Removal attack: a research on vulnerability of box-free watermarking
Protecting the intellectual property (IP) of Deep Neural Networks (DNNs), which requires significant time and financial investment to train, has garnered considerable attention recently. Among the prevalent methods, watermarking has emerged as a key strategy to trace IP theft by offenders. The embed...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis-Master by Coursework |
| Language: | English |
| Published: |
Nanyang Technological University
2024
|
| Subjects: | |
| Online Access: | https://hdl.handle.net/10356/175877 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-175877 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-1758772024-05-10T15:49:59Z Removal attack: a research on vulnerability of box-free watermarking An, Haonan Lin Zhiping School of Electrical and Electronic Engineering EZPLin@ntu.edu.sg Computer and Information Science Watermarking Removal attack Protecting the intellectual property (IP) of Deep Neural Networks (DNNs), which requires significant time and financial investment to train, has garnered considerable attention recently. Among the prevalent methods, watermarking has emerged as a key strategy to trace IP theft by offenders. The embedding techniques for watermarks are primarily categorized into three types: white-box, black-box, and box-free. In this dissertation, we focus on box-free watermarking and introduce our proposed watermark removal attack, named Observable Extractor-Guided (OEG) Remover, aimed at removing the watermark embedded by box-free model watermarking method and challenging its robustness. Initially, we propose three scenarios for the victim model that reflect realistic conditions and establish our attack objectives. Subsequently, we analyze the feasibility of the OEG Remover in all the scenarios and illustrate the process of the attack. Our experiments demonstrate that our proposed attack method can remove watermarks under various conditions with high success rate and without significant image quality degradation. Moreover, the experiments reveal the high versatility and scalability of our attack method, with seldom limitations on the victim model and the ability to interchange attack components at will. For the OEG Remover, we have the capability to not only remove the watermark embedded in the output of the victim model but also overwrite it. Master's degree 2024-05-08T08:04:58Z 2024-05-08T08:04:58Z 2024 Thesis-Master by Coursework An, H. (2024). Removal attack: a research on vulnerability of box-free watermarking. Master's thesis, Nanyang Technological University, Singapore. https://hdl.handle.net/10356/175877 https://hdl.handle.net/10356/175877 en application/pdf Nanyang Technological University |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
Computer and Information Science Watermarking Removal attack |
| spellingShingle |
Computer and Information Science Watermarking Removal attack An, Haonan Removal attack: a research on vulnerability of box-free watermarking |
| description |
Protecting the intellectual property (IP) of Deep Neural Networks (DNNs), which requires significant time and financial investment to train, has garnered considerable attention recently. Among the prevalent methods, watermarking has emerged as a key strategy to trace IP theft by offenders. The embedding techniques for watermarks are primarily categorized into three types: white-box, black-box, and box-free. In this dissertation, we focus on box-free watermarking and introduce our proposed watermark removal attack, named Observable Extractor-Guided (OEG) Remover, aimed at removing the watermark embedded by box-free model watermarking method and challenging its robustness. Initially, we propose three scenarios for the victim model that reflect realistic conditions and establish our attack objectives. Subsequently, we analyze the feasibility of the OEG Remover in all the scenarios and illustrate the process of the attack. Our experiments demonstrate that our proposed attack method can remove watermarks under various conditions with high success rate and without significant image quality degradation. Moreover, the experiments reveal the high versatility and scalability of our attack method, with seldom limitations on the victim model and the ability to interchange attack components at will. For the OEG Remover, we have the capability to not only remove the watermark embedded in the output of the victim model but also overwrite it. |
| author2 |
Lin Zhiping |
| author_facet |
Lin Zhiping An, Haonan |
| format |
Thesis-Master by Coursework |
| author |
An, Haonan |
| author_sort |
An, Haonan |
| title |
Removal attack: a research on vulnerability of box-free watermarking |
| title_short |
Removal attack: a research on vulnerability of box-free watermarking |
| title_full |
Removal attack: a research on vulnerability of box-free watermarking |
| title_fullStr |
Removal attack: a research on vulnerability of box-free watermarking |
| title_full_unstemmed |
Removal attack: a research on vulnerability of box-free watermarking |
| title_sort |
removal attack: a research on vulnerability of box-free watermarking |
| publisher |
Nanyang Technological University |
| publishDate |
2024 |
| url |
https://hdl.handle.net/10356/175877 |
| _version_ |
1806059804185067520 |