• Corpus ID: 203641981

ROMark: A Robust Watermarking System Using Adversarial Training

  title={ROMark: A Robust Watermarking System Using Adversarial Training},
  author={Bingyang Wen and Serg{\"u}l Ayd{\"o}re},
The availability and easy access to digital communication increase the risk of copyrighted material piracy. In order to detect illegal use or distribution of data, digital watermarking has been proposed as a suitable tool. It protects the copyright of digital content by embedding imperceptible information into the data in the presence of an adversary. The goal of the adversary is to remove the copyrighted content of the data. Therefore, an efficient watermarking framework must be robust to… 

Figures and Tables from this paper

Detecting Digital Watermarking Image Attacks Using a Convolution Neural Network Approach

A deep learning method based on a convolution neural network (CNN) algorithm was proposed to detect various types of watermarking attacks, namely, median filter, Gaussian filter, salt-and-pepper, average filter, motion blur, and no attack, to improve the water marking quality.

Robust Spatial-spread Deep Neural Image Watermarking

  • Marcin PlataP. Syga
  • Computer Science
    2020 IEEE 19th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)
  • 2020
A novel end-to-end solution for embedding and recovering the watermark in the digital image using convolutional neural networks is presented and a spreading method of the message over the spatial domain of the image is proposed, hence reducing the local bits per pixel capacity and significantly increasing robustness.

Efficiently Constructing Adversarial Examples by Feature Watermarking

This paper proposes a novel digital watermark based method to generate adversarial examples for deep learning models, and finds that using the extracted features of the image as the watermark images, can increase the success rate of an attack under certain conditions with minimal changes to the host image.

Generating Image Adversarial Examples by Embedding Digital Watermarks

This paper proposes a novel digital watermark-based method to generate image adversarial examples to fool DNN models, and devise an efficient mechanism to select host images and water- mark images and utilize the improved discrete wavelet transform (DWT) based Patchwork watermarking algorithm with a set of valid hyperparameters to embed digital watermarks from the watermark image dataset into original images.

WAN: Watermarking Attack Network

This work proposes a watermarking attack network (WAN) that utilizes the weak points of the target MW and removes inserted watermark and inserts inverted bit information, thereby considerably reducing watermark extractability.

Deep Learning Framework for Watermark-Adaptive and Resolution-Adaptive Image Watermarking

This network verifies the invisibility and robustness of the proposed method by experimenting with various pixel value change attacks and geometric attacks against various watermark data and host images with various resolutions, and shows that this method is universal and practical.

Robust watermarking with double detector-discriminator approach

In this paper we present a novel deep framework for a watermarking - a technique of embedding a transparent message into an image in a way that allows retrieving the message from a (perturbed) copy,

Distortion Agnostic Deep Watermarking

This paper proposes a new framework for distortion-agnostic watermarking, where the image distortion is not explicitly modeled during training, and the robustness of the system comes from two sources: adversarial training and channel coding.

Convolutional Neural Network-Based Digital Image Watermarking Adaptive to the Resolution of Image and Watermark

A neural network to perform a robust, invisible blind watermarking for digital images that has high invisibility for the watermark (WM) and high robustness against various pixel-value change attacks and geometric attacks is proposed.

Data Hiding with Deep Learning: A Survey Unifying Digital Watermarking and Steganography

This survey summarises recent developments in deep learning techniques for data hiding for the purposes of watermarking and steganography, categorising them based on model architectures and noise injection methods.



ReDMark: Framework for Residual Diffusion Watermarking on Deep Networks

A deep end-to-end diffusion watermarking framework (ReDMark) which can be adapted for any desired transform space and has its capability to diffuse watermark information among a relatively wide area of the image.

Forgotten Siblings: Unifying Attacks on Machine Learning and Digital Watermarking

It is shown that countermeasures from watermarking can mitigate recent model-extraction attacks and, similarly, that techniques for hardening machine learning can fend off oracle attacks against watermarks.

Digital Watermarking and Steganography

Adversarial Machine Learning at Scale

This research applies adversarial training to ImageNet and finds that single-step attacks are the best for mounting black-box attacks, and resolution of a "label leaking" effect that causes adversarially trained models to perform better on adversarial examples than on clean examples.

Explaining and Harnessing Adversarial Examples

It is argued that the primary cause of neural networks' vulnerability to adversarial perturbation is their linear nature, supported by new quantitative results while giving the first explanation of the most intriguing fact about them: their generalization across architectures and training sets.

Intriguing properties of neural networks

It is found that there is no distinction between individual highlevel units and random linear combinations of high level units, according to various methods of unit analysis, and it is suggested that it is the space, rather than the individual units, that contains of the semantic information in the high layers of neural networks.

Microsoft COCO: Common Objects in Context

We present a new dataset with the goal of advancing the state-of-the-art in object recognition by placing the question of object recognition in the context of the broader question of scene

HiDDeN: Hiding Data With Deep Networks

This work finds that neural networks can learn to use invisible perturbations to encode a rich amount of useful information, and demonstrates that adversarial training improves the visual quality of encoded images.