Evaluation of Security of ML-based Watermarking: Copy and Removal Attacks
- URL: http://arxiv.org/abs/2409.18211v2
- Date: Fri, 4 Oct 2024 18:03:51 GMT
- Title: Evaluation of Security of ML-based Watermarking: Copy and Removal Attacks
- Authors: Vitaliy Kinakh, Brian Pulfer, Yury Belousov, Pierre Fernandez, Teddy Furon, Slava Voloshynovskiy,
- Abstract summary: Digital watermarking serves as a crucial approach to address these challenges.
This paper evaluates the security of foundation models' latent space digital watermarking systems that utilize adversarial embedding techniques.
- Score: 12.898088696134705
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: The vast amounts of digital content captured from the real world or AI-generated media necessitate methods for copyright protection, traceability, or data provenance verification. Digital watermarking serves as a crucial approach to address these challenges. Its evolution spans three generations: handcrafted, autoencoder-based, and foundation model based methods. While the robustness of these systems is well-documented, the security against adversarial attacks remains underexplored. This paper evaluates the security of foundation models' latent space digital watermarking systems that utilize adversarial embedding techniques. A series of experiments investigate the security dimensions under copy and removal attacks, providing empirical insights into these systems' vulnerabilities. All experimental codes and results are available at https://github.com/vkinakh/ssl-watermarking-attacks .
Related papers
- Media Integrity and Authentication: Status, Directions, and Futures [5.841269175925866]
We focus on distinguishing AI-generated media from authentic content captured by cameras and microphones.<n>We evaluate several approaches, including provenance, watermarking, and fingerprinting.
arXiv Detail & Related papers (2026-02-21T01:06:13Z) - SynthID-Image: Image watermarking at internet scale [55.5714762895087]
We introduce SynthID-Image, a deep learning-based system for invisibly watermarking AI-generated imagery.<n>This paper documents the technical desiderata, threat models, and practical challenges of deploying such a system at internet scale.
arXiv Detail & Related papers (2025-10-10T11:03:31Z) - Zero-Shot Visual Deepfake Detection: Can AI Predict and Prevent Fake Content Before It's Created? [7.89029114152292]
Deepfake threats to digital security, media integrity, and public trust have increased rapidly.<n>This research explored zero-shot deepfake detection, an emerging method even when the models have never seen a particular deepfake variation.
arXiv Detail & Related papers (2025-09-22T22:33:16Z) - Uncovering and Mitigating Destructive Multi-Embedding Attacks in Deepfake Proactive Forensics [17.112388802067425]
proactive forensics involves embedding imperceptible watermarks to enable reliable source tracking.<n>Existing methods rely on an idealized assumption of single watermark embedding, which proves impractical in real-world scenarios.<n>We propose a general training paradigm named Adversarial Interference Simulation (AIS) to address the vulnerability.<n>Our method enables the model to maintain the ability to extract the original watermark correctly even after a second embedding.
arXiv Detail & Related papers (2025-08-24T07:57:32Z) - Deep Learning Models for Robust Facial Liveness Detection [56.08694048252482]
This study introduces a robust solution through novel deep learning models addressing the deficiencies in contemporary anti-spoofing techniques.<n>By innovatively integrating texture analysis and reflective properties associated with genuine human traits, our models distinguish authentic presence from replicas with remarkable precision.
arXiv Detail & Related papers (2025-08-12T17:19:20Z) - When There Is No Decoder: Removing Watermarks from Stable Diffusion Models in a No-box Setting [37.85082375268253]
We study the robustness of model-specific watermarking, where watermark embedding is integrated with text-to-image generation.<n>We introduce three attack strategies: edge prediction-based, box blurring, and fine-tuning-based attacks in a no-box setting.<n>Our best-performing attack achieves a reduction in watermark detection accuracy to approximately 47.92%.
arXiv Detail & Related papers (2025-07-04T15:22:20Z) - Fractal Signatures: Securing AI-Generated Pollock-Style Art via Intrinsic Watermarking and Blockchain [0.0]
We generate artworks inspired by Jackson Pollock using their inherent mathematical complexity to create robust, imperceptible watermarks.<n>Our method embeds these watermarks, derived from fractal and turbulence features, directly into the artwork's structure.<n>This approach is then secured by linking the watermark to NFT metadata, ensuring immutable proof of ownership.
arXiv Detail & Related papers (2024-10-27T17:02:11Z) - On the Weaknesses of Backdoor-based Model Watermarking: An Information-theoretic Perspective [39.676548104635096]
Safeguarding the intellectual property of machine learning models has emerged as a pressing concern in AI security.
Model watermarking is a powerful technique for protecting ownership of machine learning models.
We propose a novel model watermarking scheme, In-distribution Watermark Embedding (IWE), to overcome the limitations of existing method.
arXiv Detail & Related papers (2024-09-10T00:55:21Z) - Robustness of Watermarking on Text-to-Image Diffusion Models [9.277492743469235]
We investigate the robustness of generative watermarking, which is created from the integration of watermarking embedding and text-to-image generation processing.
We found that generative watermarking methods are robust to direct evasion attacks, like discriminator-based attacks, or manipulation based on the edge information in edge prediction-based attacks but vulnerable to malicious fine-tuning.
arXiv Detail & Related papers (2024-08-04T13:59:09Z) - Certifiably Robust Image Watermark [57.546016845801134]
Generative AI raises many societal concerns such as boosting disinformation and propaganda campaigns.
Watermarking AI-generated content is a key technology to address these concerns.
We propose the first image watermarks with certified robustness guarantees against removal and forgery attacks.
arXiv Detail & Related papers (2024-07-04T17:56:04Z) - Principles of Designing Robust Remote Face Anti-Spoofing Systems [60.05766968805833]
This paper sheds light on the vulnerabilities of state-of-the-art face anti-spoofing methods against digital attacks.
It presents a comprehensive taxonomy of common threats encountered in face anti-spoofing systems.
arXiv Detail & Related papers (2024-06-06T02:05:35Z) - ModelShield: Adaptive and Robust Watermark against Model Extraction Attack [58.46326901858431]
Large language models (LLMs) demonstrate general intelligence across a variety of machine learning tasks.
adversaries can still utilize model extraction attacks to steal the model intelligence encoded in model generation.
Watermarking technology offers a promising solution for defending against such attacks by embedding unique identifiers into the model-generated content.
arXiv Detail & Related papers (2024-05-03T06:41:48Z) - Safe and Robust Watermark Injection with a Single OoD Image [90.71804273115585]
Training a high-performance deep neural network requires large amounts of data and computational resources.
We propose a safe and robust backdoor-based watermark injection technique.
We induce random perturbation of model parameters during watermark injection to defend against common watermark removal attacks.
arXiv Detail & Related papers (2023-09-04T19:58:35Z) - EPASAD: Ellipsoid decision boundary based Process-Aware Stealthy Attack
Detector [9.002791610276834]
We present EPASAD, which improves the detection technique used in PASAD to detect micro-stealthy attacks.
Our method EPASAD overcomes this by using Ellipsoid boundaries, thereby tightening the boundaries in various dimensions.
The results show that EPASAD improves PASAD's average recall by 5.8% and 9.5% for the two datasets.
arXiv Detail & Related papers (2022-04-08T16:06:10Z) - SoK: How Robust is Image Classification Deep Neural Network
Watermarking? (Extended Version) [16.708069984516964]
We evaluate whether recently proposed watermarking schemes that claim robustness are robust against a large set of removal attacks.
None of the surveyed watermarking schemes is robust in practice datasets.
We show that watermarking schemes need to be evaluated against a more extensive set of removal attacks with a more realistic adversary model.
arXiv Detail & Related papers (2021-08-11T00:23:33Z) - Exploring Structure Consistency for Deep Model Watermarking [122.38456787761497]
The intellectual property (IP) of Deep neural networks (DNNs) can be easily stolen'' by surrogate model attack.
We propose a new watermarking methodology, namely structure consistency'', based on which a new deep structure-aligned model watermarking algorithm is designed.
arXiv Detail & Related papers (2021-08-05T04:27:15Z) - Reversible Watermarking in Deep Convolutional Neural Networks for
Integrity Authentication [78.165255859254]
We propose a reversible watermarking algorithm for integrity authentication.
The influence of embedding reversible watermarking on the classification performance is less than 0.5%.
At the same time, the integrity of the model can be verified by applying the reversible watermarking.
arXiv Detail & Related papers (2021-04-09T09:32:21Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.