Related papers: Adversarial Shallow Watermarking

Adversarial Shallow Watermarking

URL: http://arxiv.org/abs/2504.19529v1
Date: Mon, 28 Apr 2025 07:12:20 GMT
Title: Adversarial Shallow Watermarking
Authors: Guobiao Li, Lei Tan, Yuliang Xue, Gaozhi Liu, Zhenxing Qian, Sheng Li, Xinpeng Zhang,
Abstract summary: We propose a novel watermarking framework to resist unknown distortions, namely Adversarial Shallow Watermarking (ASW)<n>ASW utilizes only a shallow decoder that is randomly parameterized and designed to be insensitive to distortions for watermarking extraction.<n>ASW achieves comparable results on known distortions and better robustness on unknown distortions.
Score: 33.580351668272215
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Recent advances in digital watermarking make use of deep neural networks for message embedding and extraction. They typically follow the ``encoder-noise layer-decoder''-based architecture. By deliberately establishing a differentiable noise layer to simulate the distortion of the watermarked signal, they jointly train the deep encoder and decoder to fit the noise layer to guarantee robustness. As a result, they are usually weak against unknown distortions that are not used in their training pipeline. In this paper, we propose a novel watermarking framework to resist unknown distortions, namely Adversarial Shallow Watermarking (ASW). ASW utilizes only a shallow decoder that is randomly parameterized and designed to be insensitive to distortions for watermarking extraction. During the watermark embedding, ASW freezes the shallow decoder and adversarially optimizes a host image until its updated version (i.e., the watermarked image) stably triggers the shallow decoder to output the watermark message. During the watermark extraction, it accurately recovers the message from the watermarked image by leveraging the insensitive nature of the shallow decoder against arbitrary distortions. Our ASW is training-free, encoder-free, and noise layer-free. Experiments indicate that the watermarked images created by ASW have strong robustness against various unknown distortions. Compared to the existing ``encoder-noise layer-decoder'' approaches, ASW achieves comparable results on known distortions and better robustness on unknown distortions.

Related papers

Decoder Gradient Shield: Provable and High-Fidelity Prevention of Gradient-Based Box-Free Watermark Removal [21.876772763530383]
Box-free watermarking can protect deep image-to-image models.<n>Box-free watermarking uses an encoder and a decoder, respectively, to embed into and extract from the model's output images invisible copyright marks.<n>In this paper, we reveal an overlooked vulnerability of the unprotected watermark decoder.<n>We propose the decoder gradient shield (DGS) as a protection layer in the decoder API to prevent gradient-based watermark removal.
arXiv Detail & Related papers (2025-02-28T10:27:14Z)
A self-supervised CNN for image watermark removal [102.94929746450902]
We propose a self-supervised convolutional neural network (CNN) in image watermark removal (SWCNN) SWCNN uses a self-supervised way to construct reference watermarked images rather than given paired training samples, according to watermark distribution. Taking into account texture information, a mixed loss is exploited to improve visual effects of image watermark removal.
arXiv Detail & Related papers (2024-03-09T05:59:48Z)
Perceptive self-supervised learning network for noisy image watermark removal [59.440951785128995]
We propose a perceptive self-supervised learning network for noisy image watermark removal (PSLNet) Our proposed method is very effective in comparison with popular convolutional neural networks (CNNs) for noisy image watermark removal.
arXiv Detail & Related papers (2024-03-04T16:59:43Z)
Robust-Wide: Robust Watermarking against Instruction-driven Image Editing [21.69779516621288]
Malicious users can easily exploit instruction-driven image editing to create fake images. We propose Robust-Wide, the first robust watermarking methodology against instruction-driven image editing. Experiments demonstrate that Robust-Wide can effectively extract the watermark from the edited image with a low bit error rate of nearly 2.6%.
arXiv Detail & Related papers (2024-02-20T03:33:54Z)
FT-Shield: A Watermark Against Unauthorized Fine-tuning in Text-to-Image Diffusion Models [64.89896692649589]
We propose FT-Shield, a watermarking solution tailored for the fine-tuning of text-to-image diffusion models. FT-Shield addresses copyright protection challenges by designing new watermark generation and detection strategies.
arXiv Detail & Related papers (2023-10-03T19:50:08Z)
An Unforgeable Publicly Verifiable Watermark for Large Language Models [84.2805275589553]
Current watermark detection algorithms require the secret key used in the watermark generation process, making them susceptible to security breaches and counterfeiting during public detection. We propose an unforgeable publicly verifiable watermark algorithm named UPV that uses two different neural networks for watermark generation and detection, instead of using the same key at both stages.
arXiv Detail & Related papers (2023-07-30T13:43:27Z)
Tree-Ring Watermarks: Fingerprints for Diffusion Images that are Invisible and Robust [55.91987293510401]
Watermarking the outputs of generative models is a crucial technique for tracing copyright and preventing potential harm from AI-generated content. We introduce a novel technique called Tree-Ring Watermarking that robustly fingerprints diffusion model outputs. Our watermark is semantically hidden in the image space and is far more robust than watermarking alternatives that are currently deployed.
arXiv Detail & Related papers (2023-05-31T17:00:31Z)
A Screen-Shooting Resilient Document Image Watermarking Scheme using Deep Neural Network [6.662095297079911]
This paper proposes a novel screen-shooting resilient watermarking scheme for document image using deep neural network. Specifically, our scheme is an end-to-end neural network with an encoder to embed watermark and a decoder to extract watermark. An embedding strength adjustment strategy is designed to improve the visual quality of the watermarked image with little loss of extraction accuracy.
arXiv Detail & Related papers (2022-03-10T07:19:44Z)
A Robust Document Image Watermarking Scheme using Deep Neural Network [10.938878993948517]
This paper proposes an end-to-end document image watermarking scheme using the deep neural network. Specifically, an encoder and a decoder are designed to embed and extract the watermark. A text-sensitive loss function is designed to limit the embedding modification on characters.
arXiv Detail & Related papers (2022-02-26T05:28:52Z)
Watermarking Images in Self-Supervised Latent Spaces [75.99287942537138]
We revisit watermarking techniques based on pre-trained deep networks, in the light of self-supervised approaches. We present a way to embed both marks and binary messages into their latent spaces, leveraging data augmentation at marking time.
arXiv Detail & Related papers (2021-12-17T15:52:46Z)
Robust Watermarking using Diffusion of Logo into Autoencoder Feature Maps [10.072876983072113]
In this paper, we propose to use an end-to-end network for watermarking. We use a convolutional neural network (CNN) to control the embedding strength based on the image content. Different image processing attacks are simulated as a network layer to improve the robustness of the model.
arXiv Detail & Related papers (2021-05-24T05:18:33Z)
Split then Refine: Stacked Attention-guided ResUNets for Blind Single Image Visible Watermark Removal [69.92767260794628]
Previous watermark removal methods require to gain the watermark location from users or train a multi-task network to recover the background indiscriminately. We propose a novel two-stage framework with a stacked attention-guided ResUNets to simulate the process of detection, removal and refinement. We extensively evaluate our algorithm over four different datasets under various settings and the experiments show that our approach outperforms other state-of-the-art methods by a large margin.
arXiv Detail & Related papers (2020-12-13T09:05:37Z)

This list is automatically generated from the titles and abstracts of the papers in this site.