Awesome
Certifiably-Robust-Image-Watermark
This code is the official implementation of our ECCV'24 paper: Certifiably-Robust-Image-Watermark Paper.
Preparation
- Clone this repo from the GitHub.
git clone https://github.com/zhengyuan-jiang/Watermark-Library.git
- Setup environment.
All experiments are run on a single RTX-6000 with 24GB GPU memory.
pip install -r requirements.txt
- Download checkpoint files.
You can download standard.pth here and adversarial.pth here. Move them into the checkpoint
folder.
- Download non-AI-generated image testing set.
You can download the testing set here. You can also use your own datasets or use your model by modifying network.py
.
Evaluate certified robustness
Note that you should set num_noise
to 10000 (which is consistent with the paper) if you wish to get the same results. Generally, with a larger num_noise
, the estimation of certified robustness will be more accurate, but it will also take more time.
Evaluate certified robustness of multi-class, multi-label, and regression based smoothing methods:
python3 compare_smoothing_method.py
Evaluate certified robustness of standard training and adversarial training:
python3 compare_training_strategy.py
Evaluate certified robustness of different detection threshold $\tau$:
python3 compare_tau.py
Evaluate certified robustness of different size of randomized noises:
python3 compare_sigma.py
Citation
If you find our work useful for your research, please consider citing the paper
@inproceedings{jiang2024certifiably,
title={Certifiably Robust Image Watermark},
author={Jiang, Zhengyuan and Guo, Moyang and Hu, Yuepeng and Jia, Jinyuan and Gong, Neil Zhenqiang},
booktitle={European Conference on Computer Vision},
year={2024}
}
For our other interesting watermarking works, please refer as follows:
WEvade (white-box and black-box attacks to image watermarks)
@inproceedings{jiang2023evading,
title={Evading watermark based detection of AI-generated content},
author={Jiang, Zhengyuan and Zhang, Jinghuai and Gong, Neil Zhenqiang},
booktitle={ACM Conference on Computer and Communications Security (CCS)},
year={2023}
}
Watermark-based attribution with theoretical guarantees
@article{jiang2024watermark,
title={Watermark-based Detection and Attribution of AI-Generated Content},
author={Jiang, Zhengyuan and Guo, Moyang and Hu, Yuepeng and Gong, Neil Zhenqiang},
journal={arXiv preprint arXiv:2404.04254},
year={2024}
}