Skip to main content
SpringerLink
Log in

Adversarial Attacks on Deepfake Detectors: A Practical Analysis

  • Conference paper
  • First Online:
MultiMedia Modeling (MMM 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13142))

Included in the following conference series:

Abstract

In this day and age, fake images can be easily generated using some of the state-of-the-art Generative Adversarial Networks (GANs), including Deepfake. These fake images, along with unfactual content, can pose a substantial threat to our society since they are indistinguishable from real ones by the human eye. Therefore, Deepfake detection has gained immense interest in academia and industry. In practice, most detection methods use simple deep neural networks (DNNs) as the backbone. However, they are vulnerable to adversarial examples. This work presents practical pipelines in both white-box and black-box attack scenarios that can fool DNN-based Deepfake detectors into classifying fake images as real. We show that adversarial attacks can be a real threat to Deepfake detectors, even in a black-box setting. We also analyze the transferability of the white-box attacks from one model to another. Then, defensive perspectives are considered based on the practical context.

N. H. Vo and K. D. Phan—Equal contribution.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. http://cvlab.cse.msu.edu/dffd-diverse-fake-face-dataset.html

  2. I never said that! High-tech deception of ‘deepfake’ videos, July 2018. https://www.cbsnews.com/news/i-never-said-that-high-tech-deception-of-deepfake-videos/

  3. FakeApp 2.2.0 - download for PC free, March 2019. https://www.malavida.com/en/soft/fakeapp/#gref

  4. Athalye, A., Engstrom, L., Ilyas, A., Kwok, K.: Synthesizing robust adversarial examples. In: International Conference on Machine Learning, pp. 284–293. PMLR (2018)

    Google Scholar 

  5. Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks. In: 2017 IEEE Symposium on Security and Privacy (SP), pp. 39–57. IEEE (2017)

    Google Scholar 

  6. Citron, D., Chesney, R.: Deepfakes and the new disinformation war, June 2020. https://www.foreignaffairs.com/articles/world/2018-12-11/deepfakes-and-new-disinformation-war

  7. Vaccari, C., Chadwick, A.: Deepfakes and disinformation: exploring the impact of synthetic political video on deception, uncertainty, and trust in news (2020). https://journals.sagepub.com/doi/full/10.1177/2056305120903408

  8. Dickson, B.: Adversarial attacks against machine learning systems - everything you need to know, June 2020. https://portswigger.net/daily-swig/adversarial-attacks-against-machine-learning-systems-everything-you-need-to-know

  9. Dziugaite, G.K., Ghahramani, Z., Roy, D.M.: A study of the effect of JPG compression on adversarial images. arXiv preprint arXiv:1608.00853 (2016)

  10. Goodfellow, I., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. CoRR arXiv:1412.6572 (2015)

  11. Guo, C., Gardner, J., You, Y., Wilson, A.G., Weinberger, K.: Simple black-box adversarial attacks. In: International Conference on Machine Learning, pp. 2484–2493. PMLR (2019)

    Google Scholar 

  12. Hussain, S., Neekhara, P., Jere, M., Koushanfar, F., McAuley, J.: Adversarial Deepfakes: evaluating vulnerability of Deepfake detectors to adversarial examples. In: Proceedings of the IEEE/CVF Winter Conference on Applications of Computer Vision, pp. 3348–3357 (2021)

    Google Scholar 

  13. Goodfellow, I., Bengio, Y., Courville, A.: Deep Learning. MIT Press (2016). http://www.deeplearningbook. [org. 1, 2]

  14. Ilyas, A., Engstrom, L., Athalye, A., Lin, J.: Black-box adversarial attacks with limited queries and information. In: International Conference on Machine Learning, pp. 2137–2146. PMLR (2018)

    Google Scholar 

  15. Juefei-Xu, F., Wang, R., Huang, Y., Guo, Q., Ma, L., Liu, Y.: Countering malicious Deepfakes: survey, battleground, and horizon. ArXiv arXiv:2103.00218 (2021)

  16. Karras, T., Laine, S., Aila, T.: A style-based generator architecture for generative adversarial networks. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 4401–4410 (2019)

    Google Scholar 

  17. Kurakin, A., Goodfellow, I., Bengio, S., et al.: Adversarial examples in the physical world (2016)

    Google Scholar 

  18. Li, H., Li, B., Tan, S., Huang, J.: Identification of deep network generated images using disparities in color components. Signal Process. 174, 107616 (2020)

    Article  Google Scholar 

  19. Metz, R.: The fight to stay ahead of Deepfake videos before the 2020 us election, June 2019. https://edition.cnn.com/2019/06/12/tech/deepfake-2020-detection/index.html

  20. Moosavi-Dezfooli, S.M., Fawzi, A., Frossard, P.: DeepFool: a simple and accurate method to fool deep neural networks. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 2574–2582 (2016)

    Google Scholar 

  21. Neekhara, P., Dolhansky, B., Bitton, J., Ferrer, C.C.: Adversarial threats to DeepFake detection: a practical perspective. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 923–932 (2021)

    Google Scholar 

  22. Neekhara, P., Hussain, S.S., Jere, M., Koushanfar, F., McAuley, J.: Adversarial Deepfakes: evaluating vulnerability of DeepFake detectors to adversarial examples. In: 2021 IEEE Winter Conference on Applications of Computer Vision (WACV), pp. 3347–3356 (2021)

    Google Scholar 

  23. NVlabs: Nvlabs/FFHQ-dataset: Flickr-Faces-HQ dataset (FFHQ). https://github.com/NVlabs/ffhq-dataset

  24. Rössler, A., Cozzolino, D., Verdoliva, L., Riess, C., Thies, J., Nießner, M.: FaceForensics++: learning to detect manipulated facial images. In: 2019 IEEE/CVF International Conference on Computer Vision (ICCV), pp. 1–11 (2019)

    Google Scholar 

  25. Wierstra, D., Schaul, T., Glasmachers, T., Sun, Y., Peters, J., Schmidhuber, J.: Natural evolution strategies. J. Mach. Learn. Res. 15(1), 949–980 (2014)

    MathSciNet  MATH  Google Scholar 

  26. Xuan, X., Peng, B., Dong, J., Wang, W.: On the generalization of GAN image forensics. ArXiv arXiv:1902.11153 (2019)

Download references

Acknowledgement

The assistance provided by Assoc. Prof. Minh-Triet Tran was greatly appreciated. This work was supported by MediaFutures: Research Centre for Responsible Media Technology and Innovation, Norway, through the Centres for Research-based Innovation scheme, project number 309339.

Author information

Authors and Affiliations

  1. Faculty of Information Technology, University of Science, Ho Chi Minh City, Vietnam

    Ngan Hoang Vo, Khoa D. Phan & Anh-Duy Tran

  2. Vietnam National University, Ho Chi Minh City, Vietnam

    Ngan Hoang Vo, Khoa D. Phan & Anh-Duy Tran

  3. University of Bergen, Bergen, Norway

    Duc-Tien Dang-Nguyen

  4. Kristiania University College, Oslo, Norway

    Duc-Tien Dang-Nguyen

Authors
  1. Ngan Hoang Vo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Khoa D. Phan
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Anh-Duy Tran
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Duc-Tien Dang-Nguyen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ngan Hoang Vo .

Editor information

Editors and Affiliations

  1. IT University of Copenhagen, Copenhagen, Denmark

    Björn Þór Jónsson

  2. Dublin City University, Dublin, Ireland

    Cathal Gurrin

  3. University of Science, VNU-HCM, Ho Chi Minh City, Vietnam

    Minh-Triet Tran

  4. University of Bergen, Bergen, Norway

    Duc-Tien Dang-Nguyen

  5. National Tsing Hua University, Hsinchu, Taiwan

    Anita Min-Chun Hu

  6. Hanoi University of Science and Technology, Hanoi, Vietnam

    Binh Huynh Thi Thanh

  7. Median Technologies, Valbonne, France

    Benoit Huet

Rights and permissions

Reprints and permissions

Copyright information

© 2022 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Vo, N.H., Phan, K.D., Tran, AD., Dang-Nguyen, DT. (2022). Adversarial Attacks on Deepfake Detectors: A Practical Analysis. In: Þór Jónsson, B., et al. MultiMedia Modeling. MMM 2022. Lecture Notes in Computer Science, vol 13142. Springer, Cham. https://doi.org/10.1007/978-3-030-98355-0_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-98355-0_27

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-98354-3

  • Online ISBN: 978-3-030-98355-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation