Diffusion Inspired Image Watermarking against Adversarial Attacks

Abstract

Abstract Recent years have seen Deep Learning Neural Networks emerging in the Computer Vision domain across various industries like medical, autonomous vehicles, robotics, and the defense industry, with applications in classification, object detection, and many other tasks. Despite these improvements, these networks have been exposed to adversarial attacks. Even a small amount of perturbation can fool deep learning networks. In the context of classification tasks, this can lead to incorrect class predictions. This research aims to solve this problem by introducing a novel diffusion-inspired model which adds noise on top of the image as a watermark before transmitting it through the network. From the receiver’s end, a deployed diffusion-inspired denoiser extracts those noise layers, aiming to purify the perturbations added by the attacker, and the deployed classifier aims to classify whether an adversarial attack exists or not based on the purified image. The extensive experiments showcase that these models can achieve up to 99.9% uniform accuracy across different attacks and above 94% accuracy across different datasets. The performance evaluations prove that the proposed solution can identify adversarial samples in less than half a second.