Research On Image Watermarking Algorithm Based On Adversarial Attack

With the development and popularization of digital products,information now can determine more variously and efficiently.However,the accompanying problems of copyright protection are becoming an unavoidable and arduous challenge.The emergence of digital watermarking provides a practical solution to such problems and shows its great market value and research significance.Adversarial attack,as an emerging attack against neural network,can generates an adversarial image that is extremely similar to the carrier image by generating an adversarial perturbation and embedding it into the carrier image,so that the neural network misjudges the adversarial image and classifies it into the predefined target class.In order to balance the robustness,capacity and security of the watermarking algorithm,this thesis introduces adversarial attack into watermarking algorithm and proposes a new framework of image watermarking based on adversarial attack.The advantage of this framework is that the performances of watermarking such as embedding capacity can be enhanced with the improvement of the neural network while satisfying the indexes such as imperceptibility and anti-attack ability.In this thesis,we propose two watermarking algorithms based on this framework and improve one of them.The research contents are as follows:(1)Superposition Adversarial Watermarking Algorithm(SAW)is proposed.The algorithm generates an adversarial image by generating an adversarial perturbation and embedding it into the original carrier image block in the watermark embedding process,so that it can induce the category of the image block to be misjudged as the corresponding catefory.In the watermark extraction stage,neural network is used to predict the category of the adversarial image blocks,and the embedding information is analyzed according to the mapping table.The performance of the algorithm is compared with different network models and embedding strengths,the results show that the algorithm has great imperceptibility,effectiveness and extraction accuracy.(2)By analyzing the problems of the SAW algorithm,the thesis further proposes a NonEmbedding Adversarial Watermarking Algorithm(NEAW)without the independent embedding process.The algorithm converts the watermark embedding process into a minimization constraint of the adversarial image generation process.By minimizing the constraint,the algorithm can directly generate an adversarial image that is similar to the carrier image.The algorithm solves the problem of category jumping in embedding process of the SAW algorithm.the experimental results show that the algorithm has higher extraction accuracy,better anti-attack performance and security performance than the SAW algorithm.(3)To maximize the classification performance of NEAW algorithm,a multi-informationbased NEAW algorithm is proposed.The algorithm forces the top-K elements of the corresponding prediction vector to be modified in the process of inducing the category information of the adversarial image,so that the prediction vector of the adversarial image by the neural network contains K non-zero values in order of magnitude to represent the possibility of the network model to discriminate the category of the adversarial image with K different levels of confidence.By sorting the watermark information of these K categories according to their confidence levels,the multi-information-based algorithm can achieve K times capacity comparing orginal NEAW algorithm.The results show that the improved algorithm can effectively increase the embedding capacity of the watermark.