Hiding Faces in Plain Sight: Defending DeepFakes by Disrupting Face Detection

• URL: http://arxiv.org/abs/2412.01101v1
• Date: Mon, 02 Dec 2024 04:17:48 GMT
• Title: Hiding Faces in Plain Sight: Defending DeepFakes by Disrupting Face Detection
• Authors: Delong Zhu, Yuezun Li, Baoyuan Wu, Jiaran Zhou, Zhibo Wang, Siwei Lyu,
• Abstract summary: This paper investigates the feasibility of a proactive DeepFake defense framework, em FacePosion, to prevent individuals from becoming victims of DeepFake videos. Based on FacePoison, we introduce em VideoFacePoison, a strategy that propagates FacePoison across video frames rather than applying them individually to each frame. Our method is validated on five face detectors, and extensive experiments against eleven different DeepFake models demonstrate the effectiveness of disrupting face detectors to hinder DeepFake generation.
• Score: 56.289631511616975
• License:
• Abstract: This paper investigates the feasibility of a proactive DeepFake defense framework, {\em FacePosion}, to prevent individuals from becoming victims of DeepFake videos by sabotaging face detection. The motivation stems from the reliance of most DeepFake methods on face detectors to automatically extract victim faces from videos for training or synthesis (testing). Once the face detectors malfunction, the extracted faces will be distorted or incorrect, subsequently disrupting the training or synthesis of the DeepFake model. To achieve this, we adapt various adversarial attacks with a dedicated design for this purpose and thoroughly analyze their feasibility. Based on FacePoison, we introduce {\em VideoFacePoison}, a strategy that propagates FacePoison across video frames rather than applying them individually to each frame. This strategy can largely reduce the computational overhead while retaining the favorable attack performance. Our method is validated on five face detectors, and extensive experiments against eleven different DeepFake models demonstrate the effectiveness of disrupting face detectors to hinder DeepFake generation.

Related papers

• Deepfake detection in videos with multiple faces using geometric-fakeness features [79.16635054977068]
  Deepfakes of victims or public figures can be used by fraudsters for blackmailing, extorsion and financial fraud. In our research we propose to use geometric-fakeness features (GFF) that characterize a dynamic degree of a face presence in a video. We employ our approach to analyze videos with multiple faces that are simultaneously present in a video.
  arXiv  Detail & Related papers  (2024-10-10T13:10:34Z)
• Poisoned Forgery Face: Towards Backdoor Attacks on Face Forgery Detection [62.595450266262645]
  This paper introduces a novel and previously unrecognized threat in face forgery detection scenarios caused by backdoor attack. By embedding backdoors into models, attackers can deceive detectors into producing erroneous predictions for forged faces. We propose emphPoisoned Forgery Face framework, which enables clean-label backdoor attacks on face forgery detectors.
  arXiv  Detail & Related papers  (2024-02-18T06:31:05Z)
• Exploring Decision-based Black-box Attacks on Face Forgery Detection [53.181920529225906]
  Face forgery generation technologies generate vivid faces, which have raised public concerns about security and privacy. Although face forgery detection has successfully distinguished fake faces, recent studies have demonstrated that face forgery detectors are very vulnerable to adversarial examples.
  arXiv  Detail & Related papers  (2023-10-18T14:49:54Z)
• Turn Fake into Real: Adversarial Head Turn Attacks Against Deepfake Detection [58.1263969438364]
  We propose adversarial head turn (AdvHeat) as the first attempt at 3D adversarial face views against deepfake detectors. Experiments validate the vulnerability of various detectors to AdvHeat in realistic, black-box scenarios. Additional analyses demonstrate that AdvHeat is better than conventional attacks on both the cross-detector transferability and robustness to defenses.
  arXiv  Detail & Related papers  (2023-09-03T07:01:34Z)
• FakeTracer: Catching Face-swap DeepFakes via Implanting Traces in Training [36.158715089667034]
  Face-swap DeepFake is an emerging AI-based face forgery technique. Due to the high privacy of faces, the misuse of this technique can raise severe social concerns. We describe a new proactive defense method called FakeTracer to expose face-swap DeepFakes via implanting traces in training.
  arXiv  Detail & Related papers  (2023-07-27T02:36:13Z)
• Restricted Black-box Adversarial Attack Against DeepFake Face Swapping [70.82017781235535]
  We introduce a practical adversarial attack that does not require any queries to the facial image forgery model. Our method is built on a substitute model persuing for face reconstruction and then transfers adversarial examples from the substitute model directly to inaccessible black-box DeepFake models.
  arXiv  Detail & Related papers  (2022-04-26T14:36:06Z)
• Landmark Breaker: Obstructing DeepFake By Disturbing Landmark Extraction [40.71503677067645]
  We describe Landmark Breaker, the first dedicated method to disrupt facial landmark extraction. Our motivation is that disrupting the facial landmark extraction can affect the alignment of input face so as to degrade the DeepFake quality. Compared to the detection methods that only work after DeepFake generation, Landmark Breaker goes one step ahead to prevent DeepFake generation.
  arXiv  Detail & Related papers  (2021-02-01T12:27:08Z)
• Vulnerability of Face Recognition Systems Against Composite Face Reconstruction Attack [3.3707422585608953]
  Rounding confidence score is considered trivial but a simple and effective countermeasure to stop gradient descent based image reconstruction attacks. In this paper, we prove that, the face reconstruction attacks based on composite faces can reveal the inefficiency of rounding policy as countermeasure.
  arXiv  Detail & Related papers  (2020-08-23T03:37:51Z)
• Defending against GAN-based Deepfake Attacks via Transformation-aware Adversarial Faces [36.87244915810356]
  Deepfake represents a category of face-swapping attacks that leverage machine learning models. We propose to use novel transformation-aware adversarially perturbed faces as a defense against Deepfake attacks. We also propose to use an ensemble-based approach to enhance the defense robustness against GAN-based Deepfake variants.
  arXiv  Detail & Related papers  (2020-06-12T18:51:57Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.