Scalable Universal Adversarial Watermark Defending Against Facial Forgery

The illegal use of facial forgery models, such as Generative Adversarial Networks (GAN) synthesized contents, has been on the rise, thereby posing great threats to personal reputation and national security. To mitigate these threats, recent studies have proposed the use of adversarial watermarks as countermeasures against GAN, effectively disrupting their outputs. However, the majority of these adversarial watermarks exhibit very limited defense ranges, providing defense against only a single GAN forgery model. Although some universal adversarial watermarks have demonstrated impressive results, they lack the defense scalability as a new-emerging forgery model appears. To address the tough issue, we propose a scalable approach even when the original forgery models are unknown. Specifically, a watermark expansion scheme, which mainly involves inheriting, defense and constraint steps, is introduced. On the one hand, the proposed method can effectively inherit the defense range of the prior well-trained adversarial watermark; on the other hand, it can defend against a new forgery model. Extensive experimental results validate the efficacy of the proposed method, exhibiting superior performance and reduced computational time compared to the state-of-the-arts.