Papers
Topics
Authors
Recent
Search
2000 character limit reached

FakeParts: Localized Authenticity Failures

Updated 5 July 2026
  • FakeParts are localized authenticity failures that occur in digital media and hardware, focusing on part-level manipulations rather than full-scale forgeries.
  • The methodologies quantify manipulations using spatial and temporal masks, providing pixel-level and frame-level metrics for benchmarking partial deepfakes and counterfeit components.
  • Cross-domain studies reveal that high global plausibility can mask localized defects, demanding specialized detection techniques for both video and hardware security applications.

Searching arXiv for the cited FakeParts-related papers to ground the article in current records. arXiv search query: FakePartsBench partial deepfakes (Brison et al., 28 Aug 2025); DelftBikes hallucination object detection (Kayhan et al., 2021); parts-based facial forgery artifacts (Schwarcz et al., 2021); FFR_FD feature point defects deepfakes (Wang et al., 2021). In recent literature, “FakeParts” appears as a label for several part-level authenticity problems, most prominently partial video deepfakes, but also hallucinated object-part detections and counterfeit physical components. In the deepfake literature, FakeParts are localized spatial regions and/or temporal segments of an otherwise authentic video that have been manipulated; in object detection, the term has been used for detectors that “see” absent parts at canonical positions; in hardware and supply-chain security, it aligns with counterfeit, recycled, or malicious replacement parts whose apparent normality conceals altered provenance or behavior (Brison et al., 28 Aug 2025, Kayhan et al., 2021, Shwartz et al., 2018).

1. Terminological range and conceptual core

The dominant contemporary usage defines FakeParts as deepfakes in which only localized spatial regions and/or temporal segments of an otherwise authentic video are manipulated. The manipulated area ratio is formalized as

r=MΩT,r = \frac{|M|}{|\Omega| \cdot T},

where V={It}t=1TV=\{I_t\}_{t=1}^T is the video, Ω\Omega is the spatial domain, and MΩ×{1,,T}M \subset \Omega \times \{1,\ldots,T\} is the spatiotemporal manipulation mask. This formulation distinguishes FakeParts from full-frame synthetic video by preserving most of the original footage while changing targeted elements such as a face, an object, the scene boundary, or the timing between keyframes (Brison et al., 28 Aug 2025).

A separate computer-vision usage concerns visual part verification. There, a hallucination is any detection on a part annotated as missing, including absent or occluded parts, and the DelftBikes dataset provides “most likely” boxes even for missing parts so that hallucinations can be measured with localization criteria. The phenomenon is not merely a false positive in the generic object-detection sense: the detectors can output well-localized boxes where no object exists, often at the expected part position on the bicycle (Kayhan et al., 2021).

In hardware-security and counterfeit-mitigation work, the relevant notion is different again. “Fake parts” refers to counterfeit, aftermarket, recycled, or malicious replacement components, including touchscreens, microcontrollers, op-amps, and other internal modules. These parts are problematic not only because they may be inferior, but because they may violate implicit trust assumptions in device drivers, pass superficial screening, or be relabeled as authentic stock (Shwartz et al., 2018, Obermaier et al., 2020, Mehraban et al., 17 Jul 2025).

A common misconception is to treat these usages as interchangeable. They are not. What they share is the localization of falsification at the part level rather than the necessity of a globally fabricated object.

2. FakeParts as partial video deepfakes

The most explicit formalization appears in “FakeParts: a New Family of AI-Generated DeepFakes,” which introduces FakePartsBench, a benchmark with over 25,000 fake videos and 16,000 real videos, with pixel-level masks for spatial edits, frame-level labels, and video-level metadata. The benchmark spans spatial FakeParts such as FaceSwap, inpainting, and outpainting; temporal FakeParts such as interpolation; and style FakeParts such as appearance changes that preserve structure. Generation pipelines include InsightFace for FaceSwap, Grounded-SAM-2 plus DiffuEraser or ProPainter for inpainting, AKiRa for outpainting, Framer for temporal interpolation, and RAVE for style change; for comparison, full deepfakes are also generated with Sora, Veo2, and Allegro (Brison et al., 28 Aug 2025).

The benchmark defines three task families. Video-level classification predicts y{real,fake}y \in \{\text{real},\text{fake}\}, typically by aggregating frame scores sts_t; frame-level detection predicts per-frame fake labels; pixel-level localization predicts masks M^t(x,y)\hat M_t(x,y) and can be trained with Dice or BCE-style objectives. The availability of pixel and frame supervision matters because partial manipulations can be sparse in space and time. The paper explicitly reports that smaller rr correlates with more believable deceptions and lower detection for both humans and models.

Empirically, the benchmark shows a sharp degradation in both human and automatic detection. The average human accuracy is 75.3%, and FakeParts reduce human detection accuracy by over 30% compared to traditional full deepfakes. Human fake-confidence is very high for StyleChange (0.983) and Outpainting (0.800), but lower for subtle edits such as Inpainting (0.588) and Interpolation (0.676). Detector performance also drops broadly: AIGVDet has overall F1 0.319, AP 0.586, and Acc 0.532; DeMamba has F1 0.349, AP 0.568, and Acc 0.530; NPR has F1 0.399, AP 0.872, and Acc 0.610; UnivFD has F1 0.252, AP 0.745, and Acc 0.550; FatFormer has F1 0.375, AP 0.967, and Acc 0.612; C2P-CLIP has F1 0.467, AP 0.987, and Acc 0.651; humans remain at F1 0.750, AP 0.755, and Acc 0.751.

The paper also isolates a methodological split between detector families. Frequency-oriented or temporal models such as AIGVDet, NPR, and DeMamba are stronger on full synthetic content but weak on FakeParts categories such as Inpainting and Outpainting. CLIP-based detectors such as UnivFD, FatFormer, and C2P-CLIP are comparatively stronger on some FakeParts categories, but they often fall below 0.20 on high-fidelity T2V or IT2V content. This establishes FakeParts as a distinct failure mode rather than a trivial extension of existing deepfake benchmarks.

3. Part-centric media forensics and localized artifact analysis

Part-based detection methods were already motivated by the observation that manipulations often introduce localized artifacts. “Finding Facial Forgery Artifacts with Parts-Based Detectors” describes a family of forgery detection systems that each focus on one individual part of the face, can be combined in a single architecture, generalize effectively between datasets, and provide insights into what the network is looking at when making its decision; the empirical analysis is conducted on FaceForensics++, Celeb-DF, and DFDC (Schwarcz et al., 2021).

A more detailed operationalization appears in FFR_FD, which treats deepfake evidence as region-wise feature-point defects. Faces are segmented into mouth, inner_mouth, right_eyebrow, left_eyebrow, right_eye, left_eye, nose, and the entire face, and descriptors are aggregated into the Fused Facial Region–Feature Descriptor

f=[FDentire faceFDmouthFDnose].\mathbf{f} = [FD_{\text{entire face}} \Vert FD_{\text{mouth}} \Vert \cdots \Vert FD_{\text{nose}}].

The core empirical observation is that deepfakes have fewer feature points than real faces, especially in detailed regions. In a self-swapped control study using FAST, the entire face drops from 146.1 real to 53.7 fake, the mouth from 46.4 to 8.7, and the inner_mouth from 21.8 to 2.9. Across six datasets, region-wise descriptors combined with a random forest yield competitive or superior ROC-AUC relative to several DNN baselines; for example, FAST+BRIEF (no_ave) reaches 92.3 on FF++ DeepFakes (RAW), and SURF (ave) reaches 88.3 on DFDC and 82.2 on CelebDF_V2 (Wang et al., 2021).

This line of work clarifies that localized manipulation often survives global semantic plausibility. FakeParts-style edits can therefore remain difficult for holistic classifiers while still perturbing fine-grained region statistics.

4. Hallucinated parts in visual part verification

In “Hallucination In Object Detection — A Study In Visual Part Verification,” FakeParts refers to hallucinated detections of non-existent parts. DelftBikes contains 10,000 bicycle photographs, 22 densely annotated parts per image, and a four-way state label—intact, damaged, absent, occluded—for each part. For verification, present parts are intact or damaged, while missing parts are absent or occluded. Crucially, the dataset annotates “most likely” bounding boxes even for absent or occluded parts, enabling localization-based hallucination measurement (Kayhan et al., 2021).

The paper evaluates present-part recall RPR^P, missing-part recall V={It}t=1TV=\{I_t\}_{t=1}^T0, and a verification score

V={It}t=1TV=\{I_t\}_{t=1}^T1

with V={It}t=1TV=\{I_t\}_{t=1}^T2, so hallucinations are 10× more costly than misses on present parts. With localization, present parts use V={It}t=1TV=\{I_t\}_{t=1}^T3 and missing parts use V={It}t=1TV=\{I_t\}_{t=1}^T4; without localization, both IoU thresholds are set to 0.

The main result is that standard AP does not expose the verification failure mode. At IoU = 0.5, RetinaNet and YOLOv3 detect about 20% of missing parts, while Faster R-CNN detects 14%. At IoU = 0, RetinaNet and YOLOv3 approach about 80% missing-part recall, while Faster R-CNN reaches 32%. In verification terms, with localization Faster R-CNN achieves V={It}t=1TV=\{I_t\}_{t=1}^T5, V={It}t=1TV=\{I_t\}_{t=1}^T6, and V={It}t=1TV=\{I_t\}_{t=1}^T7, whereas RetinaNet reaches V={It}t=1TV=\{I_t\}_{t=1}^T8, V={It}t=1TV=\{I_t\}_{t=1}^T9, and Ω\Omega0, and YOLOv3 reaches Ω\Omega1, Ω\Omega2, and Ω\Omega3. Without localization, a simple MCML classifier matches Faster R-CNN at Ω\Omega4 and outperforms RetinaNet and YOLOv3 for verification.

The paper attributes these hallucinations to strong spatial priors and context. Averaging part centers and sizes across the dataset yields a bicycle shape, indicating strong positional and contextual regularities. This is important because the detector may fire at the expected location of a front wheel or saddle even when the part is missing. A common misunderstanding is that a high-IoU box necessarily reflects strong visual evidence; on DelftBikes, it may instead reflect context and absolute position priors.

5. Counterfeit, recycled, and malicious physical parts

In hardware-security work, FakeParts are physical components whose authenticity, provenance, or trustworthiness is compromised. “Shattered Trust” shows that a malicious replacement touchscreen can exploit the trust placed in internal components and their drivers. On a Huawei Nexus 6P with a Synaptics S3718 controller, the malicious hardware performs touch injection, exfiltrates data, and triggers a buffer overflow leading to kernel control on stock Android. Demonstrated attacks include malicious software installation in about 21 s, taking a photo and emailing it in about 14 s, phishing URL replacement in less than 1 s, and complete phone compromise in about 65 s; the vulnerability set was assigned CVE-2017-0650 (Shwartz et al., 2018).

Replacement and counterfeit microcontrollers pose a parallel problem. “One Exploit to Rule them All?” analyzes six STM32F1-class devices by four manufacturers and finds them to be individually developed rather than silicon-level clones, yet all expose firmware through novel vulnerabilities, including non-invasive debug abuse and low-cost invasive attacks. Field identification signals include SWD IDCODE mismatches, such as 0x2BA01477 instead of the expected 0x1BA01477, CPUID differences between STM32F103 and replacements, and bootloader similarities or divergences across APM, CKS, and GD32 devices (Obermaier et al., 2020).

Counterfeit detection itself has generated distinct methodological responses. “Silicon Dating” screens recycled integrated circuits by reading SRAM power-on states and exploiting asymmetry induced by prior software use. It reports 84.1% accuracy without software-specific knowledge and 92.0% accuracy with software knowledge, compared with only 19.2% correct classification for a cited state-of-the-art non-destructive parametric approach on recycled microcontrollers (Williams et al., 2020). A supply-chain alternative combines blockchain and PUFs: in a Hyperledger Fabric prototype using Ω\Omega5 challenges and threshold Ω\Omega6, the system achieves TAR = 1.0, FRR = 0.0, FAR = 0, and TRR = 1 in the reported scenarios (Aniello et al., 2019).

Electrical screening can also expose counterfeit analog components. In a junior-level electronics course, counterfeit TL074CN op-amps produced abnormal low-current behavior and severe dynamic degradation. Genuine parts had measured quiescent current per amplifier Ω\Omega7 mA with Ω\Omega8 mA, whereas counterfeits had Ω\Omega9 mA with MΩ×{1,,T}M \subset \Omega \times \{1,\ldots,T\}0 mA; the proposed lower-side limit is approximately 0.63 mA per amplifier. Genuine devices showed MΩ×{1,,T}M \subset \Omega \times \{1,\ldots,T\}1 kHz and reported GBWP MΩ×{1,,T}M \subset \Omega \times \{1,\ldots,T\}2 MHz in the inverting gain-20 setup, while counterfeits showed MΩ×{1,,T}M \subset \Omega \times \{1,\ldots,T\}3 kHz and reported GBWP MΩ×{1,,T}M \subset \Omega \times \{1,\ldots,T\}4 kHz, with pronounced triangular or ramp-like outputs (Mehraban et al., 17 Jul 2025).

The literature also proposes identifier schemes that bind authenticity to intrinsic properties rather than labels. FaR hashes compute an identifier from quasi-identifiers partitioned into static, dynamic, and volatile classes. Static changes force global identifier changes; dynamic or volatile changes affect only selected bits after fuzzification. This addresses the specific weakness of barcodes, QR codes, EPC, and RFID noted in the paper: the identifier itself can be forged if it is not tied to the object’s intrinsic identity (Tripathi et al., 2023).

6. Cross-domain implications and open problems

Across these literatures, the difficult case is not wholesale fabrication but selective deviation embedded in an otherwise plausible whole. In FakePartsBench, most of the video remains authentic while only localized regions or time segments are manipulated. In DelftBikes, the whole bicycle context remains consistent while the detector hallucinates a missing part. In hardware, the surrounding device and software stack may remain genuine while a single replacement component changes behavior or trust assumptions (Brison et al., 28 Aug 2025, Kayhan et al., 2021, Shwartz et al., 2018).

This suggests a broader research pattern: authenticity failures become especially hard to detect when system-level context is preserved and only part-level evidence is altered. The current literature responds with finer-grained supervision and evaluation. Partial deepfake detection adds frame- and pixel-level annotations; visual verification replaces generic AP with MΩ×{1,,T}M \subset \Omega \times \{1,\ldots,T\}5, MΩ×{1,,T}M \subset \Omega \times \{1,\ldots,T\}6, and MΩ×{1,,T}M \subset \Omega \times \{1,\ldots,T\}7; counterfeit-part screening uses per-part current, SRAM startup asymmetry, PUF challenge–response records, or quasi-identifier hashes rather than relying on superficial markings (Brison et al., 28 Aug 2025, Kayhan et al., 2021, Williams et al., 2020, Aniello et al., 2019, Tripathi et al., 2023).

Several open questions recur. FakePartsBench does not fix train/val/test splits and flags systematic variation of manipulated area MΩ×{1,,T}M \subset \Omega \times \{1,\ldots,T\}8, compression, lighting, and motion as future directions. DelftBikes implicates positional and contextual priors but does not isolate them experimentally beyond the reported analyses. Silicon Dating depends on access to raw SRAM power-on states and degrades when workloads are highly unbiased. Blockchain-plus-PUF systems remain vulnerable to stage-0 tampering before enrollment. These limitations indicate that part-level authenticity remains a methodological frontier rather than a solved problem (Brison et al., 28 Aug 2025, Kayhan et al., 2021, Williams et al., 2020, Aniello et al., 2019).

The term “FakeParts” therefore names more than one phenomenon, but in each usage it directs attention to the same technical boundary: authenticity is often decided locally, at the level of parts, while plausibility is maintained globally.

Topic to Video (Beta)

No one has generated a video about this topic yet.

Whiteboard

No one has generated a whiteboard explanation for this topic yet.

Follow Topic

Get notified by email when new papers are published related to FakeParts.