Cyber Vaccine for Deepfake Immunity
Ching-Chun Chang, Huy Hong Nguyen, Junichi Yamagishi, Isao Echizen
TL;DR
Deepfakes threaten content integrity beyond detection, with restoration remaining underexplored. The paper introduces a cyber vaccination framework comprising a vaccinator, neutraliser, validator, and adversary, and uses a single, aggressive mask-based attack to achieve attack-agnostic restoration under limited resources. Results show perceptually imperceptible vaccination and effective neutralisation across mask-dependent and many mask-independent deepfakes, with strong automatic validation and robustness under common distortions; limitations include color tone mismatches and reduced reversibility for large pose changes. This work offers a practical, scalable defense pathway toward restoring authentic content in the face of evolving deepfake threats.
Abstract
Deepfakes pose an evolving threat to cybersecurity, which calls for the development of automated countermeasures. While considerable forensic research has been devoted to the detection and localisation of deepfakes, solutions for reversing fake to real are yet to be developed. In this study, we introduce cyber vaccination for conferring immunity to deepfakes. Analogous to biological vaccination that injects antigens to induce immunity prior to infection by an actual pathogen, cyber vaccination simulates deepfakes and performs adversarial training to build a defensive immune system. Aiming at building up attack-agnostic immunity with limited computational resources, we propose to simulate various deepfakes with one single overpowered attack: face masking. The proposed immune system consists of a vaccinator for inducing immunity and a neutraliser for recovering facial content. Experimental evaluations demonstrate effective immunity to face replacement, face reenactment and various types of corruptions.