Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Adversarial Magnification to Deceive Deepfake Detection through Super Resolution

Davide Alessandro Coccomini, Roberto Caldelli, Giuseppe Amato, Fabrizio Falchi, Claudio Gennaro

TL;DR

The paper addresses the vulnerability of deepfake detectors to adversarial manipulation by introducing a model-agnostic, black-box attack that uses super-resolution to camouflage manipulated content. The SR attack downscales facial regions by a factor $K$ and restores them with an SR model (e.g., EDSR) before reinsertion, requiring no detector-specific knowledge and targeting the face region via MTCNN. Experiments on FaceForensics++ across ResNet50, Swin-Small, and XceptionNet show the attack can raise the False Negative Rate by up to $18\%$ and the False Positive Rate on pristine images by up to $14\%$, while reducing the AUC across detectors. The results highlight a practical vulnerability in deepfake detection systems and underscore the need for robustness against SR-based adversarial attacks, with code provided for reproducibility.

Abstract

Deepfake technology is rapidly advancing, posing significant challenges to the detection of manipulated media content. Parallel to that, some adversarial attack techniques have been developed to fool the deepfake detectors and make deepfakes even more difficult to be detected. This paper explores the application of super resolution techniques as a possible adversarial attack in deepfake detection. Through our experiments, we demonstrate that minimal changes made by these methods in the visual appearance of images can have a profound impact on the performance of deepfake detection systems. We propose a novel attack using super resolution as a quick, black-box and effective method to camouflage fake images and/or generate false alarms on pristine images. Our results indicate that the usage of super resolution can significantly impair the accuracy of deepfake detectors, thereby highlighting the vulnerability of such systems to adversarial attacks. The code to reproduce our experiments is available at: https://github.com/davide-coccomini/Adversarial-Magnification-to-Deceive-Deepfake-Detection-through-Super-Resolution

Adversarial Magnification to Deceive Deepfake Detection through Super Resolution

TL;DR

The paper addresses the vulnerability of deepfake detectors to adversarial manipulation by introducing a model-agnostic, black-box attack that uses super-resolution to camouflage manipulated content. The SR attack downscales facial regions by a factor and restores them with an SR model (e.g., EDSR) before reinsertion, requiring no detector-specific knowledge and targeting the face region via MTCNN. Experiments on FaceForensics++ across ResNet50, Swin-Small, and XceptionNet show the attack can raise the False Negative Rate by up to and the False Positive Rate on pristine images by up to , while reducing the AUC across detectors. The results highlight a practical vulnerability in deepfake detection systems and underscore the need for robustness against SR-based adversarial attacks, with code provided for reproducibility.

Abstract

Deepfake technology is rapidly advancing, posing significant challenges to the detection of manipulated media content. Parallel to that, some adversarial attack techniques have been developed to fool the deepfake detectors and make deepfakes even more difficult to be detected. This paper explores the application of super resolution techniques as a possible adversarial attack in deepfake detection. Through our experiments, we demonstrate that minimal changes made by these methods in the visual appearance of images can have a profound impact on the performance of deepfake detection systems. We propose a novel attack using super resolution as a quick, black-box and effective method to camouflage fake images and/or generate false alarms on pristine images. Our results indicate that the usage of super resolution can significantly impair the accuracy of deepfake detectors, thereby highlighting the vulnerability of such systems to adversarial attacks. The code to reproduce our experiments is available at: https://github.com/davide-coccomini/Adversarial-Magnification-to-Deceive-Deepfake-Detection-through-Super-Resolution
Paper Structure (14 sections, 3 figures, 3 tables)

This paper contains 14 sections, 3 figures, 3 tables.

Table of Contents

  1. Introduction
  2. Related Works
  3. Deepfake Generation and Detection
  4. Adversarial Attacks
  5. Super Resolution
  6. The proposed attack
  7. Experiments
  8. Dataset
  9. Experimental Setup
  10. Results
  11. Impact of Super Resolution on Deepfake Detection
  12. Visual Impact Analysis
  13. Qualitative Evaluation
  14. Conclusions

Figures (3)

  • Figure 1: SR attack pipeline: pre-processing and attack phases. The face size is reduced by a factor $K$, then restored to its original resolution using a SR algorithm and pasted back onto the source frame.
  • Figure 2: ROC curves on FF++ dataset for the three considered models.
  • Figure 3: Examples of fake images that are correctly detected by a Resnet50-based deepfake detector but not detected when the SR attack is applied.