Artificial Fingerprinting for Generative Models: Rooting Deepfake Attribution in Training Data (2007.08457v7)

Abstract: Photorealistic image generation has reached a new level of quality due to the breakthroughs of generative adversarial networks (GANs). Yet, the dark side of such deepfakes, the malicious use of generated media, raises concerns about visual misinformation. While existing research work on deepfake detection demonstrates high accuracy, it is subject to advances in generation techniques and adversarial iterations on detection countermeasure techniques. Thus, we seek a proactive and sustainable solution on deepfake detection, that is agnostic to the evolution of generative models, by introducing artificial fingerprints into the models. Our approach is simple and effective. We first embed artificial fingerprints into training data, then validate a surprising discovery on the transferability of such fingerprints from training data to generative models, which in turn appears in the generated deepfakes. Experiments show that our fingerprinting solution (1) holds for a variety of cutting-edge generative models, (2) leads to a negligible side effect on generation quality, (3) stays robust against image-level and model-level perturbations, (4) stays hard to be detected by adversaries, and (5) converts deepfake detection and attribution into trivial tasks and outperforms the recent state-of-the-art baselines. Our solution closes the responsibility loop between publishing pre-trained generative model inventions and their possible misuses, which makes it independent of the current arms race. Code and models are available at https://github.com/ningyu1991/ArtificialGANFingerprints .

Artificial Fingerprinting for Generative Models: Rooting Deepfake Attribution in Training Data

In the context of advancing generative adversarial networks (GANs) and the proliferation of photorealistic deepfake media, the paper "Artificial Fingerprinting for Generative Models: Rooting Deepfake Attribution in Training Data" proposes an innovative technique that embeds artificial fingerprints into the training data of generative models. This approach aims to ensure that all images generated by these models carry a traceable fingerprint, allowing for effective deepfake detection and source attribution. The primary goal is to offer a proactive solution to the problem of deepfake misuse, distinct from traditional reactive detection methods that are susceptible to adversarial advancements in generative techniques.

Contributions and Methodology

The paper's contributions are multifaceted:

1. Synergy between Image Steganography and GANs:
   • The authors effectively integrate deep-learning-based image steganography with GANs to create a practical solution for embedding traceable artificial fingerprints into generative models. This is a novel application, as traditional steganographic methods fail to transfer the hidden information into the model due to their shallow nature compared to deep generative techniques.
2. Transferability of Fingerprints:
   • A core discovery of this research is the transferability of artificial fingerprints from training data to generated outputs. The authors demonstrate empirically that deep-learning-based fingerprints, unlike conventional methods, can be successfully embedded into and detected from a wide array of state-of-the-art generative models without compromising the generated images' fidelity.
3. Comprehensive Evaluation:
   • The proposed fingerprinting technique is evaluated against several criteria, including transferability, universality, fidelity, robustness, and secrecy. It is shown to maintain negligible effects on generation quality while being robust to various image and model perturbations. The secrecy tests indicate that the presence of fingerprints is covert enough to avoid detection by potential adversaries.

Experimental Setup and Results

The experiments cover several generative models, including ProGAN, StyleGAN, StyleGAN2, BigGAN, and CUT, across datasets like CelebA, LSUN Bedroom, LSUN Cat, CIFAR-10, Horse→Zebra, and Cat→Dog. Key findings include:

• Detection Accuracy:
  • The fingerprint detection accuracy reaches almost perfect levels (≥ 98%) across different models and datasets, with the exception of ProGAN on LSUN Bedroom, where accuracy still comfortably indicates the presence of fingerprints.
• Generation Quality:
  • FID scores, a measure of generation quality, reveal that the fidelity of images from fingerprinted models closely parallels non-fingerprinted counterparts, demonstrating the practicability of this method without degrading the visual output.

Implications and Future Directions

The significance of this paper lies in its potential to shift the paradigm from reactive to proactive deepfake management. By enabling model inventors to embed unique fingerprints in their generative models, the research empowers them to deter misuse and facilitate responsible model disclosure. It proposes a framework where responsibility for deepfake generation can be traced back to specific models and users, closing the accountability loop in the deployment of generative technologies.

As this approach is independent of the specific architecture of the generative model, it remains adaptable to future advancements in generative technologies, offering a sustainable path forward in the continuous battle against deepfake misinformation. Potential future research directions could explore the integration of this fingerprinting mechanism with emerging generative models and further enhancements in fingerprint secrecy and robustness against deliberate evasion techniques.

In summary, this paper presents a significant leap towards sustainable and proactive deepfake detection and attribution by rooting artificial fingerprinting in the training data of generative models, offering numerous practical benefits alongside theoretical insights into the intersection of steganography and generative adversarial networks.