Research On Adversarial Attack Algorithms For Copyright Protection

In the era of artificial intelligence,information dissemination is more efficient and diversified,and the copyright protection issues involved in the network industry have become increasingly prominent and become a very difficult challenge.Digital watermarking technology provides a practical solution for solving such problems,and the research is of great significance.The current deep neural network is vulnerable to the attack of adversarial samples.The adversarial attack generates adversarial perturbation and embeds it into the original image to generate adversarial samples that are very similar to the original image,so that the trained neural network outputs wrong prediction results,and does not interfere with people’s judgment.The generation process of adversarial samples is similar to the embedding process of digital watermarking,both of which are embedding information into the original image and the final generated image has the same visual effect as the original image.In order to improve the copyright protection effect of digital watermarking,this thesis proposes a new image watermark embedding algorithm and image watermark extraction algorithm based on adversarial attack by studying the adversarial attack algorithm and integrating it with digital watermarking technology,and trains a robust watermark network.The network can not only prevent the retrieval system from obtaining images through the network to reduce infringement,but also efficiently perform copyright verification to protect image copyright after infringement occurs.The main research work of this thesis is as follows:(1)An image watermarking adversarial sample generation algorithm(MI-Pri AWM,Momentum Iterative-Privacy Adversarial Watermark)is proposed,which aims to embed digital watermarks in the form of adversarial perturbation to attack the deep retrieval system to protect the privacy and copyright security of private images.Firstly,the algorithm transforms a series of transformation operations in the process of embedding watermark images into a minimization constraint problem of generating adversarial samples.By minimizing the constraints,the watermark information is embedded in the original image to generate an adversarial watermark image.The image has a similar visual effect to the original image,and can attack the deep hash retrieval system by disturbing the feature vector extracted by the neural network,affecting the similarity matching result of the original image,thereby preventing the retrieval system from illegally obtaining the required private information through the network to reduce infringement and protect image security.The experimental results show that on the MS COCO dataset,the MI-Pri AWM algorithm can reduce the m AP of the image retrieval system from the original 71.34% to 16.17%,and on Image Net from the original 51.59% to 10.09%,while maintaining good visual effects.(2)Using the idea of adversarial training,a robust watermark extraction algorithm(Ro Dec,Robust Watermark Decode Algorithm)is proposed,which aims to efficiently extract the original watermark information from images for copyright verification to deal with infringement.Ro Dec uses the idea of deep learning to generate adversarial samples to simulate the distortion noise of watermarked images.Based on the determination of the encoder,various distorted watermarked image samples are obtained to enhance the data of the training set for adversarial training of the decoder.This algorithm solves the problem that the general distorted image simulation method cannot be continuously returned due to the inability to derive derivation in the end-to-end training process,and obtains a robust deep learning watermarking model.The results show that in the presence of distortion,Ro Dec can improve the accuracy of the deep watermarking system to more than 90%,while maintaining a good generalization ability.In summary,this thesis studies the copyright-oriented adversarial attack algorithm,proposes the watermark embedding algorithm MI-Pri AWM and the extraction algorithm Ro Dec,and obtains a robust digital watermark model,which effectively protects the copyright security of images.