DeepMarks: A Digital Fingerprinting Framework for Deep Neural Networks

This paper proposes DeepMarks, a novel end-to-end framework for systematic fingerprinting in the context of Deep Learning (DL). Remarkable progress has been made in the area of deep learning. Sharing the trained DL models has become a trend that is ubiquitous in various fields ranging from biomedical diagnosis to stock prediction. As the availability and popularity of pre-trained models are increasing, it is critical to protect the Intellectual Property (IP) of the model owner. DeepMarks introduces the first fingerprinting methodology that enables the model owner to embed unique fingerprints within the parameters (weights) of her model and later identify undesired usages of her distributed models. The proposed framework embeds the fingerprints in the Probability Density Function (pdf) of trainable weights by leveraging the extra capacity available in contemporary DL models. DeepMarks is robust against fingerprints collusion as well as network transformation attacks, including model compression and model fine-tuning. Extensive proof-of-concept evaluations on MNIST and CIFAR10 datasets, as well as a wide variety of deep neural networks architectures such as Wide Residual Networks (WRNs) and Convolutional Neural Networks (CNNs), corroborate the effectiveness and robustness of DeepMarks framework

Robust Identity Perceptual Watermark Against Deepfake Face Swapping

Notwithstanding offering convenience and entertainment to society, Deepfake face swapping has caused critical privacy issues with the rapid development of deep generative models. Due to imperceptible artifacts in high-quality synthetic images, passive detection models against face swapping in recent years usually suffer performance damping regarding the generalizability issue. Therefore, several studies have been attempted to proactively protect the original images against malicious manipulations by inserting invisible signals in advance. However, the existing proactive defense approaches demonstrate unsatisfactory results with respect to visual quality, detection accuracy, and source tracing ability. In this study, we propose the first robust identity perceptual watermarking framework that concurrently performs detection and source tracing against Deepfake face swapping proactively. We assign identity semantics regarding the image contents to the watermarks and devise an unpredictable and unreversible chaotic encryption system to ensure watermark confidentiality. The watermarks are encoded and recovered by jointly training an encoder-decoder framework along with adversarial image manipulations. Extensive experiments demonstrate state-of-the-art performance against Deepfake face swapping under both cross-dataset and cross-manipulation settings.Comment: Submitted for revie

Fragile watermarking for image authentication using dyadic walsh ordering

A digital image is subjected to the most manipulation. This is driven by the easy manipulating process through image editing software which is growing rapidly. These problems can be solved through the watermarking model as an active authentication system for the image. One of the most popular methods is Singular Value Decomposition (SVD) which has good imperceptibility and detection capabilities. Nevertheless, SVD has high complexity and can only utilize one singular matrix S, and ignore two orthogonal matrices. This paper proposes the use of the Walsh matrix with dyadic ordering to generate a new S matrix without the orthogonal matrices. The experimental results showed that the proposed method was able to reduce computational time by 22% and 13% compared to the SVD-based method and similar methods based on the Hadamard matrix respectively. This research can be used as a reference to speed up the computing time of the watermarking methods without compromising the level of imperceptibility and authentication

Reducing Multiple Occurrences of Meta-Mark Selection in Relational Data Watermarking

Contrary to multimedia data watermarking approaches, it is not recommended that relational data watermarking techniques consider sequential selection for marks in the watermark and embedding locations in the protected digital asset. Indeed, considering the database relations' elements, i.e., tuples and attributes, when watermarking techniques are based on sequential processes, watermark detection can be easily compromised by performing subset reverse order attacks. As a result, attackers can obtain owner evidence-free high-quality data since no data modifications for mark removing are required for the malicious operation to succeed. A standard solution to this problem has been pseudo-random selection, which often leads to choosing the same marks multiple times, and ignoring others, thus compromising the embedding of the entire watermark. This work proposes an engine that contributes to controlling marks' recurrent selection, allowing marks excluded by previous approaches to be considered and detected with 100% accuracy. The experiments performed show a dramatic improvement of the embedded watermark quality when the proposed engine is included in watermarking techniques' architecture. They also provide evidence that this proposal leads to higher resilience against common malicious operations such as subset and superset attacks

Protecting Intellectual Proprietary Rights through Secure Interactive Contract Negotiation

Protection of Intellectual Proprietary Rights is currently one of the most important barriers to electronic commerce of digital contents over networks. Authors and content providers understand the immense advantages of the digital world but show some reserve. However, technologies and techniques to protect IPR in digital content exist, their deployment in a coherent way is still in an early stage. In this paper, we describe the approach followed by the OCTALIS Project towards and effective electronic commerce of digital images. After describing briefly enabling technologies, the emphasis is on contract negotiation over Internet through a secure dialog between the Service Provider and the User

Towards Traitor Tracing in Black-and-White-Box DNN Watermarking with Tardos-based Codes

The growing popularity of Deep Neural Networks, which often require computationally expensive training and access to a vast amount of data, calls for accurate authorship verification methods to deter unlawful dissemination of the models and identify the source of the leak. In DNN watermarking the owner may have access to the full network (white-box) or only be able to extract information from its output to queries (black-box), but a watermarked model may include both approaches in order to gather sufficient evidence to then gain access to the network. Although there has been limited research in white-box watermarking that considers traitor tracing, this problem is yet to be explored in the black-box scenario. In this paper, we propose a black-and-white-box watermarking method that opens the door to collusion-resistant traitor tracing in black-box, exploiting the properties of Tardos codes, and making it possible to identify the source of the leak before access to the model is granted. While experimental results show that the method can successfully identify traitors, even when further attacks have been performed, we also discuss its limitations and open problems for traitor tracing in black-box.Comment: This work has been submitted to the IEEE International Workshop on Information Forensics and Security (WIFS) 2023 for possible publication. Copyright may be transferred without notice, after which this version may no longer be accessibl