371 research outputs found
DeepMarks: A Digital Fingerprinting Framework for Deep Neural Networks
This paper proposes DeepMarks, a novel end-to-end framework for systematic
fingerprinting in the context of Deep Learning (DL). Remarkable progress has
been made in the area of deep learning. Sharing the trained DL models has
become a trend that is ubiquitous in various fields ranging from biomedical
diagnosis to stock prediction. As the availability and popularity of
pre-trained models are increasing, it is critical to protect the Intellectual
Property (IP) of the model owner. DeepMarks introduces the first fingerprinting
methodology that enables the model owner to embed unique fingerprints within
the parameters (weights) of her model and later identify undesired usages of
her distributed models. The proposed framework embeds the fingerprints in the
Probability Density Function (pdf) of trainable weights by leveraging the extra
capacity available in contemporary DL models. DeepMarks is robust against
fingerprints collusion as well as network transformation attacks, including
model compression and model fine-tuning. Extensive proof-of-concept evaluations
on MNIST and CIFAR10 datasets, as well as a wide variety of deep neural
networks architectures such as Wide Residual Networks (WRNs) and Convolutional
Neural Networks (CNNs), corroborate the effectiveness and robustness of
DeepMarks framework
Robust Identity Perceptual Watermark Against Deepfake Face Swapping
Notwithstanding offering convenience and entertainment to society, Deepfake
face swapping has caused critical privacy issues with the rapid development of
deep generative models. Due to imperceptible artifacts in high-quality
synthetic images, passive detection models against face swapping in recent
years usually suffer performance damping regarding the generalizability issue.
Therefore, several studies have been attempted to proactively protect the
original images against malicious manipulations by inserting invisible signals
in advance. However, the existing proactive defense approaches demonstrate
unsatisfactory results with respect to visual quality, detection accuracy, and
source tracing ability. In this study, we propose the first robust identity
perceptual watermarking framework that concurrently performs detection and
source tracing against Deepfake face swapping proactively. We assign identity
semantics regarding the image contents to the watermarks and devise an
unpredictable and unreversible chaotic encryption system to ensure watermark
confidentiality. The watermarks are encoded and recovered by jointly training
an encoder-decoder framework along with adversarial image manipulations.
Extensive experiments demonstrate state-of-the-art performance against Deepfake
face swapping under both cross-dataset and cross-manipulation settings.Comment: Submitted for revie
Fragile watermarking for image authentication using dyadic walsh ordering
A digital image is subjected to the most manipulation. This is driven by the easy manipulating process through image editing software which is growing rapidly. These problems can be solved through the watermarking model as an active authentication system for the image. One of the most popular methods is Singular Value Decomposition (SVD) which has good imperceptibility and detection capabilities. Nevertheless, SVD has high complexity and can only utilize one singular matrix S, and ignore two orthogonal matrices. This paper proposes the use of the Walsh matrix with dyadic ordering to generate a new S matrix without the orthogonal matrices. The experimental results showed that the proposed method was able to reduce computational time by 22% and 13% compared to the SVD-based method and similar methods based on the Hadamard matrix respectively. This research can be used as a reference to speed up the computing time of the watermarking methods without compromising the level of imperceptibility and authentication
Reducing Multiple Occurrences of Meta-Mark Selection in Relational Data Watermarking
Contrary to multimedia data watermarking approaches, it is not recommended that relational data watermarking techniques consider sequential selection for marks in the watermark and embedding locations in the protected digital asset. Indeed, considering the database relations' elements, i.e., tuples and attributes, when watermarking techniques are based on sequential processes, watermark detection can be easily compromised by performing subset reverse order attacks. As a result, attackers can obtain owner evidence-free high-quality data since no data modifications for mark removing are required for the malicious operation to succeed. A standard solution to this problem has been pseudo-random selection, which often leads to choosing the same marks multiple times, and ignoring others, thus compromising the embedding of the entire watermark. This work proposes an engine that contributes to controlling marks' recurrent selection, allowing marks excluded by previous approaches to be considered and detected with 100% accuracy. The experiments performed show a dramatic improvement of the embedded watermark quality when the proposed engine is included in watermarking techniques' architecture. They also provide evidence that this proposal leads to higher resilience against common malicious operations such as subset and superset attacks
Protecting Intellectual Proprietary Rights through Secure Interactive Contract Negotiation
Protection of Intellectual Proprietary Rights is currently one of the most important barriers to electronic commerce of digital contents over networks. Authors and content providers understand the immense advantages of the digital world but show some reserve. However, technologies and techniques to protect IPR in digital content exist, their deployment in a coherent way is still in an early stage. In this paper, we describe the approach followed by the OCTALIS Project towards and effective electronic commerce of digital images. After describing briefly enabling technologies, the emphasis is on contract negotiation over Internet through a secure dialog between the Service Provider and the User
Towards Traitor Tracing in Black-and-White-Box DNN Watermarking with Tardos-based Codes
The growing popularity of Deep Neural Networks, which often require
computationally expensive training and access to a vast amount of data, calls
for accurate authorship verification methods to deter unlawful dissemination of
the models and identify the source of the leak. In DNN watermarking the owner
may have access to the full network (white-box) or only be able to extract
information from its output to queries (black-box), but a watermarked model may
include both approaches in order to gather sufficient evidence to then gain
access to the network. Although there has been limited research in white-box
watermarking that considers traitor tracing, this problem is yet to be explored
in the black-box scenario. In this paper, we propose a black-and-white-box
watermarking method that opens the door to collusion-resistant traitor tracing
in black-box, exploiting the properties of Tardos codes, and making it possible
to identify the source of the leak before access to the model is granted. While
experimental results show that the method can successfully identify traitors,
even when further attacks have been performed, we also discuss its limitations
and open problems for traitor tracing in black-box.Comment: This work has been submitted to the IEEE International Workshop on
Information Forensics and Security (WIFS) 2023 for possible publication.
Copyright may be transferred without notice, after which this version may no
longer be accessibl
- …