Are Classification Deep Neural Networks Good for Blind Image Watermarking?

Image watermarking is usually decomposed into three steps: (i) a feature vector is extracted from an image; (ii) it is modified to embed the watermark; (iii) and it is projected back into the image space while avoiding the creation of visual artefacts. This feature extraction is usually based on a classical image representation given by the Discrete Wavelet Transform or the Discrete Cosine Transform for instance. These transformations require very accurate synchronisation between the embedding and the detection and usually rely on various registration mechanisms for that purpose. This paper investigates a new family of transformation based on Deep Neural Networks trained with supervision for a classification task. Motivations come from the Computer Vision literature, which has demonstrated the robustness of these features against light geometric distortions. Also, adversarial sample literature provides means to implement the inverse transform needed in the third step above mentioned. As far as zero-bit watermarking is concerned, this paper shows that this approach is feasible as it yields a good quality of the watermarked images and an intrinsic robustness. We also tests more advanced tools from Computer Vision such as aggregation schemes with weak geometry and retraining with a dataset augmented with classical image processing attacks.

[1]  Teddy Furon,et al.  Are Deep Neural Networks good for blind image watermarking? , 2018, 2018 IEEE International Workshop on Information Forensics and Security (WIFS).

[2]  Seyed-Mohsen Moosavi-Dezfooli,et al.  DeepFool: A Simple and Accurate Method to Fool Deep Neural Networks , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[3]  Ondrej Chum,et al.  CNN Image Retrieval Learns from BoW: Unsupervised Fine-Tuning with Hard Examples , 2016, ECCV.

[4]  Farinaz Koushanfar,et al.  DeepSigns: A Generic Watermarking Framework for IP Protection of Deep Learning Models , 2018, IACR Cryptol. ePrint Arch..

[5]  Li Fei-Fei,et al.  HiDDeN: Hiding Data With Deep Networks , 2018, ECCV.

[6]  David A. Wagner,et al.  Towards Evaluating the Robustness of Neural Networks , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[7]  Jiajun Wu,et al.  Deep multiple instance learning for image classification and auto-annotation , 2015, 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[8]  Michael S. Bernstein,et al.  ImageNet Large Scale Visual Recognition Challenge , 2014, International Journal of Computer Vision.

[9]  Heung-Kyu Lee,et al.  A Robust Blind Watermarking Using Convolutional Neural Network , 2017, ArXiv.

[10]  Pedro Comesaña Alfaro,et al.  Asymptotically Optimum Universal Watermark Embedding and Detection in the High-SNR Regime , 2010, IEEE Transactions on Information Theory.

[11]  Ronan Sicre,et al.  Particular object retrieval with integral max-pooling of CNN activations , 2015, ICLR.

[12]  Yannis Avrithis,et al.  Unsupervised Object Discovery for Instance Recognition , 2018, 2018 IEEE Winter Conference on Applications of Computer Vision (WACV).

[13]  Andrew Zisserman,et al.  Very Deep Convolutional Networks for Large-Scale Image Recognition , 2014, ICLR.

[14]  Albert Gordo,et al.  Deep Image Retrieval: Learning Global Representations for Image Search , 2016, ECCV.

[15]  Pao-Ta Yu,et al.  Digital watermarking based on neural networks for color images , 2001, Signal Process..

[16]  Shin'ichi Satoh,et al.  Digital watermarking for deep neural networks , 2018, International Journal of Multimedia Information Retrieval.

[17]  Konrad Rieck,et al.  Forgotten Siblings: Unifying Attacks on Machine Learning and Digital Watermarking , 2018, 2018 IEEE European Symposium on Security and Privacy (EuroS&P).

[18]  Seyed-Mohsen Moosavi-Dezfooli,et al.  Geometric Robustness of Deep Networks: Analysis and Improvement , 2017, 2018 IEEE/CVF Conference on Computer Vision and Pattern Recognition.

[19]  Piotr Lipiński,et al.  Improving digital watermarking fidelity using fast neural network for adaptive wavelet synthesis , 2010 .

[20]  Matthieu Cord,et al.  WELDON: Weakly Supervised Learning of Deep Convolutional Neural Networks , 2016, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[21]  Samy Bengio,et al.  Adversarial examples in the physical world , 2016, ICLR.

[22]  Neri Merhav,et al.  Optimal Watermark Embedding and Detection Strategies Under Limited Detection Resources , 2008, IEEE Transactions on Information Theory.

[23]  Yannis Avrithis,et al.  Panorama to Panorama Matching for Location Recognition , 2017, ICMR.

[24]  Geoffrey E. Hinton,et al.  ImageNet classification with deep convolutional neural networks , 2012, Commun. ACM.

[25]  Teddy Furon,et al.  Broken Arrows , 2008, EURASIP J. Inf. Secur..

[26]  Tae-Sun Choi,et al.  Machine learning based adaptive watermark decoding in view of anticipated attack , 2008, Pattern Recognit..

[27]  Jonathon Shlens,et al.  Explaining and Harnessing Adversarial Examples , 2014, ICLR.