On the Vulnerability of DeepFake Detectors to Attacks Generated by
Denoising Diffusion Models
- URL: http://arxiv.org/abs/2307.05397v2
- Date: Sun, 29 Oct 2023 22:41:02 GMT
- Title: On the Vulnerability of DeepFake Detectors to Attacks Generated by
Denoising Diffusion Models
- Authors: Marija Ivanovska, Vitomir \v{S}truc
- Abstract summary: We investigate the vulnerability of single-image deepfake detectors to black-box attacks created by the newest generation of generative methods.
Our experiments are run on FaceForensics++, a widely used deepfake benchmark consisting of manipulated images.
Our findings indicate that employing just a single denoising diffusion step in the reconstruction process of a deepfake can significantly reduce the likelihood of detection.
- Score: 0.5827521884806072
- License: http://creativecommons.org/licenses/by-nc-nd/4.0/
- Abstract: The detection of malicious deepfakes is a constantly evolving problem that
requires continuous monitoring of detectors to ensure they can detect image
manipulations generated by the latest emerging models. In this paper, we
investigate the vulnerability of single-image deepfake detectors to black-box
attacks created by the newest generation of generative methods, namely
Denoising Diffusion Models (DDMs). Our experiments are run on FaceForensics++,
a widely used deepfake benchmark consisting of manipulated images generated
with various techniques for face identity swapping and face reenactment.
Attacks are crafted through guided reconstruction of existing deepfakes with a
proposed DDM approach for face restoration. Our findings indicate that
employing just a single denoising diffusion step in the reconstruction process
of a deepfake can significantly reduce the likelihood of detection, all without
introducing any perceptible image modifications. While training detectors using
attack examples demonstrated some effectiveness, it was observed that
discriminators trained on fully diffusion-based deepfakes exhibited limited
generalizability when presented with our attacks.
Related papers
- DiffusionFake: Enhancing Generalization in Deepfake Detection via Guided Stable Diffusion [94.46904504076124]
Deepfake technology has made face swapping highly realistic, raising concerns about the malicious use of fabricated facial content.
Existing methods often struggle to generalize to unseen domains due to the diverse nature of facial manipulations.
We introduce DiffusionFake, a novel framework that reverses the generative process of face forgeries to enhance the generalization of detection models.
arXiv Detail & Related papers (2024-10-06T06:22:43Z) - Exploring Strengths and Weaknesses of Super-Resolution Attack in Deepfake Detection [9.372782789857803]
We explore the potential of super-resolution attacks based on different super-resolution techniques.
We show that the super-resolution process is effective in hiding the artifacts introduced by deepfake generation models but fails in hiding the traces contained in fully synthetic images.
We propose some changes to the detectors' training process to improve their robustness to this kind of attack.
arXiv Detail & Related papers (2024-10-05T15:47:34Z) - UniForensics: Face Forgery Detection via General Facial Representation [60.5421627990707]
High-level semantic features are less susceptible to perturbations and not limited to forgery-specific artifacts, thus having stronger generalization.
We introduce UniForensics, a novel deepfake detection framework that leverages a transformer-based video network, with a meta-functional face classification for enriched facial representation.
arXiv Detail & Related papers (2024-07-26T20:51:54Z) - Masked Conditional Diffusion Model for Enhancing Deepfake Detection [20.018495944984355]
We propose a Masked Conditional Diffusion Model (MCDM) for enhancing deepfake detection.
It generates a variety of forged faces from a masked pristine one, encouraging the deepfake detection model to learn generic and robust representations.
arXiv Detail & Related papers (2024-02-01T12:06:55Z) - Generalized Deepfakes Detection with Reconstructed-Blended Images and
Multi-scale Feature Reconstruction Network [14.749857283918157]
We present a blended-based detection approach that has robust applicability to unseen datasets.
Experiments demonstrated that this approach results in better performance in both cross-manipulation detection and cross-dataset detection on unseen data.
arXiv Detail & Related papers (2023-12-13T09:49:15Z) - MMNet: Multi-Collaboration and Multi-Supervision Network for Sequential
Deepfake Detection [81.59191603867586]
Sequential deepfake detection aims to identify forged facial regions with the correct sequence for recovery.
The recovery of forged images requires knowledge of the manipulation model to implement inverse transformations.
We propose Multi-Collaboration and Multi-Supervision Network (MMNet) that handles various spatial scales and sequential permutations in forged face images.
arXiv Detail & Related papers (2023-07-06T02:32:08Z) - SeeABLE: Soft Discrepancies and Bounded Contrastive Learning for
Exposing Deepfakes [7.553507857251396]
We propose a novel deepfake detector, called SeeABLE, that formalizes the detection problem as a (one-class) out-of-distribution detection task.
SeeABLE pushes perturbed faces towards predefined prototypes using a novel regression-based bounded contrastive loss.
We show that our model convincingly outperforms competing state-of-the-art detectors, while exhibiting highly encouraging generalization capabilities.
arXiv Detail & Related papers (2022-11-21T09:38:30Z) - Deepfake Detection for Facial Images with Facemasks [17.238556058316412]
We thoroughly evaluate the performance of state-of-the-art deepfake detection models on the deepfakes withthe facemask.
We propose two approaches to enhance themasked deepfakes detection:face-patchandface-crop.
arXiv Detail & Related papers (2022-02-23T09:01:27Z) - Dual Spoof Disentanglement Generation for Face Anti-spoofing with Depth
Uncertainty Learning [54.15303628138665]
Face anti-spoofing (FAS) plays a vital role in preventing face recognition systems from presentation attacks.
Existing face anti-spoofing datasets lack diversity due to the insufficient identity and insignificant variance.
We propose Dual Spoof Disentanglement Generation framework to tackle this challenge by "anti-spoofing via generation"
arXiv Detail & Related papers (2021-12-01T15:36:59Z) - Beyond the Spectrum: Detecting Deepfakes via Re-Synthesis [69.09526348527203]
Deep generative models have led to highly realistic media, known as deepfakes, that are commonly indistinguishable from real to human eyes.
We propose a novel fake detection that is designed to re-synthesize testing images and extract visual cues for detection.
We demonstrate the improved effectiveness, cross-GAN generalization, and robustness against perturbations of our approach in a variety of detection scenarios.
arXiv Detail & Related papers (2021-05-29T21:22:24Z) - Artificial Fingerprinting for Generative Models: Rooting Deepfake
Attribution in Training Data [64.65952078807086]
Photorealistic image generation has reached a new level of quality due to the breakthroughs of generative adversarial networks (GANs)
Yet, the dark side of such deepfakes, the malicious use of generated media, raises concerns about visual misinformation.
We seek a proactive and sustainable solution on deepfake detection by introducing artificial fingerprints into the models.
arXiv Detail & Related papers (2020-07-16T16:49:55Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.