DEEPFAKER: A Unified Evaluation Platform for Facial Deepfake and Detection Models

IF 3 4区 计算机科学 Q2 COMPUTER SCIENCE, INFORMATION SYSTEMS ACM Transactions on Privacy and Security Pub Date : 2023-11-29 DOI:10.1145/3634914
Li Wang, Xiangtao Meng, Dan Li, Xuhong Zhang, Shouling Ji, Shanqing Guo
{"title":"DEEPFAKER: A Unified Evaluation Platform for Facial Deepfake and Detection Models","authors":"Li Wang, Xiangtao Meng, Dan Li, Xuhong Zhang, Shouling Ji, Shanqing Guo","doi":"10.1145/3634914","DOIUrl":null,"url":null,"abstract":"<p>DeepFake data contains realistically manipulated faces - its abuses pose a huge threat to the security and privacy-critical applications. Intensive research from academia and industry has produced many deepfake/detection models, leading to a constant race of attack and defense. However, due to the lack of a unified evaluation platform, many critical questions on this subject remain largely unexplored. <i>(i)</i> How is the anti-detection ability of the existing deepfake models? <i>(ii)</i> How generalizable are existing detection models against different deepfake samples? <i>(iii)</i> How effective are the detection APIs provided by the cloud-based vendors? <i>(iv)</i> How evasive and transferable are adversarial deepfakes in the lab and real-world environment? <i>(v)</i> How do various factors impact the performance of deepfake and detection models? </p><p>To bridge the gap, we design and implement <monospace>DEEPFAKER</monospace>, a unified and comprehensive deepfake-detection evaluation platform. Specifically, <monospace>DEEPFAKER</monospace> has integrated 10 state-of-the-art deepfake methods and 9 representative detection methods, while providing a user-friendly interface and modular design that allows for easy integration of new methods. Leveraging <monospace>DEEPFAKER</monospace>, we conduct a large-scale empirical study of facial deepfake/detection models and draw a set of key findings: <i>(i)</i> the detection methods have poor generalization on samples generated by different deepfake methods; <i>(ii)</i> there is no significant correlation between anti-detection ability and visual quality of deepfake samples; <i>(iii)</i> the current detection APIs have poor detection performance and adversarial deepfakes can achieve about 70% ASR (attack success rate) on all cloud-based vendors, calling for an urgent need to deploy effective and robust detection APIs; <i>(iv)</i> the detection methods in the lab are more robust against transfer attacks than the detection APIs in the real-world environment; <i>(v)</i> deepfake videos may not always be more difficult to detect after video compression. We envision that <monospace>DEEPFAKER</monospace> will benefit future research on facial deepfake and detection.</p>","PeriodicalId":56050,"journal":{"name":"ACM Transactions on Privacy and Security","volume":"32 1","pages":""},"PeriodicalIF":3.0000,"publicationDate":"2023-11-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Privacy and Security","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1145/3634914","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}
引用次数: 0

Abstract

DeepFake data contains realistically manipulated faces - its abuses pose a huge threat to the security and privacy-critical applications. Intensive research from academia and industry has produced many deepfake/detection models, leading to a constant race of attack and defense. However, due to the lack of a unified evaluation platform, many critical questions on this subject remain largely unexplored. (i) How is the anti-detection ability of the existing deepfake models? (ii) How generalizable are existing detection models against different deepfake samples? (iii) How effective are the detection APIs provided by the cloud-based vendors? (iv) How evasive and transferable are adversarial deepfakes in the lab and real-world environment? (v) How do various factors impact the performance of deepfake and detection models?

To bridge the gap, we design and implement DEEPFAKER, a unified and comprehensive deepfake-detection evaluation platform. Specifically, DEEPFAKER has integrated 10 state-of-the-art deepfake methods and 9 representative detection methods, while providing a user-friendly interface and modular design that allows for easy integration of new methods. Leveraging DEEPFAKER, we conduct a large-scale empirical study of facial deepfake/detection models and draw a set of key findings: (i) the detection methods have poor generalization on samples generated by different deepfake methods; (ii) there is no significant correlation between anti-detection ability and visual quality of deepfake samples; (iii) the current detection APIs have poor detection performance and adversarial deepfakes can achieve about 70% ASR (attack success rate) on all cloud-based vendors, calling for an urgent need to deploy effective and robust detection APIs; (iv) the detection methods in the lab are more robust against transfer attacks than the detection APIs in the real-world environment; (v) deepfake videos may not always be more difficult to detect after video compression. We envision that DEEPFAKER will benefit future research on facial deepfake and detection.

查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
DEEPFAKER:人脸深度伪造和检测模型的统一评估平台
DeepFake数据包含真实操纵的人脸——它的滥用对安全和隐私关键型应用构成了巨大威胁。学术界和工业界的深入研究已经产生了许多深度伪造/检测模型,导致不断的攻击和防御竞赛。然而,由于缺乏统一的评估平台,这一主题的许多关键问题在很大程度上仍未得到探讨。(1)现有deepfake模型的抗检测能力如何?(ii)现有检测模型对不同深度伪造样本的泛化程度如何?(iii)基于云的供应商提供的检测api的有效性如何?(iv)在实验室和现实环境中,对抗性深度伪造的规避性和可转移性如何?(v)各种因素如何影响深度造假和检测模型的性能?为了弥补这一差距,我们设计并实现了DEEPFAKER,一个统一、全面的深度假检测评估平台。具体来说,DEEPFAKER集成了10种最先进的深度伪造方法和9种代表性的检测方法,同时提供了用户友好的界面和模块化设计,可以轻松集成新方法。利用DEEPFAKER,我们对人脸深度伪造/检测模型进行了大规模的实证研究,并得出了一系列关键发现:(i)检测方法对不同深度伪造方法生成的样本泛化较差;(ii) deepfake样本的抗检测能力与视觉质量之间没有显著的相关性;(iii)目前的检测api检测性能较差,对抗性深度伪造在所有基于云的供应商上可以达到70%左右的ASR(攻击成功率),迫切需要部署有效和健壮的检测api;(iv)实验室中的检测方法对传输攻击的鲁棒性比现实环境中的检测api更强;(v)经过视频压缩后,深度造假视频可能并不总是更难以检测。我们预计,DEEPFAKER将有利于未来的面部深度伪造和检测研究。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 去求助
来源期刊
ACM Transactions on Privacy and Security
ACM Transactions on Privacy and Security Computer Science-General Computer Science
CiteScore
5.20
自引率
0.00%
发文量
52
期刊介绍: ACM Transactions on Privacy and Security (TOPS) (formerly known as TISSEC) publishes high-quality research results in the fields of information and system security and privacy. Studies addressing all aspects of these fields are welcomed, ranging from technologies, to systems and applications, to the crafting of policies.
期刊最新文献
ZPredict: ML-Based IPID Side-channel Measurements ZTA-IoT: A Novel Architecture for Zero-Trust in IoT Systems and an Ensuing Usage Control Model Security Analysis of the Consumer Remote SIM Provisioning Protocol X-squatter: AI Multilingual Generation of Cross-Language Sound-squatting Toward Robust ASR System against Audio Adversarial Examples using Agitated Logit
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1