Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

VizDefender: Unmasking Visualization Tampering through Proactive Localization and Intent Inference

Sicheng Song, Yanjie Zhang, Zixin Chen, Huamin Qu, Changbo Wang, Chenhui Li

TL;DR

VizDefender tackles post-creation visualization tampering by integrating a semi-fragile, invertible-network watermarking system for precise tampering localization with a two-agent MLLM-based intent analysis pipeline. The approach is trained on a VisImages-derived dataset and demonstrates superior tampering detection accuracy, preserved visual quality, and robust intent inference compared with baselines, validated through extensive quantitative evaluation and a user study. The work highlights proactive defense as essential for trust in data visualizations and discusses practical deployment for platform-scale moderation and public-facing critical-thinking tools, while noting limitations in AI-generated-from-scratch tampering and watermark robustness. Together, these contributions advance visualization security by linking low-level tamper localization with high-level semantic interpretation of manipulation motives.

Abstract

The integrity of data visualizations is increasingly threatened by image editing techniques that enable subtle yet deceptive tampering. Through a formative study, we define this challenge and categorize tampering techniques into two primary types: data manipulation and visual encoding manipulation. To address this, we present VizDefender, a framework for tampering detection and analysis. The framework integrates two core components: 1) a semi-fragile watermark module that protects the visualization by embedding a location map to images, which allows for the precise localization of tampered regions while preserving visual quality, and 2) an intent analysis module that leverages Multimodal Large Language Models (MLLMs) to interpret manipulation, inferring the attacker's intent and misleading effects. Extensive evaluations and user studies demonstrate the effectiveness of our methods.

VizDefender: Unmasking Visualization Tampering through Proactive Localization and Intent Inference

TL;DR

VizDefender tackles post-creation visualization tampering by integrating a semi-fragile, invertible-network watermarking system for precise tampering localization with a two-agent MLLM-based intent analysis pipeline. The approach is trained on a VisImages-derived dataset and demonstrates superior tampering detection accuracy, preserved visual quality, and robust intent inference compared with baselines, validated through extensive quantitative evaluation and a user study. The work highlights proactive defense as essential for trust in data visualizations and discusses practical deployment for platform-scale moderation and public-facing critical-thinking tools, while noting limitations in AI-generated-from-scratch tampering and watermark robustness. Together, these contributions advance visualization security by linking low-level tamper localization with high-level semantic interpretation of manipulation motives.

Abstract

The integrity of data visualizations is increasingly threatened by image editing techniques that enable subtle yet deceptive tampering. Through a formative study, we define this challenge and categorize tampering techniques into two primary types: data manipulation and visual encoding manipulation. To address this, we present VizDefender, a framework for tampering detection and analysis. The framework integrates two core components: 1) a semi-fragile watermark module that protects the visualization by embedding a location map to images, which allows for the precise localization of tampered regions while preserving visual quality, and 2) an intent analysis module that leverages Multimodal Large Language Models (MLLMs) to interpret manipulation, inferring the attacker's intent and misleading effects. Extensive evaluations and user studies demonstrate the effectiveness of our methods.

Paper Structure

This paper contains 35 sections, 7 equations, 19 figures, 8 tables.

Table of Contents

  1. Introduction
  2. Related Work
  3. Misinformation Visualization
  4. Image Tampering Detection
  5. Information Steganography
  6. Formative Interview Study
  7. Methods
  8. Training Dataset
  9. Semi-fragile Watermark Module
  10. Invertible Network
  11. Posterior Estimation
  12. Loss Function
  13. Intent Analysis and Interpretation
  14. Mask Refinement Agent
  15. Intent Analysis Agent
  16. ...and 20 more sections

Figures (19)

  • Figure 1: We summarized 9 identified common tampering types into two main categories based on their potential image manipulation intents. The bold letters are the abbreviations of each type.
  • Figure 2: Overview of VizDefender pipeline. Our framework consists of two components: Semi-fragile Watermark Module, and Intent Analysis & Interpretation. In the watermark processing stage, a flow-based model embeds the location map into the input visualization image, generating a protected visualization image that can be transmitted through networks. After potential tampering and transmission noise, an IRN module with posterior estimation extracts the watermark to generate the visual prompt on the tampered visualization. The intent analysis stage then processes both the tampered visualization with visual prompt through refinement and analysis modules, outputting intent results.
  • Figure 3: The architecture of invertible blocks in ISN Module and IRN Module. Key components such as $\phi$, $\eta$, $\exp$, and $\rho$ are integrated to enhance the transformation capabilities.
  • Figure 4: The posterior estimation model.
  • Figure 5: Prompt structure of Intent Analysis and Interpretation Module.
  • ...and 14 more figures