model and use them as part of the training data to train a private surrogate UIG model. We propose a two-stage unified watermark verification mechanism with high-binding effects. Experiments demonstrate our method can complete the verification work with almost zero false positive rate.
• Score: 7.4037644261198885
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Deep learning techniques have implemented many unconditional image generation (UIG) models, such as GAN, Diffusion model, etc. The extremely realistic images (also known as AI-Generated Content, AIGC for short) produced by these models bring urgent needs for intellectual property protection such as data traceability and copyright certification. An attacker can steal the output images of the target model and use them as part of the training data to train a private surrogate UIG model. The implementation mechanisms of UIG models are diverse and complex, and there is no unified and effective protection and verification method at present. To address these issues, we propose a two-stage unified watermark verification mechanism with high-binding effects for such models. In the first stage, we use an encoder to invisibly write the watermark image into the output images of the original AIGC tool, and reversely extract the watermark image through the corresponding decoder. In the second stage, we design the decoder fine-tuning process, and the fine-tuned decoder can make correct judgments on whether the suspicious model steals the original AIGC tool data. Experiments demonstrate our method can complete the verification work with almost zero false positive rate under the condition of only using the model output images. Moreover, the proposed method can achieve data steal verification across different types of UIG models, which further increases the practicality of the method.

Related papers

• Towards Effective User Attribution for Latent Diffusion Models via Watermark-Informed Blending [54.26862913139299]
  We introduce a novel framework Towards Effective user Attribution for latent diffusion models via Watermark-Informed Blending (TEAWIB) TEAWIB incorporates a unique ready-to-use configuration approach that allows seamless integration of user-specific watermarks into generative models. Experiments validate the effectiveness of TEAWIB, showcasing the state-of-the-art performance in perceptual quality and attribution accuracy.
  arXiv  Detail & Related papers  (2024-09-17T07:52:09Z)
• How to Trace Latent Generative Model Generated Images without Artificial Watermark? [88.04880564539836]
  Concerns have arisen regarding potential misuse related to images generated by latent generative models. We propose a latent inversion based method called LatentTracer to trace the generated images of the inspected model. Our experiments show that our method can distinguish the images generated by the inspected model and other images with a high accuracy and efficiency.
  arXiv  Detail & Related papers  (2024-05-22T05:33:47Z)
• AquaLoRA: Toward White-box Protection for Customized Stable Diffusion Models via Watermark LoRA [67.68750063537482]
  Diffusion models have achieved remarkable success in generating high-quality images. Recent works aim to let SD models output watermarked content for post-hoc forensics. We propose textttmethod as the first implementation under this scenario.
  arXiv  Detail & Related papers  (2024-05-18T01:25:47Z)
• A Watermark-Conditioned Diffusion Model for IP Protection [31.969286898467985]
  We propose a unified watermarking framework for content copyright protection within the context of diffusion models. To tackle this challenge, we propose a Watermark-conditioned Diffusion model called WaDiff. Our method is effective and robust in both the detection and owner identification tasks.
  arXiv  Detail & Related papers  (2024-03-16T11:08:15Z)
• RAW: A Robust and Agile Plug-and-Play Watermark Framework for AI-Generated Images with Provable Guarantees [33.61946642460661]
  This paper introduces a robust and agile watermark detection framework, dubbed as RAW. We employ a classifier that is jointly trained with the watermark to detect the presence of the watermark. We show that the framework provides provable guarantees regarding the false positive rate for misclassifying a watermarked image.
  arXiv  Detail & Related papers  (2024-01-23T22:00:49Z)
• Wide Flat Minimum Watermarking for Robust Ownership Verification of GANs [23.639074918667625]
  We propose a novel multi-bit box-free watermarking method for GANs with improved robustness against white-box attacks. The watermark is embedded by adding an extra watermarking loss term during GAN training. We show that the presence of the watermark has a negligible impact on the quality of the generated images.
  arXiv  Detail & Related papers  (2023-10-25T18:38:10Z)
• DIAGNOSIS: Detecting Unauthorized Data Usages in Text-to-image Diffusion Models [79.71665540122498]
  We propose a method for detecting unauthorized data usage by planting the injected content into the protected dataset. Specifically, we modify the protected images by adding unique contents on these images using stealthy image warping functions. By analyzing whether the model has memorized the injected content, we can detect models that had illegally utilized the unauthorized data.
  arXiv  Detail & Related papers  (2023-07-06T16:27:39Z)
• Securing Deep Generative Models with Universal Adversarial Signature [69.51685424016055]
  Deep generative models pose threats to society due to their potential misuse. In this paper, we propose to inject a universal adversarial signature into an arbitrary pre-trained generative model. The proposed method is validated on the FFHQ and ImageNet datasets with various state-of-the-art generative models.
  arXiv  Detail & Related papers  (2023-05-25T17:59:01Z)
• Robust Black-box Watermarking for Deep NeuralNetwork using Inverse Document Frequency [1.2502377311068757]
  We propose a framework for watermarking a Deep Neural Networks (DNNs) model designed for a textual domain. The proposed embedding procedure takes place in the model's training time, making the watermark verification stage straightforward. The experimental results show that watermarked models have the same accuracy as the original ones.
  arXiv  Detail & Related papers  (2021-03-09T17:56:04Z)
• Model Watermarking for Image Processing Networks [120.918532981871]
  How to protect the intellectual property of deep models is a very important but seriously under-researched problem. We propose the first model watermarking framework for protecting image processing models.
  arXiv  Detail & Related papers  (2020-02-25T18:36:18Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.