Published on:
26 February 2024
Primary Category:
Cryptography and Security
Paper Authors:
Biqing Qi,
Junqi Gao,
Yiang Luo,
Jianxing Liu,
Ligang Wu,
Bowen Zhou
Deep watermarks can protect IP in AI content but face security risks
Proposed ESMA and BEM-ESMA reliably attack deep watermarks
Increasing robustness to transformations lowers security
Longer watermark encodings are more prone to erasure attacks
Study is first to systematically assess deep watermark risks
Protecting AI content with deep watermarks
This paper explores using deep watermarks to protect intellectual property in AI-generated content. It finds current methods vulnerable to erasure and tampering through adversarial attacks. To evaluate this, the authors propose two new targeted attack methods, ESMA and BEM-ESMA. Experiments show these reliably compromise deep watermarks by either erasing or manipulating them. The study considers different model architectures and watermark encoding lengths, finding tradeoffs between transformation robustness and security. Overall it systematically assesses deep watermark risks and aims to spur research into more robust techniques.
Topic-based watermarking to identify AI text
Detecting and tracing deepfakes using identity watermarks
Robust watermarking against face swapping
Uncovering the Hidden Signals: A Popular Science Guide to Language Model Watermarking
Probabilistic verification of neural network ownership
Deep visual and audio watermarking for AI video editing forensics
No comments yet, be the first to start the conversation...
Sign up to comment on this paper