Securing Deep Generative Models with Universal Adversarial Signature

• URL: http://arxiv.org/abs/2305.16310v1
• Date: Thu, 25 May 2023 17:59:01 GMT
• Title: Securing Deep Generative Models with Universal Adversarial Signature
• Authors: Yu Zeng, Mo Zhou, Yuan Xue, Vishal M. Patel
• Abstract summary: Deep generative models pose threats to society due to their potential misuse. In this paper, we propose to inject a universal adversarial signature into an arbitrary pre-trained generative model. The proposed method is validated on the FFHQ and ImageNet datasets with various state-of-the-art generative models.
• Score: 69.51685424016055
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Recent advances in deep generative models have led to the development of methods capable of synthesizing high-quality, realistic images. These models pose threats to society due to their potential misuse. Prior research attempted to mitigate these threats by detecting generated images, but the varying traces left by different generative models make it challenging to create a universal detector capable of generalizing to new, unseen generative models. In this paper, we propose to inject a universal adversarial signature into an arbitrary pre-trained generative model, in order to make its generated contents more detectable and traceable. First, the imperceptible optimal signature for each image can be found by a signature injector through adversarial training. Subsequently, the signature can be incorporated into an arbitrary generator by fine-tuning it with the images processed by the signature injector. In this way, the detector corresponding to the signature can be reused for any fine-tuned generator for tracking the generator identity. The proposed method is validated on the FFHQ and ImageNet datasets with various state-of-the-art generative models, consistently showing a promising detection rate. Code will be made publicly available at \url{https://github.com/zengxianyu/genwm}.

Related papers

• DeCLIP: Decoding CLIP representations for deepfake localization [4.04729645587678]
  We introduce DeCLIP, a first attempt to leverage large pretrained features for detecting local manipulations. We show that, when combined with a reasonably large convolutional decoder, pretrained self-supervised representations are able to perform localization. Unlike previous work, our approach is able to perform localization on the challenging case of latent diffusion models.
  arXiv  Detail & Related papers  (2024-09-12T17:59:08Z)
• How to Trace Latent Generative Model Generated Images without Artificial Watermark? [88.04880564539836]
  Concerns have arisen regarding potential misuse related to images generated by latent generative models. We propose a latent inversion based method called LatentTracer to trace the generated images of the inspected model. Our experiments show that our method can distinguish the images generated by the inspected model and other images with a high accuracy and efficiency.
  arXiv  Detail & Related papers  (2024-05-22T05:33:47Z)
• GenFace: A Large-Scale Fine-Grained Face Forgery Benchmark and Cross Appearance-Edge Learning [50.7702397913573]
  The rapid advancement of photorealistic generators has reached a critical juncture where the discrepancy between authentic and manipulated images is increasingly indistinguishable. Although there have been a number of publicly available face forgery datasets, the forgery faces are mostly generated using GAN-based synthesis technology. We propose a large-scale, diverse, and fine-grained high-fidelity dataset, namely GenFace, to facilitate the advancement of deepfake detection.
  arXiv  Detail & Related papers  (2024-02-03T03:13:50Z)
• Online Detection of AI-Generated Images [17.30253784649635]
  We study generalization in this setting, training on N models and testing on the next (N+k) We extend this approach to pixel prediction, demonstrating strong performance using automatically-generated inpainted data. In addition, for settings where commercial models are not publicly available for automatic data generation, we evaluate if pixel detectors can be trained solely on whole synthetic images.
  arXiv  Detail & Related papers  (2023-10-23T17:53:14Z)
• Unified High-binding Watermark for Unconditional Image Generation Models [7.4037644261198885]
  An attacker can steal the output images of the target model and use them as part of the training data to train a private surrogate UIG model. We propose a two-stage unified watermark verification mechanism with high-binding effects. Experiments demonstrate our method can complete the verification work with almost zero false positive rate.
  arXiv  Detail & Related papers  (2023-10-14T03:26:21Z)
• Towards General Visual-Linguistic Face Forgery Detection [95.73987327101143]
  Deepfakes are realistic face manipulations that can pose serious threats to security, privacy, and trust. Existing methods mostly treat this task as binary classification, which uses digital labels or mask signals to train the detection model. We propose a novel paradigm named Visual-Linguistic Face Forgery Detection(VLFFD), which uses fine-grained sentence-level prompts as the annotation.
  arXiv  Detail & Related papers  (2023-07-31T10:22:33Z)
• FedForgery: Generalized Face Forgery Detection with Residual Federated Learning [87.746829550726]
  Existing face forgery detection methods directly utilize the obtained public shared or centralized data for training. The paper proposes a novel generalized residual Federated learning for face Forgery detection (FedForgery) Experiments conducted on publicly available face forgery detection datasets prove the superior performance of the proposed FedForgery.
  arXiv  Detail & Related papers  (2022-10-18T03:32:18Z)
• Self-supervised GAN Detector [10.963740942220168]
  generative models can be abused with malicious purposes, such as fraud, defamation, and fake news. We propose a novel framework to distinguish the unseen generated images outside of the training settings. Our proposed method is composed of the artificial fingerprint generator reconstructing the high-quality artificial fingerprints of GAN images.
  arXiv  Detail & Related papers  (2021-11-12T06:19:04Z)
• Beyond the Spectrum: Detecting Deepfakes via Re-Synthesis [69.09526348527203]
  Deep generative models have led to highly realistic media, known as deepfakes, that are commonly indistinguishable from real to human eyes. We propose a novel fake detection that is designed to re-synthesize testing images and extract visual cues for detection. We demonstrate the improved effectiveness, cross-GAN generalization, and robustness against perturbations of our approach in a variety of detection scenarios.
  arXiv  Detail & Related papers  (2021-05-29T21:22:24Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.