Provenance Detection for AI-Generated Images: Combining Perceptual Hashing, Homomorphic Encryption, and AI Detection Models
作者: Shree Singhi, Aayan Yadav, Aayush Gupta, Shariar Ebrahimi, Parisa Hassanizadeh
分类: cs.CV
发布日期: 2025-03-14
💡 一句话要点
提出三部分框架以解决AI生成图像来源检测问题
🎯 匹配领域: 支柱五:交互与反应 (Interaction & Reaction)
关键词: AI生成图像 来源检测 感知哈希 同态加密 鲁棒性 隐私保护 机器学习
📋 核心要点
- 现有的图像水印方法在社交媒体共享时容易受到常见变换的影响,导致来源检测困难。
- 本文提出了一种三部分框架,结合感知哈希、同态加密和AI检测模型,以实现安全且抗变换的来源检测。
- 实验结果表明,DinoHash在准确性上比现有水印和感知哈希方法提高了12%,并在AI生成媒体检测上提升了25%的分类准确率。
📝 摘要(中文)
随着AI生成敏感图像的普及,识别其来源变得至关重要。传统的图像水印方法容易受到滤镜、损失压缩和截图等常见变换的影响,且水印可能被伪造或移除。为了解决这些问题,本文提出了一种安全且抗变换的AI内容来源检测三部分框架。我们开发了一个对常见变换具有鲁棒性的最先进感知哈希模型DinoHash,并将多方完全同态加密(MP-FHE)方案集成到框架中,以保护用户查询和注册隐私。此外,我们的AI生成媒体检测结果在常用的AI图像生成器上显示出25%的分类准确率提升。通过结合感知哈希、MP-FHE和AI内容检测模型,我们的框架在鲁棒性和隐私保护方面优于以往工作。
🔬 方法详解
问题定义:本文旨在解决AI生成图像的来源检测问题,现有方法在面对常见图像变换时表现脆弱,容易被伪造或移除。
核心思路:提出的框架结合了感知哈希、同态加密和AI检测模型,确保在多种变换下仍能有效识别图像来源,同时保护用户隐私。
技术框架:框架分为三个主要模块:1) DinoHash感知哈希模型,2) 多方完全同态加密方案,3) AI内容检测模型,三者协同工作以实现鲁棒性和隐私保护。
关键创新:DinoHash模型在抗变换能力上显著优于传统水印和感知哈希方法,且通过同态加密保护用户数据隐私,确保查询安全。
关键设计:DinoHash采用了基于DINOV2的对抗鲁棒设计,优化了损失函数和网络结构,以提高在滤镜、压缩和裁剪等变换下的准确性。具体参数设置和网络细节在论文中进行了详细说明。
🖼️ 关键图片
📊 实验亮点
实验结果显示,DinoHash在准确性上比现有水印和感知哈希方法提高了12%,在AI生成媒体检测上实现了25%的分类准确率提升,展现出优越的鲁棒性和隐私保护能力。
🎯 应用场景
该研究的潜在应用领域包括社交媒体平台、新闻媒体和法律领域,能够有效识别AI生成内容的来源,防止虚假信息传播。未来,该框架可扩展至其他类型的多媒体内容检测,提升内容真实性验证的能力。
📄 摘要(原文)
As AI-generated sensitive images become more prevalent, identifying their source is crucial for distinguishing them from real images. Conventional image watermarking methods are vulnerable to common transformations like filters, lossy compression, and screenshots, often applied during social media sharing. Watermarks can also be faked or removed if models are open-sourced or leaked since images can be rewatermarked. We have developed a three-part framework for secure, transformation-resilient AI content provenance detection, to address these limitations. We develop an adversarially robust state-of-the-art perceptual hashing model, DinoHash, derived from DINOV2, which is robust to common transformations like filters, compression, and crops. Additionally, we integrate a Multi-Party Fully Homomorphic Encryption~(MP-FHE) scheme into our proposed framework to ensure the protection of both user queries and registry privacy. Furthermore, we improve previous work on AI-generated media detection. This approach is useful in cases where the content is absent from our registry. DinoHash significantly improves average bit accuracy by 12% over state-of-the-art watermarking and perceptual hashing methods while maintaining superior true positive rate (TPR) and false positive rate (FPR) tradeoffs across various transformations. Our AI-generated media detection results show a 25% improvement in classification accuracy on commonly used real-world AI image generators over existing algorithms. By combining perceptual hashing, MP-FHE, and an AI content detection model, our proposed framework provides better robustness and privacy compared to previous work.