Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
80 tokens/sec
GPT-4o
59 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
7 tokens/sec
GPT-4.1 Pro
50 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

An Analysis of Recent Advances in Deepfake Image Detection in an Evolving Threat Landscape (2404.16212v1)

Published 24 Apr 2024 in cs.CR, cs.CV, and cs.LG

Abstract: Deepfake or synthetic images produced using deep generative models pose serious risks to online platforms. This has triggered several research efforts to accurately detect deepfake images, achieving excellent performance on publicly available deepfake datasets. In this work, we study 8 state-of-the-art detectors and argue that they are far from being ready for deployment due to two recent developments. First, the emergence of lightweight methods to customize large generative models, can enable an attacker to create many customized generators (to create deepfakes), thereby substantially increasing the threat surface. We show that existing defenses fail to generalize well to such \emph{user-customized generative models} that are publicly available today. We discuss new machine learning approaches based on content-agnostic features, and ensemble modeling to improve generalization performance against user-customized models. Second, the emergence of \textit{vision foundation models} -- machine learning models trained on broad data that can be easily adapted to several downstream tasks -- can be misused by attackers to craft adversarial deepfakes that can evade existing defenses. We propose a simple adversarial attack that leverages existing foundation models to craft adversarial samples \textit{without adding any adversarial noise}, through careful semantic manipulation of the image content. We highlight the vulnerabilities of several defenses against our attack, and explore directions leveraging advanced foundation models and adversarial training to defend against this new threat.

PDF HTML Abstract
Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Bookmark Chat Bubble Oval Streamline Icon: https://streamlinehq.com Chat (Pro)
Definition Search Book Streamline Icon: https://streamlinehq.com
References (80)
  1. “Generative AI: A New Frontier in Artificial Intelligence — Deloitte Ireland,” https://www2.deloitte.com/ie/en/pages/consulting/articles/generative-ai.html, 2023.
  2. R. Rombach, A. Blattmann, D. Lorenz, P. Esser, and B. Ommer, “High-resolution image synthesis with latent diffusion models,” in Proc. of CVPR, 2022.
  3. A. Ramesh, M. Pavlov, G. Goh, S. Gray, C. Voss, A. Radford, M. Chen, and I. Sutskever, “Zero-Shot Text-to-Image Generation,” in Proc. of ICML, 2021.
  4. O. Patashnik, Z. Wu, E. Shechtman, D. Cohen-Or, and D. Lischinski, “StyleCLIP: Text-Driven Manipulation of StyleGAN Imagery,” in Proc. of ICCV, 2021.
  5. “The latest marketing tactic on LinkedIn: AI-generated faces : NPR,” https://www.npr.org/2022/03/27/1088140809/fake-linkedin-profiles, 2022.
  6. “AI-generated images, like DALL-E, spark rival brands and controversy - Washington Post,” https://www.washingtonpost.com/technology/interactive/2022/artificial-intelligence-images-dall-e/, 2022.
  7. “Inside the pentagon’s race against deepfake videos,” https://www.cnn.com/interactive/2019/01/business/pentagons-race-against-deepfakes/, 2019.
  8. “Liveness tests used by banks to verify ID are ‘extremely vulnerable’ to deepfake attacks,” https://www.theverge.com/2022/5/18/23092964/deepfake-attack-facial-recognition-liveness-test-banks-sensity-report, 2022.
  9. C. Li, L. Wang, S. Ji, X. Zhang, Z. Xi, S. Guo, and T. Wang, “Seeing is Living? Rethinking the Security of Facial Liveness Verification in the Deepfake Era,” CoRR abs/2202.10673, 2022.
  10. “As Deepfakes Flourish, Countries Struggle With Response - The New York Times,” https://www.nytimes.com/2023/01/22/business/media/deepfake-regulation-difficulty.html, 2023.
  11. U. Ojha, Y. Li, and Y. J. Lee, “Towards Universal Fake Image Detectors that Generalize Across Generative Models,” in Proc. of CVPR, 2023.
  12. J. Ricker, S. Damm, T. Holz, and A. Fischer, “Towards the Detection of Diffusion Model Deepfakes,” in Proc. of VISAPP, 2024.
  13. Z. Liu, X. Qi, and P. H. Torr, “Global Texture Enhancement for Fake Face Detection in the Wild,” in Proc. of CVPR, 2020.
  14. Y. He, N. Yu, M. Keuper, and M. Fritz, “Beyond the Spectrum: Detecting Deepfakes via Re-Synthesis,” in Proc. of IJCAI, 2021.
  15. S.-Y. Wang, O. Wang, R. Zhang, A. Owens, and A. A. Efros, “CNN-generated images are surprisingly easy to spot… for now,” in Proc. of CVPR, 2020.
  16. D. Afchar, V. Nozick, J. Yamagishi, and I. Echizen, “MesoNet: a Compact Facial Video Forgery Detection Network,” in IEEE WIFS, 2018.
  17. L. Chai, D. Bau, S.-N. Lim, and P. Isola, “What makes fake images detectable? Understanding properties that generalize,” in Proc. of ECCV, 2020.
  18. T. Karras, S. Laine, and T. Aila, “A Style-Based Generator Architecture for Generative Adversarial Networks,” in Proc. of CVPR, 2019.
  19. A. Brock, J. Donahue, and K. Simonyan, “Large scale GAN training for high fidelity natural image synthesis,” in Proc. of ICLR, 2018.
  20. “CivitAI,” https://civitai.com/, 2022.
  21. “Models - Hugging Face,” https://huggingface.co/models, 2021.
  22. E. J. Hu, Y. Shen, P. Wallis, Z. Allen-Zhu, Y. Li, S. Wang, L. Wang, and W. Chen, “LoRA: Low-Rank Adaptation of Large Language Models,” CoRR abs/2106.09685, 2021.
  23. R. Bommasani, D. A. Hudson et al., “On the Opportunities and Risks of Foundation Models,” CoRR abs/2108.07258, 2021.
  24. A. Radford, J. W. Kim, C. Hallacy, A. Ramesh, G. Goh, S. Agarwal, G. Sastry, A. Askell, P. Mishkin, J. Clark et al., “Learning Transferable Visual Models From Natural Language Supervision,” in Proc. of ICML, 2021.
  25. M. Tan and Q. Le, “EfficientNet: Rethinking Model Scaling for Convolutional Neural Networks,” in Proc. of ICML, 2019.
  26. A. Dosovitskiy, L. Beyer, A. Kolesnikov, D. Weissenborn, X. Zhai, T. Unterthiner, M. Dehghani, M. Minderer, G. Heigold, S. Gelly, J. Uszkoreit, and N. Houlsby, “An Image is Worth 16x16 Words: Transformers for Image Recognition at Scale,” in Proc. of ICLR, 2021.
  27. Z. Sha, Z. Li, N. Yu, and Y. Zhang, “DE-FAKE: Detection and Attribution of Fake Images Generated by Text-to-Image Generation Models,” in Proc. of ACM CCS, 2023.
  28. Y. Hou, Q. Guo, Y. Huang, X. Xie, L. Ma, and J. Zhao, “Evading DeepFake Detectors via Adversarial Statistical Consistency,” in Proc. of CVPR, 2023.
  29. N. Carlini and H. Farid, “Evading Deepfake-Image Detectors with White- and Black-Box Attacks,” in Proc. of CVPR Workshop, 2020.
  30. D. Li, W. Wang, H. Fan, and J. Dong, “Exploring Adversarial Fake Images on Face Manifold,” in Proc. of CVPR, 2021.
  31. Y. Mirsky and W. Lee, “The Creation and Detection of Deepfakes: A Survey,” ACM CSUR, 2021.
  32. M. Kang, J.-Y. Zhu, R. Zhang, J. Park, E. Shechtman, S. Paris, and T. Park, “Scaling up GANs for Text-to-Image Synthesis,” in Proc. of CVPR, 2023.
  33. A. Van Den Oord, O. Vinyals et al., “Neural Discrete Representation Learning,” Adv. in NeurIPS, 2017.
  34. C. Saharia, W. Chan, S. Saxena, L. Li, J. Whang, E. L. Denton, K. Ghasemipour, R. Gontijo Lopes, B. Karagol Ayan, T. Salimans et al., “Photorealistic Text-to-Image Diffusion Models with Deep Language Understanding,” Adv. in NeurIPS, 2022.
  35. M. Cherti, R. Beaumont, R. Wightman, M. Wortsman, G. Ilharco, C. Gordon, C. Schuhmann, L. Schmidt, and J. Jitsev, “Reproducible scaling laws for contrastive language-image learning,” in Proc. of CVPR, 2023.
  36. A. Ramesh, P. Dhariwal, A. Nichol, C. Chu, and M. Chen, “Hierarchical Text-Conditional Image Generation with CLIP Latents,” CoRR abs/2204.06125, 2022.
  37. “Midjourney,” https://www.midjourney.com, 2022.
  38. J. Deng, W. Dong, R. Socher, L.-J. Li, K. Li, and L. Fei-Fei, “ImageNet: A Large-Scale Hierarchical Image Database,” in Proc. of CVPR, 2009.
  39. X. Zhai, J. Puigcerver, A. Kolesnikov, P. Ruyssen, C. Riquelme, M. Lucic, J. Djolonga, A. S. Pinto, M. Neumann, A. Dosovitskiy et al., “A Large-scale Study of Representation Learning with the Visual Task Adaptation Benchmark,” CoRR abs/1910.04867, 2019.
  40. T. Karras, S. Laine, M. Aittala, J. Hellsten, J. Lehtinen, and T. Aila, “Analyzing and Improving the Image Quality of StyleGAN,” in Proc. of CVPR, 2020.
  41. I. Goodfellow, J. Pouget-Abadie, M. Mirza, B. Xu, D. Warde-Farley, S. Ozair, A. Courville, and Y. Bengio, “Generative Adversarial Networks,” Communications of the ACM, 2020.
  42. Z. Xu, Z. Hong, C. Ding, Z. Zhu, J. Han, J. Liu, and E. Ding, “MobileFaceSwap: A Lightweight Framework for Video Face Swapping,” in Proc. of AAAI, 2022.
  43. J. Li, D. Li, C. Xiong, and S. Hoi, “BLIP: Bootstrapping Language Image Pre-training for Unified Vision-Language Understanding and Generation,” in Proc. of ICML, 2022.
  44. J. Frank, T. Eisenhofer, L. Schönherr, A. Fischer, D. Kolossa, and T. Holz, “Leveraging Frequency Analysis for Deep Fake Image Recognition,” in Proc. of ICML, 2020.
  45. A. Krizhevsky, I. Sutskever, and G. E. Hinton, “ImageNet Classification with Deep Convolutional Neural Networks,” Adv. in NeurIPS, 2012.
  46. C. Szegedy, W. Liu, Y. Jia, P. Sermanet, S. Reed, D. Anguelov, D. Erhan, V. Vanhoucke, and A. Rabinovich, “Going Deeper with Convolutions,” in Proc. of CVPR, 2015.
  47. “LAION-Aesthetics,” https://laion.ai/blog/laion-aesthetics/, 2022.
  48. “CLIP+MLP Aesthetic Score Predictor,” https://github.com/christophschuhmann/improved-aesthetic-predictor, 2022.
  49. “Realistic_Vision_V1.4.” https://huggingface.co/SG161222/Realistic_Vision_V1.4/tree/main, 2023.
  50. “runwayml/stable-diffusion-v1-5,” https://huggingface.co/runwayml/stable-diffusion-v1-5, 2022.
  51. A. Nichol, P. Dhariwal, A. Ramesh, P. Shyam, P. Mishkin, B. McGrew, I. Sutskever, and M. Chen, “GLIDE: Towards Photorealistic Image Generation and Editing with Text-Guided Diffusion Models,” CoRR abs/2112.10741, 2021.
  52. C. Schuhmann, R. Vencu, R. Beaumont, R. Kaczmarczyk, C. Mullis, A. Katta, T. Coombes, J. Jitsev, and A. Komatsuzaki, “LAION-400M: Open Dataset of CLIP Filtered 400 Million Image-Text Pairs,” NeurIPS Workshop, 2021.
  53. C. Schuhmann, R. Beaumont, R. Vencu, C. Gordon, R. Wightman, M. Cherti, T. Coombes, A. Katta, C. Mullis, M. Wortsman et al., “LAION-5B: An open large-scale dataset for training next generation image-text models,” Adv. in NeurIPS, 2022.
  54. “Using LoRA for Efficient Stable Diffusion Fine-Tuning,” https://huggingface.co/blog/lora, 2023.
  55. P. von Platen, S. Patil, A. Lozhkov, P. Cuenca, N. Lambert, K. Rasul, M. Davaadorj, and T. Wolf, “Diffusers: State-of-the-Art Diffusion Models,” https://github.com/huggingface/diffusers, 2022.
  56. N. Kumari, B. Zhang, R. Zhang, E. Shechtman, and J.-Y. Zhu, “Multi-Concept Customization of Text-to Image Diffusion,” in Proc. of CVPR, 2023.
  57. J. Hessel, A. Holtzman, M. Forbes, R. Le Bras, and Y. Choi, “CLIPScore: A Reference-free Evaluation Metric for Image Captioning,” in Proc. of EMNLP, 2021.
  58. M. Bińkowski, D. J. Sutherland, M. Arbel, and A. Gretton, “Demystifying MMD GANS,” in Proc. of ICLR, 2018.
  59. M. Heusel, H. Ramsauer, T. Unterthiner, B. Nessler, and S. Hochreiter, “GANs Trained by a Two Time-Scale Update Rule Converge to a Local Nash Equilibrium,” Proc. of NeurIPS, 2017.
  60. T. Karras, M. Aittala, J. Hellsten, S. Laine, J. Lehtinen, and T. Aila, “Training generative adversarial networks with limited data,” Advances in neural information processing systems, 2020.
  61. J. Pu, N. Mangaokar, B. Wang, C. K. Reddy, and B. Viswanath, “NoiseScope: Detecting Deepfake Images in a Blind Setting,” in Proc. of ACSAC, 2020.
  62. D. Zhang, F. Zhou, Y. Jiang, and Z. Fu, “MM-BSN: Self-Supervised Image Denoising for Real-World with Multi-Mask based on Blind-Spot Network,” in Proc. of CVPR, 2023.
  63. K. Simonyan and A. Zisserman, “Very Deep Convolutional Networks for Large-Scale Image Recognition,” in Proc. of ICLR, 2014.
  64. R. Zhang, P. Isola, A. A. Efros, E. Shechtman, and O. Wang, “The Unreasonable Effectiveness of Deep Features as a Perceptual Metric,” in Proc. of CVPR, 2018.
  65. “CLIP-convnext-large,” https://huggingface.co/laion/CLIP-convnext_large_d_320.laion2B-s29B-b131K-ft-soup, 2023.
  66. I. J. Goodfellow, J. Shlens, and C. Szegedy, “Explaining and Harnessing Adversarial Examples,” in Proc. of ICLR, 2015.
  67. H. Zhang, H. Chen, Z. Song, D. Boning, I. S. Dhillon, and C.-J. Hsieh, “The Limitations of Adversarial Training and the Blind-Spot Attack,” in Proc. of ICLR, 2019.
  68. S. Jia, C. Ma, T. Yao, B. Yin, S. Ding, and X. Yang, “Exploring Frequency Adversarial Attacks for Face Forgery Detection,” in Proc. of CVPR, 2022.
  69. K. Schwarz, Y. Liao, and A. Geiger, “On the Frequency Bias of Generative Models,” in Proc. of NIPS, 2021.
  70. V. Wesselkamp, K. Rieck, D. Arp, and E. Quiring, “Misleading Deep-Fake Detection with GAN Fingerprints,” in Proc. of IEEE S&P Workshop, 2022.
  71. Y. Huang, F. Juefei-Xu, R. Wang, Q. Guo, L. Ma, X. Xie, J. Li, W. Miao, Y. Liu, and G. Pu, “FakePolisher: Making DeepFakes More Detection-Evasive by Shallow Reconstruction,” in Proc. of ACM ICM, 2020.
  72. “PEFT,” https://huggingface.co/docs/peft/index, 2023.
  73. N. Ruiz, Y. Li, V. Jampani, Y. Pritch, M. Rubinstein, and K. Aberman, “DreamBooth: Fine Tuning Text-to Image Diffusion Models for Subject-Driven Generation,” in Proc. of CVPR, 2023.
  74. L. Zhang, A. Rao, and M. Agrawala, “Adding Conditional Control to Text to-Image Diffusion Models,” in Proc. of ICCV, 2023.
  75. “Egg Fusion - LoRA Merge,” https://civitai.com/models/43863/egg-fusion-lora-merge, 2023.
  76. D. Kim, Y. Kim, S. J. Kwon, W. Kang, and I.-C. Moon, “Refining Generative Process with Discriminator Guidance in Score-based Diffusion Models,” in Proc. of ICML, 2023.
  77. “(2) emad on x: ”@kennethcassel we actually used 256 a100s for this per the model card, 150k hours in total so at market price $600k” / x,” https://twitter.com/EMostaque/status/1563870674111832066, 2022.
  78. A. Sauer, T. Karras, S. Laine, A. Geiger, and T. Aila, “StyleGAN-T: Unlocking the Power of GANs for Fast Large-Scale Text-to-Image Synthesis,” CoRR abs/2301.09515, 2023.
  79. M. Ding, Z. Yang, W. Hong, W. Zheng, C. Zhou, D. Yin, J. Lin, X. Zou, Z. Shao, H. Yang et al., “CogView: Mastering Text-to-Image Generation via Transformers,” Adv. in NeurIPS, 2021.
  80. K. Crowson, S. Biderman, D. Kornis, D. Stander, E. Hallahan, L. Castricato, and E. Raff, “VQGAN-CLIP: Open Domain Image Generation and Editing with Natural Language Guidance,” in Proc. of ECCV, 2022.
User Edit Pencil Streamline Icon: https://streamlinehq.com
Authors (7)
  1. Sifat Muhammad Abdullah (2 papers)
  2. Aravind Cheruvu (1 paper)
  3. Shravya Kanchi (1 paper)
  4. Taejoong Chung (2 papers)
  5. Peng Gao (401 papers)
  6. Murtuza Jadliwala (28 papers)
  7. Bimal Viswanath (11 papers)
Citations (5)
View on Semantic Scholar