Dodging DeepFake Detection via Implicit Spatial-Domain Notch Filtering

View on arXiv ← Back to list

Authors: Yihao Huang, Felix Juefei-Xu, Qing Guo, Yang Liu, Geguang Pu

Published: 2020-09-19 11:26:01+00:00

AI Summary

This paper introduces DeepNotch, a method for creating detection-evasive deepfakes by implicitly performing spatial-domain notch filtering. DeepNotch adds noise to deepfake images to disrupt artifact patterns, then uses deep image filtering to reconstruct high-fidelity images that are less detectable by state-of-the-art deepfake detection methods.

Abstract

The current high-fidelity generation and high-precision detection of DeepFake images are at an arms race. We believe that producing DeepFakes that are highly realistic and 'detection evasive' can serve the ultimate goal of improving future generation DeepFake detection capabilities. In this paper, we propose a simple yet powerful pipeline to reduce the artifact patterns of fake images without hurting image quality by performing implicit spatial-domain notch filtering. We first demonstrate that frequency-domain notch filtering, although famously shown to be effective in removing periodic noise in the spatial domain, is infeasible for our task at hand due to the manual designs required for the notch filters. We, therefore, resort to a learning-based approach to reproduce the notch filtering effects, but solely in the spatial domain. We adopt a combination of adding overwhelming spatial noise for breaking the periodic noise pattern and deep image filtering to reconstruct the noise-free fake images, and we name our method DeepNotch. Deep image filtering provides a specialized filter for each pixel in the noisy image, producing filtered images with high fidelity compared to their DeepFake counterparts. Moreover, we also use the semantic information of the image to generate an adversarial guidance map to add noise intelligently. Our large-scale evaluation on 3 representative state-of-the-art DeepFake detection methods (tested on 16 types of DeepFakes) has demonstrated that our technique significantly reduces the accuracy of these 3 fake image detection methods, 36.79% on average and up to 97.02% in the best case.

Key findings

DeepNotch significantly reduces the accuracy of three state-of-the-art deepfake detection methods (GANFingerprint, DCTA, CNNDetector), achieving an average reduction of 36.79% and up to 97.02% in the best case. The reconstructed images maintain high fidelity compared to their original deepfake counterparts.

Approach

DeepNotch uses a two-step process: first, it adds noise (random or adversarial) to the deepfake image to break periodic artifact patterns. Second, it employs deep image filtering to reconstruct the image while removing the added noise, resulting in a high-fidelity image with reduced detectable artifacts.

Datasets

CelebA, LSUN, FFHQ; Deepfake images generated using 16 different GAN-based methods (ProGAN, SNGAN, CramerGAN, MMDGAN, StyleGAN, BigGAN, CycleGAN, StarGAN, GauGAN, CRN, IMLE, SITD, SAN, DeepFakes, StyleGAN2, Whichfaceisreal)

Model(s)

UNet-like network for deep image filtering; KPN (Kernel Prediction Networks) used as the specific deep image filtering method; ResNet50 for training a simple deepfake detector used in the adversarial attack.

Author countries

Singapore, USA, China

← Previous