Generative Model Watermarking Suppressing High-Frequency Artifacts

Li Zhang,Yong Liu,Xinpeng Zhang,Hanzhou Wu
2023-05-21
Abstract:Protecting deep neural networks (DNNs) against intellectual property (IP) infringement has attracted an increasing attention in recent years. Recent advances focus on IP protection of generative models, which embed the watermark information into the image generated by the model to be protected. Although the generated marked image has good visual quality, it introduces noticeable artifacts to the marked image in high-frequency area, which severely impairs the imperceptibility of the watermark and thereby reduces the security of the watermarking system. To deal with this problem, in this paper, we propose a novel framework for generative model watermarking that can suppress those high-frequency artifacts. The main idea of the proposed framework is to design a new watermark embedding network that can suppress high-frequency artifacts by applying anti-aliasing. To realize anti-aliasing, we use low-pass filtering for the internal sampling layers of the new watermark embedding network. Meanwhile, joint loss optimization and adversarial training are applied to enhance the effectiveness and robustness. Experimental results indicate that the marked model not only maintains the performance very well on the original task, but also demonstrates better imperceptibility and robustness on the watermarking task. This work reveals the importance of suppressing high-frequency artifacts for enhancing imperceptibility and security of generative model watermarking.
Cryptography and Security
What problem does this paper attempt to address?
The paper primarily addresses a new solution to the issue of high-frequency artifacts in watermarking techniques for generative models. Specifically, the core issues of the research can be summarized as follows: 1. **Background and Challenges**: With the development of deep learning technology, protecting the intellectual property of deep neural networks (DNNs) has become particularly important. Existing research focuses on embedding watermark information in images generated by generative models to protect the models. However, this method introduces noticeable artifacts in the high-frequency regions of the images, which not only damages the invisibility of the watermark but also reduces the security of the watermarking system. 2. **Research Objectives**: To address the above issues, this paper proposes a novel framework aimed at suppressing high-frequency artifacts generated during the watermarking process of generative models, thereby enhancing the invisibility and security of the watermark. 3. **Methodology**: The proposed method in the paper mainly includes designing a new watermark embedding network that suppresses high-frequency artifacts by applying anti-aliasing techniques. Specifically, the authors use low-pass filtering in the sampling layers within the new watermark embedding network to achieve the anti-aliasing effect. Additionally, joint loss optimization and adversarial training are employed to improve the effectiveness and robustness of the watermark. 4. **Experimental Results**: Experiments show that the marked model not only maintains the performance of the original task well but also exhibits better invisibility and robustness in the watermarking task. Moreover, the method can be effectively extended to different generative tasks and demonstrates strong robustness against preprocessing attacks and surrogate model attacks. 5. **Summary of Contributions**: The main contributions of the paper include the first proposal to consider invisibility in generative model watermarking from both spatial and frequency domains; the design of a general watermarking framework that develops a watermark embedding network capable of suppressing high-frequency artifacts through anti-aliasing strategies; and extensive experiments proving the effectiveness and superiority of the proposed method.