Related papers: RecoverMark: Robust Watermarking for Localization and Recovery of Manipulated Faces

RecoverMark: Robust Watermarking for Localization and Recovery of Manipulated Faces

URL: http://arxiv.org/abs/2602.20618v1
Date: Tue, 24 Feb 2026 07:11:40 GMT
Title: RecoverMark: Robust Watermarking for Localization and Recovery of Manipulated Faces
Authors: Haonan An, Xiaohui Ye, Guang Hua, Yihang Tao, Hangcheng Cao, Xiangyu Yu, Yuguang Fang,
Abstract summary: We propose RecoverMark, a watermarking framework that achieves robust manipulation localization, content recovery, and ownership verification simultaneously.<n>Our key insight is twofold. First, we exploit a critical real-world constraint: an adversary must preserve the background's semantic consistency to avoid visual detection.<n>Based on these insights, RecoverMark treats the protected face content itself as the watermark and embeds it into the surrounding background.
Score: 16.612226216769262
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: The proliferation of AI-generated content has facilitated sophisticated face manipulation, severely undermining visual integrity and posing unprecedented challenges to intellectual property. In response, a common proactive defense leverages fragile watermarks to detect, localize, or even recover manipulated regions. However, these methods always assume an adversary unaware of the embedded watermark, overlooking their inherent vulnerability to watermark removal attacks. Furthermore, this fragility is exacerbated in the commonly used dual-watermark strategy that adds a robust watermark for image ownership verification, where mutual interference and limited embedding capacity reduce the fragile watermark's effectiveness. To address the gap, we propose RecoverMark, a watermarking framework that achieves robust manipulation localization, content recovery, and ownership verification simultaneously. Our key insight is twofold. First, we exploit a critical real-world constraint: an adversary must preserve the background's semantic consistency to avoid visual detection, even if they apply global, imperceptible watermark removal attacks. Second, using the image's own content (face, in this paper) as the watermark enhances extraction robustness. Based on these insights, RecoverMark treats the protected face content itself as the watermark and embeds it into the surrounding background. By designing a robust two-stage training paradigm with carefully crafted distortion layers that simulate comprehensive potential attacks and a progressive training strategy, RecoverMark achieves a robust watermark embedding in no fragile manner for image manipulation localization, recovery, and image IP protection simultaneously. Extensive experiments demonstrate the proposed RecoverMark's robustness against both seen and unseen attacks and its generalizability to in-distribution and out-of-distribution data.

Related papers

Vanishing Watermarks: Diffusion-Based Image Editing Undermines Robust Invisible Watermarking [3.583615559438432]
Powerful diffusion-based image generation and editing techniques now pose a new threat to robust invisible watermarking schemes.<n>We show that diffusion models can effectively erase robust watermarks even when those watermarks were designed to withstand conventional distortions.<n>We introduce a guided diffusion-based attack that explicitly targets the embedded watermark signal during generation, significantly degrading watermark detectability.
arXiv Detail & Related papers (2026-02-24T08:34:48Z)
DeMark: A Query-Free Black-Box Attack on Deepfake Watermarking Defenses [25.492274324587058]
DeMark is a query-free black-box attack framework that targets defensive image watermarking schemes for deepfakes.<n>We exploit latent-space vulnerabilities in encoder-decoder watermarking models through a compressive sensing based sparsification process.<n>DeMark reduces watermark detection accuracy from 100% to 32.9% on average while maintaining natural visual quality.
arXiv Detail & Related papers (2026-01-23T06:04:43Z)
RAVEN: Erasing Invisible Watermarks via Novel View Synthesis [35.417500510522835]
In this work, we expose a fundamental vulnerability in invisible watermarks by reformulating watermark removal as a view synthesis problem.<n>Our key insight is that generating a perceptually consistent alternative view of the same semantic content, naturally removes the embedded watermark while preserving visual fidelity.<n>We introduce a zero-shot diffusion-based framework that applies controlled geometric transformations in latent space, augmented with view-guided correspondence attention to maintain structural consistency during reconstruction.
arXiv Detail & Related papers (2026-01-13T18:59:58Z)
ComMark: Covert and Robust Black-Box Model Watermarking with Compressed Samples [14.929889375744368]
ComMark is a novel black-box model watermarking framework.<n>We show that ComMark achieves state-of-the-art performance in both covertness and robustness.<n>We extend its applicability beyond image recognition to tasks including speech recognition, sentiment analysis, image generation, image captioning, and video recognition.
arXiv Detail & Related papers (2025-12-16T05:10:32Z)
Diffusion-Based Image Editing for Breaking Robust Watermarks [4.273350357872755]
Powerful diffusion-based image generation and editing techniques pose a new threat to robust watermarking schemes.<n>We show that a diffusion-driven image regeneration'' process can erase embedded watermarks while preserving image content.<n>We introduce a novel guided diffusion attack that explicitly targets the watermark signal during generation, significantly degrading watermark detectability.
arXiv Detail & Related papers (2025-10-07T14:34:42Z)
Learning Generalizable and Efficient Image Watermarking via Hierarchical Two-Stage Optimization [90.13049455759358]
We propose a two-stage optimization that enable a watermarking model to simultaneously achieve three criteria.<n>HiWL effectively learns generalizable latent-space watermark representations while maintaining broad applicability.<n>It achieves 7.6% higher accuracy in watermark extraction than existing methods, while maintaining extremely low latency (100K images processed in 8s)
arXiv Detail & Related papers (2025-08-12T06:21:27Z)
TAG-WM: Tamper-Aware Generative Image Watermarking via Diffusion Inversion Sensitivity [76.98973481600002]
This paper proposes a Tamper-Aware Generative image WaterMarking method named TAG-WM.<n>The proposed method comprises four key modules: a dual-mark joint sampling (DMJS) algorithm for embedding copyright and localization watermarks into the latent space while preserving generative quality.<n>The experimental results demonstrate that TAG-WM achieves state-of-the-art performance in both tampering robustness and localization capability even under distortion.
arXiv Detail & Related papers (2025-06-30T03:14:07Z)
Optimization-Free Universal Watermark Forgery with Regenerative Diffusion Models [50.73220224678009]
Watermarking can be used to verify the origin of synthetic images generated by artificial intelligence models.<n>Recent studies demonstrate the capability to forge watermarks from a target image onto cover images via adversarial techniques.<n>In this paper, we uncover a greater risk of an optimization-free and universal watermark forgery.<n>Our approach significantly broadens the scope of attacks, presenting a greater challenge to the security of current watermarking techniques.
arXiv Detail & Related papers (2025-06-06T12:08:02Z)
Certifiably Robust Image Watermark [57.546016845801134]
Generative AI raises many societal concerns such as boosting disinformation and propaganda campaigns. Watermarking AI-generated content is a key technology to address these concerns. We propose the first image watermarks with certified robustness guarantees against removal and forgery attacks.
arXiv Detail & Related papers (2024-07-04T17:56:04Z)
Removing Interference and Recovering Content Imaginatively for Visible Watermark Removal [63.576748565274706]
This study introduces the Removing Interference and Recovering Content Imaginatively (RIRCI) framework. RIRCI embodies a two-stage approach: the initial phase centers on discerning and segregating the watermark component, while the subsequent phase focuses on background content restoration. To achieve meticulous background restoration, our proposed model employs a dual-path network capable of fully exploring the intrinsic background information beneath semi-transparent watermarks.
arXiv Detail & Related papers (2023-12-22T02:19:23Z)
T2IW: Joint Text to Image & Watermark Generation [74.20148555503127]
We introduce a novel task for the joint generation of text to image and watermark (T2IW) This T2IW scheme ensures minimal damage to image quality when generating a compound image by forcing the semantic feature and the watermark signal to be compatible in pixels. We demonstrate remarkable achievements in image quality, watermark invisibility, and watermark robustness, supported by our proposed set of evaluation metrics.
arXiv Detail & Related papers (2023-09-07T16:12:06Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.