RandMark: On Random Watermarking of Visual Foundation Models

TL;DR

This paper introduces RandMark, a novel random watermarking technique for visual foundation models that embeds digital watermarks into internal representations, enabling reliable ownership verification with low false detection rates.

Contribution

RandMark presents a new random watermarking approach for VFMs that embeds watermarks into internal features, improving ownership verification robustness and reducing false detection probabilities.

Findings

Low false detection rate for non-watermarked models

Low false misdetection rate for watermarked models

Effective watermark detection in experimental tests

Abstract

Being trained on large and diverse datasets, visual foundation models (VFMs) can be fine-tuned to achieve remarkable performance and efficiency in various downstream computer vision tasks. The high computational cost of data collection and training makes these models valuable assets, which motivates some VFM owners to distribute them alongside a license to protect their intellectual property rights. In this paper, we propose an approach to ownership verification of visual foundation models that leverages a small encoder-decoder network to embed digital watermarks into an internal representation of a hold-out set of input images. The method is based on random watermark embedding, which makes the watermark statistics detectable in functional copies of the watermarked model. Both theoretically and experimentally, we demonstrate that the proposed method yields a low probability of false detection for non-watermarked models and a low probability of false misdetection for watermarked models.