Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Hide&Seek: Remove Image Watermarks with Negligible Cost via Pixel-wise Reconstruction

Huajie Chen, Tianqing Zhu, Hailin Yang, Yuchen Zhong, Yang Zhang, Hui Sun, Heng Xu, Zuobin Ying, Lihua Yin, Wanlei Zhou

TL;DR

This work proposes HIDE&SEEK (HS), a suite of versatile and cost-effective attacks that reliably remove embedded watermarks while preserving high visual fidelity.

Abstract

Watermarking has emerged as a key defense against the misuse of machine-generated images (MGIs). Yet the robustness of these protections remains underexplored. To reveal the limits of SOTA proactive image watermarking defenses, we propose HIDE&SEEK (HS), a suite of versatile and cost-effective attacks that reliably remove embedded watermarks while preserving high visual fidelity.

Hide&Seek: Remove Image Watermarks with Negligible Cost via Pixel-wise Reconstruction

TL;DR

This work proposes HIDE&SEEK (HS), a suite of versatile and cost-effective attacks that reliably remove embedded watermarks while preserving high visual fidelity.

Abstract

Watermarking has emerged as a key defense against the misuse of machine-generated images (MGIs). Yet the robustness of these protections remains underexplored. To reveal the limits of SOTA proactive image watermarking defenses, we propose HIDE&SEEK (HS), a suite of versatile and cost-effective attacks that reliably remove embedded watermarks while preserving high visual fidelity.
Paper Structure (20 sections, 2 theorems, 22 equations, 9 figures, 4 tables, 2 algorithms)

This paper contains 20 sections, 2 theorems, 22 equations, 9 figures, 4 tables, 2 algorithms.

Table of Contents

  1. Introduction
  2. Preliminaries & Related Works
  3. Defense for Machine Generated Images
  4. Detection Evasion Attacks
  5. Mask Autoencoders
  6. Problem Formulation
  7. Threat Model
  8. Formulated Objective
  9. Hide&Seek
  10. Overview
  11. HIDE&SEEK Naive
  12. HIDE&SEEK Plus
  13. Theoretical Analysis
  14. Evaluation
  15. Experiment Settings
  16. ...and 5 more sections

Key Result

Lemma 5.1

Let $a_1\leq a_2\leq \dots \leq a_n$ and $b_1\leq b_2\leq \dots \leq b_n$ be two sequences of real numbers. Then, for any permutation $\pi$ of $\{1, 2, \dots , n\}$, we have

Figures (9)

  • Figure 1: Overview of HIDE&SEEK. Compared to existing attacks that introduce global modification to the watermarked image so as to remove the embedded watermark, HIDE&SEEK locates the vulnerable pixels and modifies them to purge the watermark while preserving high visual quality.
  • Figure 2: HIDE&SEEK Naive Workflow. The adversary first masks the watermarked image with a mask using a strategy and a ratio. Those visible patches are then encoded by the encoder and concatenated with the masked patches, which are then decoded by the decoder to derive the purged image.
  • Figure 3: Masking Strategy. HSN offers three types of masking strategies: Random, Continuous, and Scattered, where $\beta$ controls the masking ratio.
  • Figure 4: HIDE&SEEK Plus Training Workflow. In stage HIDE, the masking model takes a target image to predict a rank for all pixels in the image. The rank is then mapped to a soft mask for random perturbation. The soft mask, the perturbed image and the target image are used to compute the HIDE loss. In stage SEEK, A randomly masked image is fed into the pixel generator to predict the next pixel. The SEEK loss is then computed using the predicted pixel and the target pixel.
  • Figure 5: HIDE&SEEK Plus Evaluation Workflow. The watermarked image is fed into the masking model to produce a pixel rank. Pixels with probabilities less than $0.5$ are directly masked for reconstruction. Following the order provided by the pixel rank, the masked pixels are gradually reconstructed, where the most vulnerable pixel is reconstructed at last.
  • ...and 4 more figures

Theorems & Definitions (2)

  • Lemma 5.1: Rearrangement Inequality, Day_1972
  • Theorem 5.1