Detecting Face Synthesis Using a Concealed Fusion Model
Roberto Leyva, Victor Sanchez, Gregory Epiphaniou, Carsten Maple
TL;DR
Addressing the rising threat of face image synthesis to biometric authentication, the paper develops a detection framework that is resilient to adversarial manipulation. It introduces conceal-features fusion, combining a bank of $K$ models whose outputs are projected with a random polynomial mapping $\rho$ using a secret key to form $\hat{X}_\rho$ of dimension $2K$, then classified by a Bayesian model with two FC layers to yield a real/vs fake score. Key contributions include maintaining a non-quantized feature space, achieving competitive detection accuracy with limited training data, and demonstrating robustness against poisoning, perturbation, backdoor, and reverse-model attacks. The approach enhances practical security for face-validation systems, with future work aimed at cross-dataset evaluation and stronger defenses.
Abstract
Face image synthesis is gaining more attention in computer security due to concerns about its potential negative impacts, including those related to fake biometrics. Hence, building models that can detect the synthesized face images is an important challenge to tackle. In this paper, we propose a fusion-based strategy to detect face image synthesis while providing resiliency to several attacks. The proposed strategy uses a late fusion of the outputs computed by several undisclosed models by relying on random polynomial coefficients and exponents to conceal a new feature space. Unlike existing concealing solutions, our strategy requires no quantization, which helps to preserve the feature space. Our experiments reveal that our strategy achieves state-of-the-art performance while providing protection against poisoning, perturbation, backdoor, and reverse model attacks.