Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
129 tokens/sec
GPT-4o
28 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

LEAT: Towards Robust Deepfake Disruption in Real-World Scenarios via Latent Ensemble Attack (2307.01520v1)

Published 4 Jul 2023 in cs.CV and cs.AI

Abstract: Deepfakes, malicious visual contents created by generative models, pose an increasingly harmful threat to society. To proactively mitigate deepfake damages, recent studies have employed adversarial perturbation to disrupt deepfake model outputs. However, previous approaches primarily focus on generating distorted outputs based on only predetermined target attributes, leading to a lack of robustness in real-world scenarios where target attributes are unknown. Additionally, the transferability of perturbations between two prominent generative models, Generative Adversarial Networks (GANs) and Diffusion Models, remains unexplored. In this paper, we emphasize the importance of target attribute-transferability and model-transferability for achieving robust deepfake disruption. To address this challenge, we propose a simple yet effective disruption method called Latent Ensemble ATtack (LEAT), which attacks the independent latent encoding process. By disrupting the latent encoding process, it generates distorted output images in subsequent generation processes, regardless of the given target attributes. This target attribute-agnostic attack ensures robust disruption even when the target attributes are unknown. Additionally, we introduce a Normalized Gradient Ensemble strategy that effectively aggregates gradients for iterative gradient attacks, enabling simultaneous attacks on various types of deepfake models, involving both GAN-based and Diffusion-based models. Moreover, we demonstrate the insufficiency of evaluating disruption quality solely based on pixel-level differences. As a result, we propose an alternative protocol for comprehensively evaluating the success of defense. Extensive experiments confirm the efficacy of our method in disrupting deepfakes in real-world scenarios, reporting a higher defense success rate compared to previous methods.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (32)
  1. TAFIM: Targeted Adversarial Attacks against Facial Image Manipulations. In Computer Vision–ECCV 2022: 17th European Conference, Tel Aviv, Israel, October 23–27, 2022, Proceedings, Part XIV, 58–75. Springer.
  2. Simswap: An efficient framework for high fidelity face swapping. In Proceedings of the 28th ACM International Conference on Multimedia, 2003–2011.
  3. Stargan: Unified generative adversarial networks for multi-domain image-to-image translation. In Proceedings of the IEEE conference on computer vision and pattern recognition, 8789–8797.
  4. Explaining and Harnessing Adversarial Examples. In International Conference on Learning Representations.
  5. Defending Against Deepfakes with Ensemble Adversarial Perturbation. In 2022 26th International Conference on Pattern Recognition (ICPR), 1952–1958. IEEE.
  6. Attgan: Facial attribute editing by only changing what you want. IEEE transactions on image processing, 28(11): 5464–5478.
  7. Cmua-watermark: A cross-model universal adversarial watermark for combating deepfakes. In Proceedings of the AAAI Conference on Artificial Intelligence, volume 36, 989–997.
  8. Initiative defense against facial manipulation. In Proceedings of the AAAI Conference on Artificial Intelligence, volume 35, 1619–1627.
  9. Progressive Growing of GANs for Improved Quality, Stability, and Variation. In International Conference on Learning Representations.
  10. A style-based generator architecture for generative adversarial networks. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition, 4401–4410.
  11. Analyzing and improving the image quality of stylegan. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition, 8110–8119.
  12. Adversarial examples for generative models. In 2018 ieee security and privacy workshops (spw), 36–42. IEEE.
  13. Adversarial examples in the physical world. ICLR Workshop.
  14. Faceshifter: Towards high fidelity and occlusion aware face swapping. arXiv preprint arXiv:1912.13457.
  15. Adversarial Example Does Good: Preventing Painting Imitation from Diffusion Models via Adversarial Examples. arXiv preprint arXiv:2302.04578.
  16. Towards Deep Learning Models Resistant to Adversarial Attacks. In International Conference on Learning Representations.
  17. VoxCeleb: A Large-Scale Speaker Identification Dataset. In Proc. Interspeech 2017, 2616–2620.
  18. Styleclip: Text-driven manipulation of stylegan imagery. In Proceedings of the IEEE/CVF International Conference on Computer Vision, 2085–2094.
  19. Diffusion autoencoders: Toward a meaningful and decodable representation. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, 10619–10629.
  20. Ganimation: Anatomically-aware facial animation from a single image. In Proceedings of the European conference on computer vision (ECCV), 818–833.
  21. Learning transferable visual models from natural language supervision. In International conference on machine learning, 8748–8763. PMLR.
  22. Encoding in style: a stylegan encoder for image-to-image translation. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition, 2287–2296.
  23. Disrupting deepfakes: Adversarial attacks against conditional image translation networks and facial manipulation systems. In Computer Vision–ECCV 2020 Workshops: Glasgow, UK, August 23–28, 2020, Proceedings, Part IV 16, 236–251. Springer.
  24. Intriguing properties of neural networks. In International Conference on Learning Representations.
  25. Feature Extraction Matters More: Universal Deepfake Disruption through Attacking Ensemble Feature Extractors. arXiv preprint arXiv:2303.00200.
  26. One detector to rule them all: Towards a general deepfake attack detection framework. In Proceedings of the web conference 2021, 3625–3637.
  27. Icface: Interpretable and controllable face reenactment using gans. In Proceedings of the IEEE/CVF winter conference on applications of computer vision, 3385–3394.
  28. FakeSpotter: A Simple yet Robust Baseline for Spotting AI-Synthesized Fake Faces. In Bessiere, C., ed., Proceedings of the Twenty-Ninth International Joint Conference on Artificial Intelligence, IJCAI-20, 3444–3451. International Joint Conferences on Artificial Intelligence Organization. Main track.
  29. Deepfake disrupter: The detector of deepfake is my friend. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, 14920–14929.
  30. Disrupting image-translation-based deepfake algorithms with adversarial attacks. In Proceedings of the IEEE/CVF Winter Conference on Applications of Computer Vision Workshops, 53–62.
  31. The unreasonable effectiveness of deep features as a perceptual metric. In Proceedings of the IEEE conference on computer vision and pattern recognition, 586–595.
  32. Multi-attentional deepfake detection. In Proceedings of the IEEE/CVF conference on computer vision and pattern recognition, 2185–2194.
Citations (1)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now