{"id":"https://openalex.org/W4414944900","doi":"https://doi.org/10.48550/arxiv.2507.11137","title":"Hashed Watermark as a Filter: Defeating Forging and Overwriting Attacks in Weight-based Neural Network Watermarking","display_name":"Hashed Watermark as a Filter: Defeating Forging and Overwriting Attacks in Weight-based Neural Network Watermarking","publication_year":2025,"publication_date":"2025-07-15","ids":{"openalex":"https://openalex.org/W4414944900","doi":"https://doi.org/10.48550/arxiv.2507.11137"},"language":"en","primary_location":{"id":"pmh:oai:arXiv.org:2507.11137","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2507.11137","pdf_url":"https://arxiv.org/pdf/2507.11137","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"type":"preprint","indexed_in":["arxiv","datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://arxiv.org/pdf/2507.11137","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100542553","display_name":"Yuan Yao","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Yao, Yuan","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5063442064","display_name":"Jin Woo Song","orcid":"https://orcid.org/0000-0003-1536-9065"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Song, Jin","raw_affiliation_strings":[],"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5019598467","display_name":"Jian Gang Jin","orcid":"https://orcid.org/0000-0002-8507-1435"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Jin, Jian","raw_affiliation_strings":[],"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":3,"corresponding_author_ids":["https://openalex.org/A5100542553"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T10388","display_name":"Advanced Steganography and Watermarking Techniques","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T10388","display_name":"Advanced Steganography and Watermarking Techniques","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":0.9969000220298767,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10775","display_name":"Generative Adversarial Networks and Image Synthesis","score":0.989799976348877,"subfield":{"id":"https://openalex.org/subfields/1707","display_name":"Computer Vision and Pattern Recognition"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/digital-watermarking","display_name":"Digital watermarking","score":0.8367999792098999},{"id":"https://openalex.org/keywords/watermark","display_name":"Watermark","score":0.8041999936103821},{"id":"https://openalex.org/keywords/robustness","display_name":"Robustness (evolution)","score":0.654699981212616},{"id":"https://openalex.org/keywords/hash-function","display_name":"Hash function","score":0.6193000078201294},{"id":"https://openalex.org/keywords/convolutional-neural-network","display_name":"Convolutional neural network","score":0.5842999815940857},{"id":"https://openalex.org/keywords/artificial-neural-network","display_name":"Artificial neural network","score":0.5831000208854675},{"id":"https://openalex.org/keywords/forging","display_name":"Forging","score":0.5476999878883362},{"id":"https://openalex.org/keywords/histogram","display_name":"Histogram","score":0.43869999051094055},{"id":"https://openalex.org/keywords/pooling","display_name":"Pooling","score":0.38429999351501465}],"concepts":[{"id":"https://openalex.org/C150817343","wikidata":"https://www.wikidata.org/wiki/Q875932","display_name":"Digital watermarking","level":3,"score":0.8367999792098999},{"id":"https://openalex.org/C164112704","wikidata":"https://www.wikidata.org/wiki/Q7974348","display_name":"Watermark","level":3,"score":0.8041999936103821},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7950000166893005},{"id":"https://openalex.org/C63479239","wikidata":"https://www.wikidata.org/wiki/Q7353546","display_name":"Robustness (evolution)","level":3,"score":0.654699981212616},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.6273999810218811},{"id":"https://openalex.org/C99138194","wikidata":"https://www.wikidata.org/wiki/Q183427","display_name":"Hash function","level":2,"score":0.6193000078201294},{"id":"https://openalex.org/C81363708","wikidata":"https://www.wikidata.org/wiki/Q17084460","display_name":"Convolutional neural network","level":2,"score":0.5842999815940857},{"id":"https://openalex.org/C50644808","wikidata":"https://www.wikidata.org/wiki/Q192776","display_name":"Artificial neural network","level":2,"score":0.5831000208854675},{"id":"https://openalex.org/C96494537","wikidata":"https://www.wikidata.org/wiki/Q193057","display_name":"Forging","level":2,"score":0.5476999878883362},{"id":"https://openalex.org/C53533937","wikidata":"https://www.wikidata.org/wiki/Q185020","display_name":"Histogram","level":3,"score":0.43869999051094055},{"id":"https://openalex.org/C31972630","wikidata":"https://www.wikidata.org/wiki/Q844240","display_name":"Computer vision","level":1,"score":0.43479999899864197},{"id":"https://openalex.org/C70437156","wikidata":"https://www.wikidata.org/wiki/Q7228652","display_name":"Pooling","level":2,"score":0.38429999351501465},{"id":"https://openalex.org/C153180895","wikidata":"https://www.wikidata.org/wiki/Q7148389","display_name":"Pattern recognition (psychology)","level":2,"score":0.3562000095844269},{"id":"https://openalex.org/C3073032","wikidata":"https://www.wikidata.org/wiki/Q15912075","display_name":"Information hiding","level":3,"score":0.34689998626708984},{"id":"https://openalex.org/C41608201","wikidata":"https://www.wikidata.org/wiki/Q980509","display_name":"Embedding","level":2,"score":0.34619998931884766},{"id":"https://openalex.org/C3115412","wikidata":"https://www.wikidata.org/wiki/Q1194708","display_name":"Bitmap","level":2,"score":0.3402000069618225},{"id":"https://openalex.org/C148730421","wikidata":"https://www.wikidata.org/wiki/Q141090","display_name":"Encryption","level":2,"score":0.3398999869823456},{"id":"https://openalex.org/C48372109","wikidata":"https://www.wikidata.org/wiki/Q3913","display_name":"Binary number","level":2,"score":0.3310000002384186},{"id":"https://openalex.org/C124101348","wikidata":"https://www.wikidata.org/wiki/Q172491","display_name":"Data mining","level":1,"score":0.3228999972343445},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.3212999999523163},{"id":"https://openalex.org/C63435697","wikidata":"https://www.wikidata.org/wiki/Q864135","display_name":"Binary code","level":3,"score":0.3165999948978424},{"id":"https://openalex.org/C2984842247","wikidata":"https://www.wikidata.org/wiki/Q197536","display_name":"Deep neural networks","level":3,"score":0.3089999854564667},{"id":"https://openalex.org/C106131492","wikidata":"https://www.wikidata.org/wiki/Q3072260","display_name":"Filter (signal processing)","level":2,"score":0.296099990606308},{"id":"https://openalex.org/C160633673","wikidata":"https://www.wikidata.org/wiki/Q355198","display_name":"Pixel","level":2,"score":0.28049999475479126},{"id":"https://openalex.org/C9417928","wikidata":"https://www.wikidata.org/wiki/Q1070689","display_name":"Image processing","level":3,"score":0.267300009727478},{"id":"https://openalex.org/C42781572","wikidata":"https://www.wikidata.org/wiki/Q1250322","display_name":"Digital image","level":4,"score":0.2639999985694885}],"mesh":[],"locations_count":2,"locations":[{"id":"pmh:oai:arXiv.org:2507.11137","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2507.11137","pdf_url":"https://arxiv.org/pdf/2507.11137","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},{"id":"doi:10.48550/arxiv.2507.11137","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2507.11137","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"article"}],"best_oa_location":{"id":"pmh:oai:arXiv.org:2507.11137","is_oa":true,"landing_page_url":"http://arxiv.org/abs/2507.11137","pdf_url":"https://arxiv.org/pdf/2507.11137","source":{"id":"https://openalex.org/S4393918464","display_name":"ArXiv.org","issn_l":"2331-8422","issn":["2331-8422"],"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"text"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"As":[0],"valuable":[1],"digital":[2],"assets,":[3],"deep":[4],"neural":[5,12,129],"networks":[6],"necessitate":[7],"robust":[8,50,101],"ownership":[9],"protection,":[10],"positioning":[11],"network":[13,130],"watermarking":[14],"(NNW)":[15],"as":[16,78],"a":[17,49,54,61,71,79,100],"promising":[18],"solution.":[19],"Among":[20],"various":[21,128],"NNW":[22],"approaches,":[23],"weight-based":[24],"methods":[25],"are":[26,168],"favored":[27],"for":[28,86],"their":[29],"simplicity":[30],"and":[31,39,106,118,146,152,160],"practicality;":[32],"however,":[33],"they":[34],"remain":[35],"vulnerable":[36],"to":[37,64,81,115],"forging":[38,105],"overwriting":[40,107],"attacks.":[41,108,120],"To":[42],"address":[43],"those":[44],"challenges,":[45],"we":[46,59,136,142],"propose":[47],"NeuralMark,":[48],"method":[51],"built":[52],"around":[53],"hashed":[55,97],"watermark":[56,69],"filter.":[57],"Specifically,":[58],"utilize":[60],"hash":[62],"function":[63],"generate":[65],"an":[66],"irreversible":[67],"binary":[68],"from":[70],"secret":[72],"key,":[73],"which":[74],"is":[75,112],"then":[76],"used":[77],"filter":[80],"select":[82],"the":[83,92,96],"model":[84],"parameters":[85,94],"embedding.":[87],"This":[88],"design":[89],"cleverly":[90],"intertwines":[91],"embedding":[93],"with":[95],"watermark,":[98],"providing":[99],"defense":[102],"against":[103],"both":[104],"An":[109],"average":[110],"pooling":[111],"also":[113],"incorporated":[114],"resist":[116],"fine-tuning":[117],"pruning":[119],"Furthermore,":[121],"it":[122],"can":[123],"be":[124],"seamlessly":[125],"integrated":[126],"into":[127],"architectures,":[131,154],"ensuring":[132],"broad":[133],"applicability.":[134],"Theoretically,":[135],"analyze":[137],"its":[138,144],"security":[139],"boundary.":[140],"Empirically,":[141],"verify":[143],"effectiveness":[145],"robustness":[147],"across":[148],"13":[149],"distinct":[150],"Convolutional":[151],"Transformer":[153],"covering":[155],"five":[156],"image":[157],"classification":[158],"tasks":[159],"one":[161],"text":[162],"generation":[163],"task.":[164],"The":[165],"source":[166],"codes":[167],"available":[169],"at":[170],"https://github.com/AIResearch-Group/NeuralMark.":[171]},"counts_by_year":[],"updated_date":"2026-03-07T16:01:11.037858","created_date":"2025-10-08T00:00:00"}