Papers
Topics
Authors
Recent
Detailed Answer
Quick Answer
Concise responses based on abstracts only
Detailed Answer
Well-researched responses based on abstracts and relevant paper content.
Custom Instructions Pro
Preferences or requirements that you'd like Emergent Mind to consider when generating responses
Gemini 2.5 Flash
Gemini 2.5 Flash 39 tok/s
Gemini 2.5 Pro 49 tok/s Pro
GPT-5 Medium 12 tok/s Pro
GPT-5 High 18 tok/s Pro
GPT-4o 91 tok/s Pro
Kimi K2 191 tok/s Pro
GPT OSS 120B 456 tok/s Pro
Claude Sonnet 4 34 tok/s Pro
2000 character limit reached

A Transfer Attack to Image Watermarks (2403.15365v4)

Published 22 Mar 2024 in cs.CR, cs.CL, and cs.LG

Abstract: Watermark has been widely deployed by industry to detect AI-generated images. The robustness of such watermark-based detector against evasion attacks in the white-box and black-box settings is well understood in the literature. However, the robustness in the no-box setting is much less understood. In this work, we propose a new transfer evasion attack to image watermark in the no-box setting. Our transfer attack adds a perturbation to a watermarked image to evade multiple surrogate watermarking models trained by the attacker itself, and the perturbed watermarked image also evades the target watermarking model. Our major contribution is to show that, both theoretically and empirically, watermark-based AI-generated image detector based on existing watermarking methods is not robust to evasion attacks even if the attacker does not have access to the watermarking model nor the detection API. Our code is available at: https://github.com/hifi-hyp/Watermark-Transfer-Attack.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (24)
  1. Robust image watermarking based on multiband wavelets and empirical mode decomposition. IEEE Transactions on Image Processing, 2007.
  2. Hidden: Hiding data with deep networks. In European Conference on Computer Vision, 2018.
  3. Stegastamp: Invisible hyperlinks in physical photographs. In IEEE Conference on Computer Vision and Pattern Recognition, 2020.
  4. Udh: Universal deep hiding for steganography, watermarking, and light field messaging. In Advances in Neural Information Processing Systems, 2020.
  5. Ali Al-Haj. Combined dwt-dct digital image watermarking. Journal of computer science, 2007.
  6. Adversarial watermarking transformer: Towards tracing text provenance with data hiding. In IEEE Symposium on Security and Privacy, 2021.
  7. A watermark for large language models. In International Conference on Machine Learning, 2023.
  8. Photorealistic text-to-image diffusion models with deep language understanding. In Advances in Neural Information Processing Systems, 2022.
  9. Zero-shot text-to-image generation. In International Conference on Machine Learning, 2021.
  10. Robin Rombach. Stable diffusion watermark decoder. \urlhttps://github.com/CompVis/stable-diffusion/blob/main/scripts/tests/test_watermark.py, 2022.
  11. Evading watermark based detection of ai-generated content. In ACM Conference on Computer and Communications Security, 2023.
  12. Benchmarking the robustness of image watermarks. arXiv preprint arXiv:2401.08573, 2024.
  13. Towards deep learning models resistant to adversarial attacks. In International Conference on Learning Representations, 2018.
  14. S. Pereira and T. Pun. Robust template matching for affine resistant image watermarks. IEEE Transactions on Image Processing, 2000.
  15. Efficient general print-scanning resilient data hiding based on uniform log-polar mapping. IEEE Transactions on Information Forensics and Security, 2010.
  16. Increasing the capturing angle in print-cam robust watermarking. Journal of Systems and Software, 2018.
  17. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572, 2014.
  18. Rethinking model ensemble in transfer-based adversarial attacks. arXiv preprint arXiv:2303.09105, 2023.
  19. Ensemble adversarial training: Attacks and defenses. In International Conference on Learning Representations, 2018.
  20. An introduction to the bootstrap. CRC press, 1994.
  21. DiffusionDB: A large-scale prompt gallery dataset for text-to-image generative models. In Annual Meeting of the Association for Computational Linguistics, 2023.
  22. Midjourney user prompts & generated images (250k). \urlhttps://www.kaggle.com/ds/2349267, 2022.
  23. DALLE2 Images. \urlhttps://dalle2.gallery, 2023.
  24. Qingquan Wang. Invisible watermark. \urlhttps://github.com/ShieldMnt/invisible-watermark, 2020.
Citations (7)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
List To Do Tasks Checklist Streamline Icon: https://streamlinehq.com

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up
Lightbulb On Streamline Icon: https://streamlinehq.com

Continue Learning

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now
X Twitter Logo Streamline Icon: https://streamlinehq.com

Tweets

Reddit Logo Streamline Icon: https://streamlinehq.com

Reddit

  1. A Transfer Attack to Image Watermarks (1 point, 1 comment)