Zhaoyang Jia
ABSTRACT
Based on the powerful feature extraction ability of deep learning architecture, recently, deep-learning based watermarking algorithms have been widely studied. The basic framework of such algorithm is the auto-encoder like end-to-end architecture with an encoder, a noise layer and a decoder. The key to guarantee robustness is the adversarial training with the differential noise layer. However, we found that none of the existing framework can well ensure the robustness against JPEG compression, which is non-differential but is an essential and important image processing operation. To address such limitations, we proposed a novel end-to-end training architecture, which utilizes Mini-Batch of Real and Simulated JPEG compression (MBRS) to enhance the JPEG robustness. Precisely, for different mini-batches, we randomly choose one of real JPEG, simulated JPEG and noise-free layer as the noise layer. Besides, we suggest to utilize the Squeeze-and-Excitation blocks which can learn better feature in embedding and extracting stage, and propose a "message processor" to expand the message in a more appreciate way. Meanwhile, to improve the robustness against crop attack, we propose an additive diffusion block into the network. The extensive experimental results have demonstrated the superior performance of the proposed scheme compared with the state-of-the-art algorithms. Under the JPEG compression with quality factor $Q=50$, our models achieve a bit error rate less than 0.01% for extracted messages, with PSNR larger than 36 for the encoded images, which shows the well-enhanced robustness against JPEG attack. Besides, under many other distortions such as Gaussian filter, crop, cropout and dropout, the proposed framework also obtains strong robustness. The code implemented by PyTorch is avaiable in https://github.com/jzyustc/MBRS.
- M. Ahmadi, A. Norouzi, Smr Soroushmehr, N. Karimi, and A. Emami. 2018. ReDMark: Framework for Residual Diffusion Watermarking on Deep Networks. CoRR, Vol. abs/1810.07248 (2018). arxiv: 1810.07248Google Scholar
- Adel Almohammad and Gheorghita Ghinea. 2010. Stego image quality and the reliability of PSNR. In 2nd International Conference on Image Processing Theory Tools and Applications, IPTA.Google ScholarCross Ref
- Mart'i n Arjovsky, Soumith Chintala, and Lé on Bottou. 2017. Wasserstein GAN. CoRR, Vol. abs/1701.07875 (2017). arxiv: 1701.07875Google Scholar
- P. Bassia, I. Pitas, and N. Nikolaidis. 2001. Robust audio watermarking in the time domain. Multimedia IEEE Transactions on, Vol. 3, 2 (2001), 232--241. Google ScholarDigital Library
- Chiou-Ting Hsu and Ja-Ling Wu. 1999. Hidden digital watermarks in images. IEEE Transactions on Image Processing, Vol. 8, 1 (1999), 58--68. Google ScholarDigital Library
- Ronan Collobert, Koray Kavukcuoglu, and Clément Farabet. 2011. Torch7: A matlab-like environment for machine learning. In BigLearn, NIPS workshop .Google Scholar
- I. J. Cox, J. Kilian, F. T. Leighton, and T. Shamoon. 1997. Secure spread spectrum watermarking for multimedia. IEEE Transactions on Image Processing, Vol. 6, 12 (1997), 1673--1687. Google ScholarDigital Library
- DumitrescuS, WuXiaolin, and WangZhe. 2003. Detection of LSB steganography via sample pair analysis. Signal Processing IEEE Transactions on, Vol. 51, 7 ( 2003), 1995--2007 . Google ScholarDigital Library
- J. Fridrich and M. Goljan. 2002. Practical steganalysis of digital images: state of the art. Proceedings of Spie the International Society for Optical Engineering, Vol. 4675 (2002).Google Scholar
- Ian J. Goodfellow, Jean Pouget-Abadie, Mehdi Mirza, Bing Xu, David Warde-Farley, Sherjil Ozair, Aaron Courville, and Yoshua Bengio. 2014. Generative Adversarial Nets. In ADVANCES IN NEURAL INFORMATION PROCESSING SYSTEMS 27 (NIPS 2014). Google ScholarDigital Library
- Huiping Guo and Nicolas D. Georganas. 2003. Digital image watermarking for joint ownership verification without a trusted dealer. In Proceedings of the 2003 IEEE International Conference on Multimedia and Expo, ICME. Google ScholarDigital Library
- M. Hamidi, M. E. Haziti, H. Cherifi, and M. E. Hassouni. 2018. Hybrid blind robust image watermarking technique based on DFT-DCT and Arnold transform. Multimedia Tools and Applications, Vol. 77, 1 (2018), 1--34. Google ScholarDigital Library
- J. R. Hernandez, M. Amado, and F. Perez-Gonzalez. 2000. DCT-domain watermarking techniques for still images: detector performance analysis and a new structure. IEEE Transactions on Image Processing, Vol. 9, 1 (2000), 55--68. Google ScholarDigital Library
- P. Isola, J. Y. Zhu, T. Zhou, and A. A. Efros. 2016. Image-to-Image Translation with Conditional Adversarial Networks. In IEEE Conference on Computer Vision & Pattern Recognition .Google Scholar
- H. Jie, S. Li, S. Gang, and S. Albanie. 2017. Squeeze-and-Excitation Networks. IEEE Transactions on Pattern Analysis and Machine Intelligence, Vol. PP, 99 (2017).Google Scholar
- G. C. Langelaar, I. Setyawan, and R. L. Lagendijk. 2000. Watermarking digital image and video data. A state-of-the-art overview. IEEE Signal Processing Magazine, Vol. 17, 5 (2000), 20--46.Google ScholarCross Ref
- Y. Liu, M. Guo, J. Zhang, Y. Zhu, and X. Xie. 2019. A Novel Two-stage Separable Deep Learning Framework for Practical Blind Watermarking. In the 27th ACM International Conference . Google ScholarDigital Library
- Mehdi Mirza and Simon Osindero. 2014. Conditional Generative Adversarial Nets. CoRR, Vol. abs/1411.1784 (2014). arxiv: 1411.1784Google Scholar
- Alec Radford, Luke Metz, and Soumith Chintala. 2016. Unsupervised Representation Learning with Deep Convolutional Generative Adversarial Networks. In 4th International Conference on Learning Representations, ICLR.Google Scholar
- DE Rumelhart, G. E. Hinton, and R. J. Williams. 1986. Learning Representations by Back Propagating Errors. Nature, Vol. 323, 6088 (1986), 533--536.Google ScholarCross Ref
- Richard Shin and Dawn Song. 2017. Jpeg-resistant adversarial images. In NeurIPS Workshop on Machine Learning and Computer Security .Google Scholar
- Matthew Tancik, Ben Mildenhall, and Ren Ng. 2020. StegaStamp: Invisible Hyperlinks in Physical Photographs. In 2020 IEEE/CVF Conference on Computer Vision and Pattern Recognition, CVPR.Google Scholar
- R. G. van Schyndel, A. Z. Tirkel, and C. F. Osborne. 1994. A digital watermark. In Proceedings of 1st International Conference on Image Processing .Google Scholar
- G. K. Wallace. 1992. The JPEG still picture compression standard. IEEE Transactions on Consumer Electronics, Vol. 38, 1 (1992), xviii--xxxiv. Google ScholarDigital Library
- W. Zhou, A. C. Bovik, H. R. Sheikh, and E. P. Simoncelli. 2004. Image quality assessment: from error visibility to structural similarity. IEEE Trans Image Process, Vol. 13, 4 (2004). Google ScholarDigital Library
- B. Zhu, A. H. Tewfik, MD Swanson, and L. Boney. 1998. Robust Audio Watermarking Using Perceptual Masking. Signal Processing, Vol. 66, 3 (1998), 337--355. Google ScholarDigital Library
- Jiren Zhu, Russell Kaplan, Justin Johnson, and Li Fei-Fei. 2018. HiDDeN: Hiding Data with Deep Networks.Google Scholar
- Jun-Yan Zhu, Taesung Park, Phillip Isola, and Alexei A. Efros. 2017. Unpaired Image-to-Image Translation Using Cycle-Consistent Adversarial Networks. In IEEE International Conference on Computer Vision, ICCV.Google Scholar
Index Terms
- MBRS: Enhancing Robustness of DNN-based Watermarking by Mini-Batch of Real and Simulated JPEG Compression
Recommendations
Self-embedding watermarking scheme against JPEG compression with superior imperceptibility
To improve the imperceptibility, security and tamper detection performance, a self-embedding watermarking scheme against JPEG compression is proposed in this work. The recovery watermark of all blocks in the host image, which consists of 6-bit DC-code ...
Improving the robustness of DCT-based image watermarking against JPEG compression
A DCT-based image watermarking technique is proposed in this article. To improve the robustness of watermark against JPEG compression, the most recently proposed techniques embed watermark into the low-frequency components of the image. However, these ...
A novel fast self-restoration semi-fragile watermarking algorithm for image content authentication resistant to JPEG compression
IWDW'11: Proceedings of the 10th international conference on Digital-Forensics and WatermarkingIn the past few years, semi-fragile watermarking has become increasingly important to verify the content of images and localise the tampered areas, while tolerating some non-malicious manipulations. Moreover, some researchers proposed self-restoration ...
Comments