208 research outputs found
Data Hiding with Deep Learning: A Survey Unifying Digital Watermarking and Steganography
Data hiding is the process of embedding information into a noise-tolerant
signal such as a piece of audio, video, or image. Digital watermarking is a
form of data hiding where identifying data is robustly embedded so that it can
resist tampering and be used to identify the original owners of the media.
Steganography, another form of data hiding, embeds data for the purpose of
secure and secret communication. This survey summarises recent developments in
deep learning techniques for data hiding for the purposes of watermarking and
steganography, categorising them based on model architectures and noise
injection methods. The objective functions, evaluation metrics, and datasets
used for training these data hiding models are comprehensively summarised.
Finally, we propose and discuss possible future directions for research into
deep data hiding techniques
Challenges and Remedies to Privacy and Security in AIGC: Exploring the Potential of Privacy Computing, Blockchain, and Beyond
Artificial Intelligence Generated Content (AIGC) is one of the latest
achievements in AI development. The content generated by related applications,
such as text, images and audio, has sparked a heated discussion. Various
derived AIGC applications are also gradually entering all walks of life,
bringing unimaginable impact to people's daily lives. However, the rapid
development of such generative tools has also raised concerns about privacy and
security issues, and even copyright issues in AIGC. We note that advanced
technologies such as blockchain and privacy computing can be combined with AIGC
tools, but no work has yet been done to investigate their relevance and
prospect in a systematic and detailed way. Therefore it is necessary to
investigate how they can be used to protect the privacy and security of data in
AIGC by fully exploring the aforementioned technologies. In this paper, we
first systematically review the concept, classification and underlying
technologies of AIGC. Then, we discuss the privacy and security challenges
faced by AIGC from multiple perspectives and purposefully list the
countermeasures that currently exist. We hope our survey will help researchers
and industry to build a more secure and robust AIGC system.Comment: 43 pages, 10 figure
RAWIW: RAW Image Watermarking Robust to ISP Pipeline
Invisible image watermarking is essential for image copyright protection.
Compared to RGB images, RAW format images use a higher dynamic range to capture
the radiometric characteristics of the camera sensor, providing greater
flexibility in post-processing and retouching. Similar to the master recording
in the music industry, RAW images are considered the original format for
distribution and image production, thus requiring copyright protection.
Existing watermarking methods typically target RGB images, leaving a gap for
RAW images. To address this issue, we propose the first deep learning-based RAW
Image Watermarking (RAWIW) framework for copyright protection. Unlike RGB image
watermarking, our method achieves cross-domain copyright protection. We
directly embed copyright information into RAW images, which can be later
extracted from the corresponding RGB images generated by different
post-processing methods. To achieve end-to-end training of the framework, we
integrate a neural network that simulates the ISP pipeline to handle the
RAW-to-RGB conversion process. To further validate the generalization of our
framework to traditional ISP pipelines and its robustness to transmission
distortion, we adopt a distortion network. This network simulates various types
of noises introduced during the traditional ISP pipeline and transmission.
Furthermore, we employ a three-stage training strategy to strike a balance
between robustness and concealment of watermarking. Our extensive experiments
demonstrate that RAWIW successfully achieves cross-domain copyright protection
for RAW images while maintaining their visual quality and robustness to ISP
pipeline distortions
Seeds Don't Lie: An Adaptive Watermarking Framework for Computer Vision Models
In recent years, various watermarking methods were suggested to detect
computer vision models obtained illegitimately from their owners, however they
fail to demonstrate satisfactory robustness against model extraction attacks.
In this paper, we present an adaptive framework to watermark a protected model,
leveraging the unique behavior present in the model due to a unique random seed
initialized during the model training. This watermark is used to detect
extracted models, which have the same unique behavior, indicating an
unauthorized usage of the protected model's intellectual property (IP). First,
we show how an initial seed for random number generation as part of model
training produces distinct characteristics in the model's decision boundaries,
which are inherited by extracted models and present in their decision
boundaries, but aren't present in non-extracted models trained on the same
data-set with a different seed. Based on our findings, we suggest the Robust
Adaptive Watermarking (RAW) Framework, which utilizes the unique behavior
present in the protected and extracted models to generate a watermark key-set
and verification model. We show that the framework is robust to (1) unseen
model extraction attacks, and (2) extracted models which undergo a blurring
method (e.g., weight pruning). We evaluate the framework's robustness against a
naive attacker (unaware that the model is watermarked), and an informed
attacker (who employs blurring strategies to remove watermarked behavior from
an extracted model), and achieve outstanding (i.e., >0.9) AUC values. Finally,
we show that the framework is robust to model extraction attacks with different
structure and/or architecture than the protected model.Comment: 9 pages, 6 figures, 3 table
- …