On the Vulnerability of DeepFake Detectors to Attacks Generated by Denoising Diffusion Models

• URL: http://arxiv.org/abs/2307.05397v2
• Date: Sun, 29 Oct 2023 22:41:02 GMT
• Title: On the Vulnerability of DeepFake Detectors to Attacks Generated by Denoising Diffusion Models
• Authors: Marija Ivanovska, Vitomir \v{S}truc
• Abstract summary: We investigate the vulnerability of single-image deepfake detectors to black-box attacks created by the newest generation of generative methods. Our experiments are run on FaceForensics++, a widely used deepfake benchmark consisting of manipulated images. Our findings indicate that employing just a single denoising diffusion step in the reconstruction process of a deepfake can significantly reduce the likelihood of detection.
• Score: 0.5827521884806072
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: The detection of malicious deepfakes is a constantly evolving problem that requires continuous monitoring of detectors to ensure they can detect image manipulations generated by the latest emerging models. In this paper, we investigate the vulnerability of single-image deepfake detectors to black-box attacks created by the newest generation of generative methods, namely Denoising Diffusion Models (DDMs). Our experiments are run on FaceForensics++, a widely used deepfake benchmark consisting of manipulated images generated with various techniques for face identity swapping and face reenactment. Attacks are crafted through guided reconstruction of existing deepfakes with a proposed DDM approach for face restoration. Our findings indicate that employing just a single denoising diffusion step in the reconstruction process of a deepfake can significantly reduce the likelihood of detection, all without introducing any perceptible image modifications. While training detectors using attack examples demonstrated some effectiveness, it was observed that discriminators trained on fully diffusion-based deepfakes exhibited limited generalizability when presented with our attacks.

Related papers

• Real is not True: Backdoor Attacks Against Deepfake Detection [9.572726483706846]
  We introduce a pioneering paradigm denominated as Bad-Deepfake, which represents a novel foray into the realm of backdoor attacks levied against deepfake detectors. Our approach hinges upon the strategic manipulation of a subset of the training data, enabling us to wield disproportionate influence over the operational characteristics of a trained model.
  arXiv  Detail & Related papers  (2024-03-11T10:57:14Z)
• Masked Conditional Diffusion Model for Enhancing Deepfake Detection [20.018495944984355]
  We propose a Masked Conditional Diffusion Model (MCDM) for enhancing deepfake detection. It generates a variety of forged faces from a masked pristine one, encouraging the deepfake detection model to learn generic and robust representations.
  arXiv  Detail & Related papers  (2024-02-01T12:06:55Z)
• Generalized Deepfakes Detection with Reconstructed-Blended Images and Multi-scale Feature Reconstruction Network [14.749857283918157]
  We present a blended-based detection approach that has robust applicability to unseen datasets. Experiments demonstrated that this approach results in better performance in both cross-manipulation detection and cross-dataset detection on unseen data.
  arXiv  Detail & Related papers  (2023-12-13T09:49:15Z)
• Improving Cross-dataset Deepfake Detection with Deep Information Decomposition [57.284370468207214]
  Deepfake technology poses a significant threat to security and social trust. Existing detection methods suffer from sharp performance degradation when faced with cross-dataset scenarios. We propose a deep information decomposition (DID) framework in this paper.
  arXiv  Detail & Related papers  (2023-09-30T12:30:25Z)
• MMNet: Multi-Collaboration and Multi-Supervision Network for Sequential Deepfake Detection [81.59191603867586]
  Sequential deepfake detection aims to identify forged facial regions with the correct sequence for recovery. The recovery of forged images requires knowledge of the manipulation model to implement inverse transformations. We propose Multi-Collaboration and Multi-Supervision Network (MMNet) that handles various spatial scales and sequential permutations in forged face images.
  arXiv  Detail & Related papers  (2023-07-06T02:32:08Z)
• SeeABLE: Soft Discrepancies and Bounded Contrastive Learning for Exposing Deepfakes [7.553507857251396]
  We propose a novel deepfake detector, called SeeABLE, that formalizes the detection problem as a (one-class) out-of-distribution detection task. SeeABLE pushes perturbed faces towards predefined prototypes using a novel regression-based bounded contrastive loss. We show that our model convincingly outperforms competing state-of-the-art detectors, while exhibiting highly encouraging generalization capabilities.
  arXiv  Detail & Related papers  (2022-11-21T09:38:30Z)
• Restricted Black-box Adversarial Attack Against DeepFake Face Swapping [70.82017781235535]
  We introduce a practical adversarial attack that does not require any queries to the facial image forgery model. Our method is built on a substitute model persuing for face reconstruction and then transfers adversarial examples from the substitute model directly to inaccessible black-box DeepFake models.
  arXiv  Detail & Related papers  (2022-04-26T14:36:06Z)
• Deepfake Detection for Facial Images with Facemasks [17.238556058316412]
  We thoroughly evaluate the performance of state-of-the-art deepfake detection models on the deepfakes withthe facemask. We propose two approaches to enhance themasked deepfakes detection:face-patchandface-crop.
  arXiv  Detail & Related papers  (2022-02-23T09:01:27Z)
• Dual Spoof Disentanglement Generation for Face Anti-spoofing with Depth Uncertainty Learning [54.15303628138665]
  Face anti-spoofing (FAS) plays a vital role in preventing face recognition systems from presentation attacks. Existing face anti-spoofing datasets lack diversity due to the insufficient identity and insignificant variance. We propose Dual Spoof Disentanglement Generation framework to tackle this challenge by "anti-spoofing via generation"
  arXiv  Detail & Related papers  (2021-12-01T15:36:59Z)
• Beyond the Spectrum: Detecting Deepfakes via Re-Synthesis [69.09526348527203]
  Deep generative models have led to highly realistic media, known as deepfakes, that are commonly indistinguishable from real to human eyes. We propose a novel fake detection that is designed to re-synthesize testing images and extract visual cues for detection. We demonstrate the improved effectiveness, cross-GAN generalization, and robustness against perturbations of our approach in a variety of detection scenarios.
  arXiv  Detail & Related papers  (2021-05-29T21:22:24Z)
• Artificial Fingerprinting for Generative Models: Rooting Deepfake Attribution in Training Data [64.65952078807086]
  Photorealistic image generation has reached a new level of quality due to the breakthroughs of generative adversarial networks (GANs) Yet, the dark side of such deepfakes, the malicious use of generated media, raises concerns about visual misinformation. We seek a proactive and sustainable solution on deepfake detection by introducing artificial fingerprints into the models.
  arXiv  Detail & Related papers  (2020-07-16T16:49:55Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.