Evaluation of Security of ML-based Watermarking: Copy and Removal Attacks

TL;DR

This paper assesses the security vulnerabilities of foundation model-based digital watermarking systems against copy and removal attacks, highlighting potential weaknesses in their robustness.

Contribution

It provides the first empirical evaluation of adversarial attack vulnerabilities in foundation model watermarking, filling a gap in security analysis.

Findings

Watermarking systems show vulnerabilities to adversarial copy attacks.

Removal attacks can significantly degrade watermark integrity.

Empirical results highlight specific attack strengths and weaknesses.

Abstract

The vast amounts of digital content captured from the real world or AI-generated media necessitate methods for copyright protection, traceability, or data provenance verification. Digital watermarking serves as a crucial approach to address these challenges. Its evolution spans three generations: handcrafted, autoencoder-based, and foundation model based methods. While the robustness of these systems is well-documented, the security against adversarial attacks remains underexplored. This paper evaluates the security of foundation models' latent space digital watermarking systems that utilize adversarial embedding techniques. A series of experiments investigate the security dimensions under copy and removal attacks, providing empirical insights into these systems' vulnerabilities. All experimental codes and results are available at https://github.com/vkinakh/ssl-watermarking-attacks .