Fading the Digital Ink: A Universal Black-Box Attack Framework for 3DGS Watermarking Systems

With the rise of 3D Gaussian Splatting (3DGS), a variety of digital watermarking techniques, embedding either 1D bitstreams or 2D images, are used for copyright protection. However, the robustness of these watermarking techniques against potential attacks remains underexplored. This paper introduces the first universal black-box attack framework, the Group-based Multi-objective Evolutionary Attack (GMEA), designed to challenge these watermarking systems. We formulate the attack as a large-scale multi-objective optimization problem, balancing watermark removal with visual quality. In a black-box setting, we introduce an indirect objective function that blinds the watermark detector by minimizing the standard deviation of features extracted by a convolutional network, thus rendering the feature maps uninformative. To manage the vast search space of 3DGS models, we employ a group-based optimization strategy to partition the model into multiple, independent sub-optimization problems. Experiments demonstrate that our framework effectively removes both 1D and 2D watermarks from mainstream 3DGS watermarking methods while maintaining high visual fidelity. This work reveals critical vulnerabilities in existing 3DGS copyright protection schemes and calls for the development of more robust watermarking systems.

Key Contributions

• First universal black-box attack framework (GMEA) against 3DGS invisible watermarks, formulated as a large-scale multi-objective evolutionary optimization problem
• Indirect black-box objective function that blinds watermark detectors by minimizing the standard deviation of CNN feature maps from rendered images
• Group-based optimization strategy that partitions the 3DGS model into independent sub-problems to make the vast parameter search space tractable

🛡️ Threat Analysis

Details

Similar Papers