{"title":"DMC-Watermark:通过动态掩码覆盖实现双重身份验证的后门丰富水印","authors":"Yujia Zhu, Ruoxi Wang, Daoxun Xia","doi":"10.1007/s10489-025-06608-w","DOIUrl":null,"url":null,"abstract":"<div><p>With the increasing use of neural networks, the importance of copyright protection for these models has gained significant attention. Backdoor watermarking is one of the key methods for protecting copyright. However, on the one hand, most existing backdoor watermarks are triggered by visual images, making them easily detectable, and therefore vulnerable to various attacks. On the other hand, it is difficult for these methods to carry information related to the creator’s identity which can easily lead to fraudulent claims of ownership. These factors contribute to the vulnerability and limitations of backdoor watermarking. In this paper, we propose DMC-Watermark, a backdoor richer watermarking method that uses dynamic mask-covered image structures as triggers. Leveraging the semantic preservation of image structure in transformation attacks, we select image structure as triggers. Furthermore, we convert the author-related information into an array of color information and apply it as a mask to the extracted image structures, allowing it to serve as a second layer of verification during the validation phase to resist fraudulent claims of ownership. The final trigger pattern, embedded with author-related image structures, is applied to the selected images in the trigger set, generating a final trigger set that is trained together with clean samples to produce a protected model. The experiments show that the proposed DMC-Watermark performs well in terms of fidelity, invisibility, undetectability, functionality, dual verification and robustness on three different datasets and four representative DNNs, and it has wide applicability and excellent results in high-resolution images.</p></div>","PeriodicalId":8041,"journal":{"name":"Applied Intelligence","volume":"55 10","pages":""},"PeriodicalIF":3.4000,"publicationDate":"2025-05-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"DMC-Watermark: A backdoor richer watermark for dual identity verification by dynamic mask covering\",\"authors\":\"Yujia Zhu, Ruoxi Wang, Daoxun Xia\",\"doi\":\"10.1007/s10489-025-06608-w\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>With the increasing use of neural networks, the importance of copyright protection for these models has gained significant attention. Backdoor watermarking is one of the key methods for protecting copyright. However, on the one hand, most existing backdoor watermarks are triggered by visual images, making them easily detectable, and therefore vulnerable to various attacks. On the other hand, it is difficult for these methods to carry information related to the creator’s identity which can easily lead to fraudulent claims of ownership. These factors contribute to the vulnerability and limitations of backdoor watermarking. In this paper, we propose DMC-Watermark, a backdoor richer watermarking method that uses dynamic mask-covered image structures as triggers. Leveraging the semantic preservation of image structure in transformation attacks, we select image structure as triggers. Furthermore, we convert the author-related information into an array of color information and apply it as a mask to the extracted image structures, allowing it to serve as a second layer of verification during the validation phase to resist fraudulent claims of ownership. The final trigger pattern, embedded with author-related image structures, is applied to the selected images in the trigger set, generating a final trigger set that is trained together with clean samples to produce a protected model. The experiments show that the proposed DMC-Watermark performs well in terms of fidelity, invisibility, undetectability, functionality, dual verification and robustness on three different datasets and four representative DNNs, and it has wide applicability and excellent results in high-resolution images.</p></div>\",\"PeriodicalId\":8041,\"journal\":{\"name\":\"Applied Intelligence\",\"volume\":\"55 10\",\"pages\":\"\"},\"PeriodicalIF\":3.4000,\"publicationDate\":\"2025-05-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Applied Intelligence\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://link.springer.com/article/10.1007/s10489-025-06608-w\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Applied Intelligence","FirstCategoryId":"94","ListUrlMain":"https://link.springer.com/article/10.1007/s10489-025-06608-w","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}
DMC-Watermark: A backdoor richer watermark for dual identity verification by dynamic mask covering
With the increasing use of neural networks, the importance of copyright protection for these models has gained significant attention. Backdoor watermarking is one of the key methods for protecting copyright. However, on the one hand, most existing backdoor watermarks are triggered by visual images, making them easily detectable, and therefore vulnerable to various attacks. On the other hand, it is difficult for these methods to carry information related to the creator’s identity which can easily lead to fraudulent claims of ownership. These factors contribute to the vulnerability and limitations of backdoor watermarking. In this paper, we propose DMC-Watermark, a backdoor richer watermarking method that uses dynamic mask-covered image structures as triggers. Leveraging the semantic preservation of image structure in transformation attacks, we select image structure as triggers. Furthermore, we convert the author-related information into an array of color information and apply it as a mask to the extracted image structures, allowing it to serve as a second layer of verification during the validation phase to resist fraudulent claims of ownership. The final trigger pattern, embedded with author-related image structures, is applied to the selected images in the trigger set, generating a final trigger set that is trained together with clean samples to produce a protected model. The experiments show that the proposed DMC-Watermark performs well in terms of fidelity, invisibility, undetectability, functionality, dual verification and robustness on three different datasets and four representative DNNs, and it has wide applicability and excellent results in high-resolution images.
期刊介绍:
With a focus on research in artificial intelligence and neural networks, this journal addresses issues involving solutions of real-life manufacturing, defense, management, government and industrial problems which are too complex to be solved through conventional approaches and require the simulation of intelligent thought processes, heuristics, applications of knowledge, and distributed and parallel processing. The integration of these multiple approaches in solving complex problems is of particular importance.
The journal presents new and original research and technological developments, addressing real and complex issues applicable to difficult problems. It provides a medium for exchanging scientific research and technological achievements accomplished by the international community.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
