Adversarial visible watermark attack based on intelligent evolutionary algorithm

Abstract

Abstract: With the increasing awareness of citizen copyright, more and more images containing watermarks are appearing in daily life. However, existing research shows that images with watermarks can cause neural network misclassification, posing a significant threat to the popularization and application of neural networks. Adversarial training is one of the defensive methods to solve this problem, but it requires a large number of watermark adversarial samples as training data. To address this issue, this paper proposes a visible watermark adversarial attack method based on intelligent evolutionary algorithm to generate high-intensity watermark adversarial samples. This method can not only quickly generate watermark adversarial samples, but also maximize the attack on the neural network. In addition, this method incorporates image quality evaluation metrics to constrain the visual loss of the image, making the watermark adversarial samples more visually appealing. The comprehensive experimental results show that the proposed method has lower time complexity than the benchmark watermark attack method, and has a higher attack rate on neural networks compared to the benchmark black box attack.

Key words: adversarial attack, watermark, image quality evaluation, optimization, neural network

JI Jun-hao, ZHANG Yu-shu, ZHAO Ruo-yu, WEN Wen-ying, DONG Li. Adversarial visible watermark attack based on intelligent evolutionary algorithm[J]. Computer Engineering & Science, 2024, 46(01): 63-71.

References ［22］

［1］	Akhtar N,Mian A.Threat of adversarial attacks on deep learning in computer vision: A survey［J］.IEEE Access,2018,6: 14410-14430.
［2］	Szegedy C,Zaremba W,Sutskever I,et al.Intriguing properties of neural networks［J］.arXiv:1312.6199,2013.
［3］	Goodfellow I J,Shlens J,Szegedy C.Explaining and harnessing adversarial examples［J］.arXiv:1412.6572,2014.
［4］	Kurakin A,Goodfellow I,Bengio S.Adversarial examples in the physical world［J］.arXiv:1607.02533,2016.
［5］	Moosavi-Dezfooli S M, Fawzi A,Frossard P.DeepFool:A simple and accurate method to fool deep neural networks［C］∥Proc of the IEEE Conference on Computer Vision and Pattern Recognition,2016: 2574-2582.
［6］	Su J,Vargas D V,Sakurai K.One pixel attack for fooling deep neural networks［J］.IEEE Transactions on Evolutionary Computation,2019,23(5): 828-841.
［7］	Jia X,Wei X,Cao X,et al.Adv-watermark: A novel watermark perturbation for adversarial examples［C］∥Proc of the 28th ACM International Conference on Multimedia,2020: 1579-1587.
［8］	Jiang H,Yang J T,Hua G,et al.FAWA: Fast adversarial watermark attack［J］.IEEE Transactions on Computers,2021,1(1):1-14.
［9］	Xie C,Wang J,Zhang Z,et al.Adversarial examples for semantic segmentation and object detection［C］∥Proc of the IEEE International Conference on Computer Vision,2017: 1369-1378.
［10］	Papernot N,McDaniel P,Wu X,et al.Distillation as a defense to adversarial perturbations against deep neural networks［C］∥Proc of 2016 IEEE Symposium on Security and Privacy,2016: 582-597.
［11］	Wang Q, Guo W, Zhang K, et al. Learning adversary- resistant deep neural networks［J］.arXiv:1612.01401,2016.
［12］	Braudaway G W.Protecting publicly-available images with an invisible image watermark［C］∥Proc of International Conference on Image Processing,1997:524-527.
［13］	Kankanhalli M S,Ramakrishnan K R.Adaptive visible watermarking of images［C］∥Proc of IEEE International Conference on Multimedia Computing and Systems,1999:568-573.
［14］	Shen B,Sethi I K,Bhaskaran V.DCT domain alpha blending［C］∥Proc of 1998 International Conference on Image Processing,1998:857-861.
［15］	Duchi J,Hazan E,Singer Y.Adaptive subgradient methods for online learning and stochastic optimization［J］.Journal of Machine Learning Research,2011,12(7):2121-2159.
［16］	Kingma D P,Ba J.Adam: A method for stochastic optimization［J］.arXiv:1412.6980,2014.
［17］	Li S, Li D, Zhang Y. Incorporating Nesterov’s momentum into distributed adaptive gradient method for online optimization［C］∥Proc of 2021 China Automation Congress, 2021:7338-7343.
［18］	Colorni A,Dorigo M,Maniezzo V.Distributed optimization by ant colonies［C］∥Proc of the 1st European Conference on Artificial Life,1991:134-142.
［19］	Forrest S. Genetic algorithms［J］.ACM Computing Surveys, 1996,28(1): 77-80.
［20］	Kennedy J,Eberhart R.Particle swarm optimization［C］∥Proc of International Conference on Neural Networks,1995: 1942-1948.
［21］	严健武.使用Alpha-Blending技术实现图片水印效果［J］.现代计算机(专业版),2009(9):78-80.
	Yan Jian-wu.Implementation of watermark effect of picture with Alpha-Blending［J］.Modern Computer (Professional Edition),2009(9):78-80.
［22］	Brendel W,Rauber J,Bethge M.Decision-based adversarial attacks: Reliable attacks against black-box machine learning models［J］.arXiv:1712.04248,2017.

[1]	CHEN Qiaoan1,LI Feng1,CAO Yue1,LONG Mingsheng1,2. Parameter optimization for Spark jobs based on runtime data analysis [J]. J4, 20160101, 38(01): 11-19.
[2]	ZHOU Langfeng1，ZHAO Pengfei1，PENG Junjie2. A transfer strategy for small files in cloud environment [J]. J4, 20160101, 38(01): 20-27.
[3]	LI Zhong-hua, YUAN Jie, GUO Zhen-yu. Robot path planning of goal-directed Bi-RRT based on information inspiration [J]. Computer Engineering & Science, 2023, 45(12): 2237-2245.
[4]	XU Wen-jun, WANG Xi-huai. A particle swarm optimization algorithm based on variable-scale black hole and population migration [J]. Computer Engineering & Science, 2023, 45(11): 2036-2046.
[5]	ZHANG Bei, MIN Hua-song, ZHANG Xin-ming. A differential mutation and territorial search equilibrium optimizer and its application in robot path planning [J]. Computer Engineering & Science, 2023, 45(11): 2078-2090.
[6]	ZHOU Ju-xiang, ZHOU Ming-tao, GAN Jian-hou, XU Jian. A question generation model with multi-stage temporal and semantic information enhancement [J]. Computer Engineering & Science, 2023, 45(10): 1847-1857.
[7]	YANG Chun-xia, GUI Qiang, MA Wen-wen, XU Ben, . Aspect-level sentiment analysis of graph attention network fused with graph walk information [J]. Computer Engineering & Science, 2023, 45(10): 1858-1865.
[8]	LIU Tong, ZHOU Ning-ning. Deep input-aware factorization machine based on Setwise ranking [J]. Computer Engineering & Science, 2023, 45(10): 1891-1900.
[9]	LI Fei, GUO Shao-zhong, ZHOU Bei, SONG Guang-hui, HAO Jiang-wei, XU Jin-chen. Performance optimization of RISC-V basic math library [J]. Computer Engineering & Science, 2023, 45(09): 1532-1543.
[10]	ZHANG Wen-ning, ZHOU Qing-lei, JIAO Chong-yang, MEI Liang. A particle swarm optimization algorithm with centroid opposition-based learning and simplex search [J]. Computer Engineering & Science, 2023, 45(09): 1629-1638.
[11]	HU Chun-an, XIONG Yu-ran. A multi-strategy improved chaotic Harris hawk optimization algorithm [J]. Computer Engineering & Science, 2023, 45(09): 1648-1660.
[12]	LIU Jun-qi, TU Wen-xuan, ZHU En. Survey on graph convolutional neural network [J]. Computer Engineering & Science, 2023, 45(08): 1472-1481.
[13]	LUO Shi-hang, HE Qing. A multi-strategy fused equilibrium optimization algorithm and its application [J]. Computer Engineering & Science, 2023, 45(08): 1508-1520.
[14]	KANG Yu-han, SHI Yang, CHEN Zhao-yun, WEN Mei. A deep learning programming framework for FT-Matrix DSP+MatrixZone heterogeneous systems [J]. Computer Engineering & Science, 2023, 45(07): 1149-1158.
[15]	HE Zi-xian, FANG Xian-wen. A low-frequency log noise filtering method in business process based on string matching algorithm [J]. Computer Engineering & Science, 2023, 45(07): 1209-1215.

Adversarial visible watermark attack based on intelligent evolutionary algorithm

PDF

Knowledge

Abstract

Cite this article

share this article

References ［22］

Related Articles 15

Recommended Articles

Metrics

Comments