A robust hybrid digital watermarking technique against a powerful CNN-based adversarial attack

Digital watermarking techniques are valuable tools to embed digital signatures on multimedia content to establish the legal ownership and authenticity claims by the owners. Firstly this paper investigates the robustness of popular transform domain-based digital image watermarking schemes such as DCT, SVD, DWT, and their hybrid combinations against known image processing type attacks such as image blurring, compression, noise addition, rotation and cropping. Then, an enhanced hybrid scheme using DWT and SVD methods is proposed and its improved performance is demonstrated in terms of the quality of the extracted watermarks measured in terms of PSNR, SSIM and NCC values. This paper then proposes a novel adversarial attack based on a powerful Deep Convolutional Neural Network based Autoencoder(CAE) scheme. The CAE is specifically chosen to exploit its intrinsic capability to represent the image content (spatial and structural) through lower dimensional projections in the intermediate layers. The CAE is trained and tested on the entire image repository of the CIFAR10 data set. Once CAE is trained on a class of images and the parameters are frozen, it will serve as a system to produce a perceptually close image for any unseen input image belonging to the same class. The power of the proposed adversarial attack scheme is shown in terms of the quality of extracted watermarks against popular water mark embedding schemes. Finally the proposed enhanced hybrid strategy of DWT+SVD is shown to be robust against the new form of attack and outperforms all other techniques measured in terms of its high quality watermark extraction.