Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
125 tokens/sec
GPT-4o
47 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

RAW: A Robust and Agile Plug-and-Play Watermark Framework for AI-Generated Images with Provable Guarantees (2403.18774v1)

Published 23 Jan 2024 in cs.CV, cs.CR, and cs.LG

Abstract: Safeguarding intellectual property and preventing potential misuse of AI-generated images are of paramount importance. This paper introduces a robust and agile plug-and-play watermark detection framework, dubbed as RAW. As a departure from traditional encoder-decoder methods, which incorporate fixed binary codes as watermarks within latent representations, our approach introduces learnable watermarks directly into the original image data. Subsequently, we employ a classifier that is jointly trained with the watermark to detect the presence of the watermark. The proposed framework is compatible with various generative architectures and supports on-the-fly watermark injection after training. By incorporating state-of-the-art smoothing techniques, we show that the framework provides provable guarantees regarding the false positive rate for misclassifying a watermarked image, even in the presence of certain adversarial attacks targeting watermark removal. Experiments on a diverse range of images generated by state-of-the-art diffusion models reveal substantial performance enhancements compared to existing approaches. For instance, our method demonstrates a notable increase in AUROC, from 0.48 to 0.82, when compared to state-of-the-art approaches in detecting watermarked images under adversarial attacks, while maintaining image quality, as indicated by closely aligned FID and CLIP scores.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (58)
  1. Turning your weakness into a strength: Watermarking deep neural networks by backdooring. In 27th USENIX Security Symposium (USENIX Security 18), pages 1615–1631, 2018.
  2. Optimal spread spectrum watermark embedding via a multistep feasibility formulation. IEEE transactions on image processing, 18(2):371–387, 2009.
  3. Variational image compression with a scale hyperprior. arXiv preprint arXiv:1802.01436, 2018.
  4. Compressai: a pytorch library and evaluation platform for end-to-end compression research. arXiv preprint arXiv:2011.03029, 2020.
  5. On the dangers of stochastic parrots: Can language models be too big? In Proceedings of the 2021 ACM conference on fairness, accountability, and transparency, pages 610–623, 2021.
  6. Pin-Yu Chen. Model reprogramming: Resource-efficient cross-domain machine learning. arXiv preprint arXiv:2202.10629, 2022.
  7. A simple framework for contrastive learning of visual representations. In International conference on machine learning, pages 1597–1607. PMLR, 2020.
  8. Learned image compression with discretized gaussian mixture likelihoods and attention modules. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition, pages 7939–7948, 2020.
  9. Certified adversarial robustness via randomized smoothing. In international conference on machine learning, pages 1310–1320. PMLR, 2019.
  10. Digital watermarking and steganography. Morgan kaufmann, 2007.
  11. Secure spread spectrum watermarking for images, audio and video. In Proceedings of 3rd IEEE international conference on image processing, pages 243–246. IEEE, 1996.
  12. Randomized smoothing for stochastic optimization. SIAM Journal on Optimization, 22(2):674–701, 2012.
  13. Watermarking images in self-supervised latent spaces. In ICASSP 2022-2022 IEEE International Conference on Acoustics, Speech and Signal Processing (ICASSP), pages 3054–3058. IEEE, 2022.
  14. The stable signature: Rooting watermarks in latent diffusion models. arXiv preprint arXiv:2303.15435, 2023.
  15. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572, 2014.
  16. Badnets: Identifying vulnerabilities in the machine learning model supply chain. arXiv preprint arXiv:1708.06733, 2017.
  17. Review on video watermarking techniques in spatial and transform domain. In Information Systems Design and Intelligent Applications: Proceedings of Third International Conference INDIA 2016, Volume 2, pages 683–691. Springer, 2016.
  18. Watermarking of uncompressed and compressed video. Signal processing, 66(3):283–301, 1998.
  19. Generating steganographic images via adversarial training. Advances in neural information processing systems, 30, 2017.
  20. Dct-domain watermarking techniques for still images: Detector performance analysis and a new structure. IEEE transactions on image processing, 9(1):55–68, 2000.
  21. Gans trained by a two time-scale update rule converge to a local nash equilibrium. Advances in neural information processing systems, 30, 2017.
  22. A new public watermarking algorithm for rgb color image based on quantization index modulation. In 2009 International Conference on Information and Automation, pages 837–841. IEEE, 2009.
  23. Discrete wavelet transform based video watermarking technique. In 2016 International Conference on Microelectronics, Computing and Communications (MicroCom), pages 1–6. IEEE, 2016.
  24. Exploring the learning capabilities of convolutional neural networks for robust image watermarking. Computers & Security, 65:247–268, 2017.
  25. Supervised contrastive learning. Advances in neural information processing systems, 33:18661–18673, 2020.
  26. Wouaf: Weight modulation for user attribution and fingerprinting in text-to-image diffusion models. arXiv preprint arXiv:2306.04744, 2023.
  27. Transform domain video watermarking: Design, implementation and performance analysis. In 2012 International Conference on Communication Systems and Network Technologies, pages 133–137. IEEE, 2012.
  28. Adversarial frontier stitching for remote neural network watermarking. Neural Computing and Applications, 32:9233–9244, 2020.
  29. Distribution-free prediction bands for non-parametric regression. Journal of the Royal Statistical Society Series B: Statistical Methodology, 76(1):71–96, 2014.
  30. Spread-transform dither modulation watermarking of deep neural network. Journal of Information Security and Applications, 63:103004, 2021.
  31. Microsoft coco: Common objects in context. In Computer Vision–ECCV 2014: 13th European Conference, Zurich, Switzerland, September 6-12, 2014, Proceedings, Part V 13, pages 740–755. Springer, 2014.
  32. Probabilistic margins for instance reweighting in adversarial training. Advances in Neural Information Processing Systems, 34:23258–23269, 2021.
  33. Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083, 2017.
  34. When does label smoothing help? Advances in neural information processing systems, 32, 2019.
  35. Rotation, scale and translation invariant digital image watermarking. In Proceedings of International Conference on Image Processing, pages 536–539. IEEE, 1997.
  36. Template based recovery of fourier-based watermarks using log-polar and log-log maps. In Proceedings IEEE international conference on multimedia computing and systems, pages 870–874. IEEE, 1999.
  37. Ioannis Pitas. A method for watermark casting on digital image. IEEE Transactions on Circuits and Systems for Video Technology, 8(6):775–780, 1998.
  38. Learning transferable visual models from natural language supervision. In International conference on machine learning, pages 8748–8763. PMLR, 2021.
  39. Hierarchical text-conditional image generation with clip latents, 2022. URL https://arxiv. org/abs/2204.06125, 7, 2022.
  40. High-resolution image synthesis with latent diffusion models. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition, pages 10684–10695, 2022.
  41. Matthew Sag. Copyright safety for generative ai. Forthcoming in the Houston Law Review, 2023.
  42. Provably robust deep learning via adversarially trained smoothed classifiers. Advances in Neural Information Processing Systems, 32, 2019.
  43. Denoising diffusion implicit models. arXiv preprint arXiv:2010.02502, 2020.
  44. Stealing machine learning models via prediction {{\{{APIs}}\}}. In 25th USENIX security symposium (USENIX Security 16), pages 601–618, 2016.
  45. Embedding watermarks into deep neural networks. In Proceedings of the 2017 ACM on international conference on multimedia retrieval, pages 269–277, 2017.
  46. Vladimir N Vapnik. An overview of statistical learning theory. IEEE transactions on neural networks, 10(5):988–999, 1999.
  47. Luisa Verdoliva. Media forensics and deepfakes: an overview. IEEE Journal of Selected Topics in Signal Processing, 14(5):910–932, 2020.
  48. Algorithmic learning in a random world. Springer, 2005.
  49. Watermarking for out-of-distribution detection. Advances in Neural Information Processing Systems, 35:15545–15557, 2022a.
  50. Diffusiondb: A large-scale prompt gallery dataset for text-to-image generative models. arXiv preprint arXiv:2210.14896, 2022b.
  51. Tree-ring watermarks: Fingerprints for diffusion images that are invisible and robust. arXiv preprint arXiv:2305.20030, 2023.
  52. Wikipedia contributors. Stable diffusion, 2023.
  53. Understanding model extraction games. In 2022 IEEE 4th International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications (TPS-ISA), pages 285–294. IEEE, 2022.
  54. Understanding backdoor attacks through the adaptability hypothesis. In Conference on Neural Information Processing Systems (NeurIPS), 2023.
  55. Protecting intellectual property of deep neural networks with watermarking. In Proceedings of the 2018 on Asia conference on computer and communications security, pages 159–172, 2018.
  56. Robust invisible video watermarking with attention. arXiv preprint arXiv:1909.01285, 2019.
  57. A recipe for watermarking diffusion models. arXiv preprint arXiv:2303.10137, 2023.
  58. Hidden: Hiding data with deep networks. In Proceedings of the European conference on computer vision (ECCV), pages 657–672, 2018.
Citations (3)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now