AntifakePrompt: Prompt-Tuned Vision-Language Models are Fake Image Detectors

TL;DR

Deepfake detectors often struggle to generalize to unseen generative models. The authors cast deepfake detection as a visual question answering task and apply soft prompt tuning to InstructBLIP, introducing a learnable pseudo-word to adapt the model with only about 4.8K trainable parameters. On 23 held-in/held-out datasets spanning diffusion, GAN, editing, and attack scenarios, AntifakePrompt achieves large accuracy gains (average unseen-domain accuracy rising from 71.06% to 92.11%), while requiring far less training data and parameters than prior methods. This work presents a data- and compute-efficient defense against deepfakes with strong cross-model generalization and provides ready-to-use resources for benchmarking and deployment.

Abstract

Deep generative models can create remarkably photorealistic fake images while raising concerns about misinformation and copyright infringement, known as deepfake threats. Deepfake detection technique is developed to distinguish between real and fake images, where the existing methods typically learn classifiers in the image domain or various feature domains. However, the generalizability of deepfake detection against emerging and more advanced generative models remains challenging. In this paper, being inspired by the zero-shot advantages of Vision-Language Models (VLMs), we propose a novel approach called AntifakePrompt, using VLMs (e.g., InstructBLIP) and prompt tuning techniques to improve the deepfake detection accuracy over unseen data. We formulate deepfake detection as a visual question answering problem, and tune soft prompts for InstructBLIP to answer the real/fake information of a query image. We conduct full-spectrum experiments on datasets from a diversity of 3 held-in and 20 held-out generative models, covering modern text-to-image generation, image editing and adversarial image attacks. These testing datasets provide useful benchmarks in the realm of deepfake detection for further research. Moreover, results demonstrate that (1) the deepfake detection accuracy can be significantly and consistently improved (from 71.06% to 92.11%, in average accuracy over unseen domains) using pretrained vision-language models with prompt tuning; (2) our superior performance is at less cost of training data and trainable parameters, resulting in an effective and efficient solution for deepfake detection. Code and models can be found at https://github.com/nctu-eva-lab/AntifakePrompt.

Figures (24)

• Figure 1: Prompt tuning on InstructBLIP dai2023instructblip for deepfake detector training. An instruction containing a pseudo-word $S_{*}$ is first converted into tokens. These tokens are converted to continuous vector representations (the “embeddings”, $v$). Then, the embedding vectors are fed into Q-former and LLM with the image features extracted by the image encoder. Finally, the embedding vectors $v_{*1}$ and $v_{*2}$ are optimized using language modeling loss, expecting the output to be "Yes" for real images and "No" for fake images.
• Figure 2: Samples for each datasets. 92.53% of images in the MS-COCO are correctly classified as real.
• Figure 3: Samples for each datasets. 91.57% of images in the Flickr30k are correctly classified as real.
• Figure 4: Samples for each datasets (Continue). 98.33% of images generated by SD2 are correctly classified as fake.
• Figure 5: Samples for each datasets (Continue). 96.17% of images generated by SD3 are correctly classified as fake.