My Face Is Mine, Not Yours: Facial Protection Against Diffusion Model Face Swapping
Hon Ming Yam, Zhongliang Guo, Chun Pong Lau
TL;DR
This work addresses the privacy risks posed by diffusion-based face swapping by proposing a proactive adversarial defense. It introduces a latent-space perturbation framework that combines a face identity loss with an inference-step averaging technique to produce robust, memory-efficient protections against diffusion models. The method demonstrates robustness across diverse diffusion-based face swapping pipelines and against purification defenses, while preserving image quality. Experimental results on CelebA-HQ with StableDiffusion and ArcFace indicate substantial disruption of identity transfer and transferability to unseen models like REFace, underscoring practical benefits for facial privacy protection.
Abstract
The proliferation of diffusion-based deepfake technologies poses significant risks for unauthorized and unethical facial image manipulation. While traditional countermeasures have primarily focused on passive detection methods, this paper introduces a novel proactive defense strategy through adversarial attacks that preemptively protect facial images from being exploited by diffusion-based deepfake systems. Existing adversarial protection methods predominantly target conventional generative architectures (GANs, AEs, VAEs) and fail to address the unique challenges presented by diffusion models, which have become the predominant framework for high-quality facial deepfakes. Current diffusion-specific adversarial approaches are limited by their reliance on specific model architectures and weights, rendering them ineffective against the diverse landscape of diffusion-based deepfake implementations. Additionally, they typically employ global perturbation strategies that inadequately address the region-specific nature of facial manipulation in deepfakes.