Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
169 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Generative Watermarking Against Unauthorized Subject-Driven Image Synthesis (2306.07754v1)

Published 13 Jun 2023 in cs.CV and cs.CR

Abstract: Large text-to-image models have shown remarkable performance in synthesizing high-quality images. In particular, the subject-driven model makes it possible to personalize the image synthesis for a specific subject, e.g., a human face or an artistic style, by fine-tuning the generic text-to-image model with a few images from that subject. Nevertheless, misuse of subject-driven image synthesis may violate the authority of subject owners. For example, malicious users may use subject-driven synthesis to mimic specific artistic styles or to create fake facial images without authorization. To protect subject owners against such misuse, recent attempts have commonly relied on adversarial examples to indiscriminately disrupt subject-driven image synthesis. However, this essentially prevents any benign use of subject-driven synthesis based on protected images. In this paper, we take a different angle and aim at protection without sacrificing the utility of protected images for general synthesis purposes. Specifically, we propose GenWatermark, a novel watermark system based on jointly learning a watermark generator and a detector. In particular, to help the watermark survive the subject-driven synthesis, we incorporate the synthesis process in learning GenWatermark by fine-tuning the detector with synthesized images for a specific subject. This operation is shown to largely improve the watermark detection accuracy and also ensure the uniqueness of the watermark for each individual subject. Extensive experiments validate the effectiveness of GenWatermark, especially in practical scenarios with unknown models and text prompts (74% Acc.), as well as partial data watermarking (80% Acc. for 1/4 watermarking). We also demonstrate the robustness of GenWatermark to two potential countermeasures that substantially degrade the synthesis quality.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (69)
  1. https://midjourney.com/.
  2. Outguess. http://www.outguess.org.
  3. What the heck is civitai? https://civitai.com/content/guides/what-is-civitai.
  4. eDiff-I: Text-to-Image Diffusion Models with an Ensemble of Expert Denoisers. CoRR abs/2211.01324, 2022.
  5. Shumeet Baluja. Hiding Images in Plain Sight: Deep Steganography. In Annual Conference on Neural Information Processing Systems (NIPS), pages 2069–2079. NIPS, 2017.
  6. Mauro Barni. Steganography in Digital Media: Principles, Algorithms, and Applications. Cambridge University Press, 2014.
  7. Towards Evaluating the Robustness of Neural Networks. In IEEE Symposium on Security and Privacy (S&P), pages 39–57. IEEE, 2017.
  8. Watermarking security: theory and practice. IEEE Transactions on Signal Processing, 2005.
  9. Re-Imagen: Retrieval-Augmented Text-to-Image Generator. CoRR abs/2209.14491, 2022.
  10. LowKey: Leveraging Adversarial Attacks to Protect Social Media Users from Facial Recognition. In International Conference on Learning Representations (ICLR), 2021.
  11. StarGAN: Unified Generative Adversarial Networks for Multi-Domain Image-to-Image Translation. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pages 8789–8797. IEEE, 2018.
  12. Digital Watermarking. Springer, 2002.
  13. Discovering the Hidden Vocabulary of DALLE-2. CoRR abs/2206.00169, 2022.
  14. Dall·e mini, 7 2021.
  15. BERT: Pre-training of Deep Bidirectional Transformers for Language Understanding. In Conference of the North American Chapter of the Association for Computational Linguistics: Human Language Technologies (NAACL-HLT), pages 4171–4186. ACL, 2019.
  16. CogView: Mastering Text-to-Image Generation via Transformers. In Annual Conference on Neural Information Processing Systems (NeurIPS), pages 19822–19835. NeurIPS, 2021.
  17. An Image is Worth 16x16 Words: Transformers for Image Recognition at Scale. In International Conference on Learning Representations (ICLR), 2021.
  18. The Stable Signature: Rooting Watermarks in Latent Diffusion Models. CoRR abs/2303.15435, 2023.
  19. Patch-Fool: Are Vision Transformers Always Robust Against Adversarial Perturbations? In International Conference on Learning Representations (ICLR), 2022.
  20. An Image is Worth One Word: Personalizing Text-to-Image Generation using Textual Inversion. CoRR abs/2208.01618, 2022.
  21. Generative Adversarial Nets. In Annual Conference on Neural Information Processing Systems (NIPS), pages 2672–2680. NIPS, 2014.
  22. Explaining and Harnessing Adversarial Examples. In International Conference on Learning Representations (ICLR), 2015.
  23. Generating steganographic images via adversarial training. In Annual Conference on Neural Information Processing Systems (NIPS), pages 1954–1963. NIPS, 2017.
  24. Deep Residual Learning for Image Recognition. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pages 770–778. IEEE, 2016.
  25. GANs Trained by a Two Time-Scale Update Rule Converge to a Local Nash Equilibrium. In Annual Conference on Neural Information Processing Systems (NIPS), pages 6626–6637. NIPS, 2017.
  26. Universal distortion function for steganography in an arbitrary domain. EURASIP Journal on Information Security, 2014.
  27. Scaling Up Visual and Vision-Language Representation Learning With Noisy Text Supervision. In International Conference on Machine Learning (ICML), pages 4904–4916. PMLR, 2021.
  28. AttriGuard: A Practical Defense Against Attribute Inference Attacks via Adversarial Machine Learning. In USENIX Security Symposium (USENIX Security), pages 513–529. USENIX, 2018.
  29. A Style-Based Generator Architecture for Generative Adversarial Networks. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pages 4401–4410. IEEE, 2019.
  30. Imagic: Text-Based Real Image Editing with Diffusion Models. CoRR abs/2210.09276, 2022.
  31. Adversarial Examples in the Physical World. CoRR abs/1607.02533, 2016.
  32. Perceptual Adversarial Robustness: Defense Against Unseen Threat Models. In International Conference on Learning Representations (ICLR), 2021.
  33. Anti-DreamBooth: Protecting users from personalized text-to-image synthesis. CoRR abs/2303.15433, 2023.
  34. Object-Driven Text-To-Image Synthesis via Adversarial Training. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pages 1274–12182. IEEE, 2019.
  35. Adversarial Example Does Good: Preventing Painting Imitation from Diffusion Models via Adversarial Examples. CoRR abs/2302.04578, 2023.
  36. Image Shortcut Squeezing: Countering Perturbative Availability Poisons with Compression. CoRR abs/2301.13838, 2023.
  37. Deep Learning Face Attributes in the Wild. In IEEE International Conference on Computer Vision (ICCV), pages 3730–3738. IEEE, 2015.
  38. Generating Images from Captions with Attention. In International Conference on Learning Representations (ICLR), 2016.
  39. On Distillation of Guided Diffusion Models. CoRR abs/2210.03142, 2022.
  40. SDEdit: Guided Image Synthesis and Editing with Stochastic Differential Equations. In International Conference on Learning Representations (ICLR), 2022.
  41. On Improving Adversarial Transferability of Vision Transformers. In International Conference on Learning Representations (ICLR), 2022.
  42. Diffusion Models for Adversarial Purification. In International Conference on Machine Learning (ICML), pages 16805–16827. PMLR, 2022.
  43. Using High-Dimensional Image Models to Perform Highly Undetectable Steganography. In Information Hiding (IH), pages 161–177. Springer, 2010.
  44. Learning Transferable Visual Models From Natural Language Supervision. In International Conference on Machine Learning (ICML), pages 8748–8763. PMLR, 2021.
  45. Unsupervised Representation Learning with Deep Convolutional Generative Adversarial Networks. In International Conference on Learning Representations (ICLR), 2016.
  46. Hierarchical Text-Conditional Image Generation with CLIP Latents. CoRR abs/2204.06125, 2022.
  47. Zero-Shot Text-to-Image Generation. In International Conference on Machine Learning (ICML), pages 8821–8831. JMLR, 2021.
  48. High-Resolution Image Synthesis with Latent Diffusion Models. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pages 10684–10695. IEEE, 2022.
  49. Augmented Lagrangian Adversarial Attacks. In IEEE International Conference on Computer Vision (ICCV), pages 7718–7727. IEEE, 2021.
  50. DreamBooth: Fine Tuning Text-to-Image Diffusion Models for Subject-Driven Generation. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR). IEEE, 2023.
  51. Adversarial Manipulation of Deep Representations. In International Conference on Learning Representations (ICLR), 2016.
  52. Photorealistic Text-to-Image Diffusion Models with Deep Language Understanding. CoRR abs/2205.11487, 2022.
  53. Large-scale Classification of Fine-Art Paintings: Learning The Right Metric on The Right Feature. CoRR abs/1505.00855, 2015.
  54. Raising the Cost of Malicious AI-Powered Image Editing. CoRR abs/2302.06588, 2023.
  55. GLAZE: Protecting Artists from Style Mimicry by Text-to-Image Models. CoRR abs/2302.04222, 2023.
  56. Deep Unsupervised Learning using Nonequilibrium Thermodynamics. In International Conference on Machine Learning (ICML), pages 2256–2265. JMLR, 2015.
  57. Intriguing Properties of Neural Networks. In International Conference on Learning Representations (ICLR), 2014.
  58. StegaStamp: Invisible Hyperlinks in Physical Photographs. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pages 2114–2123. IEEE, 2020.
  59. DF-GAN: A Simple and Effective Baseline for Text-to-Image Synthesis. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pages 16494–16504. IEEE, 2022.
  60. Are Deep Neural Networks good for blind image watermarking? In IEEE International Workshop on Information Forensics and Security (WIFS), pages 1–7. IEEE, 2018.
  61. Guided Diffusion Model for Adversarial Purification from Random Noise. CoRR abs/2206.10875, 2022.
  62. AttnGAN: Fine-Grained Text to Image Generation With Attentional Generative Adversarial Networks. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pages 1316–1324. IEEE, 2018.
  63. Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks. In Network and Distributed System Security Symposium (NDSS). Internet Society, 2018.
  64. Artificial Fingerprinting for Generative Models: Rooting Deepfake Attribution in Training Data. In IEEE International Conference on Computer Vision (ICCV), pages 14448–14457. IEEE, 2021.
  65. StackGAN: Text to Photo-Realistic Image Synthesis with Stacked Generative Adversarial Networks. In IEEE International Conference on Computer Vision (ICCV), pages 5908–5916. IEEE, 2017.
  66. The Unreasonable Effectiveness of Deep Features as a Perceptual Metric. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pages 586–595. IEEE, 2018.
  67. Towards Good Practices in Evaluating Transfer Adversarial Attacks. CoRR abs/2211.09565, 2022.
  68. HiDDeN: Hiding Data With Deep Networks. In European Conference on Computer Vision (ECCV), pages 682–697. Springer, 2018.
  69. DM-GAN: Dynamic Memory Generative Adversarial Networks for Text-To-Image Synthesis. In IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pages 5802–5810. IEEE, 2019.
Citations (19)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now