Skip to main content
SpringerLink
Log in

Adversarial Attack on Deepfake Detection Using RL Based Texture Patches

  • Conference paper
  • First Online:
Book cover Computer Vision – ECCV 2020 Workshops (ECCV 2020)

Part of the book series: Lecture Notes in Computer Science ((LNIP,volume 12535))

Included in the following conference series:

Abstract

The advancements in GANs have made creating deepfake videos a relatively easy task. Considering the threat that deepfake videos pose for manipulating political opinion, recent research has focused on ways to better detect deepfake videos. Even though researchers have had some success in detecting deepfake videos, it has been found that these detection systems can be attacked.

The key contributions of this paper are (a) a deepfake dataset created using a commercial website, (b) validation of the efficacy of DeepExplainer and heart rate detection from the face for differentiating real faces from adversarial attacks, and (c) the proposal of an attack on the FaceForensics++ deepfake detection system using a state-of-the-art reinforcement learning-based texture patch attack. To the best of our knowledge, we are the first to successfully attack FaceForensics++ on our commercial deepfake dataset and DeepfakeTIMIT dataset.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Deepfakes web. https://deepfakesweb.com/. Accessed 20 July 2019

  2. Heart-rate-measurement-using-camera. https://github.com/habom2310/Heart-rate-measurement-using-camera. Accessed 30 Apr 2020

  3. Jetson AGX Xavier. https://developer.nvidia.com/embedded/jetson-agx-xavier-developer-kit. Accessed 30 Mar 2020

  4. OpenCV AI Kit. https://opencv.org/introducing-oak-spatial-ai-powered-by-opencv. Accessed 30 June 2020

  5. Afchar, D., Nozick, V., Yamagishi, J., Echizen, I.: MesoNet: a compact facial video forgery detection network. In: 2018 IEEE International Workshop on Information Forensics and Security (WIFS), pp. 1–7. IEEE (2018)

    Google Scholar 

  6. Agarwal, A., Singh, R., Vatsa, M., Noore, A.: Swapped! Digital face presentation attack detection via weighted local magnitude pattern. In: 2017 IEEE International Joint Conference on Biometrics (IJCB), pp. 659–665. IEEE (2017)

    Google Scholar 

  7. Amerini, I., Ballan, L., Caldelli, R., Del Bimbo, A., Serra, G.: A sift-based forensic method for copy-move attack detection and transformation recovery. IEEE Trans. Inf. Forensics Secur. 6(3), 1099–1110 (2011)

    Article  Google Scholar 

  8. Amerini, I., Galteri, L., Caldelli, R., Del Bimbo, A.: Deepfake video detection through optical flow based CNN. In: Proceedings of the IEEE/CVF International Conference on Computer Vision (ICCV) Workshops, October 2019

    Google Scholar 

  9. Balakrishnan, G., Durand, F., Guttag, J.: Detecting pulse from head motions in video. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 3430–3437 (2013)

    Google Scholar 

  10. Bobbia, S., Macwan, R., Benezeth, Y., Mansouri, A., Dubois, J.: Unsupervised skin tissue segmentation for remote photoplethysmography. Pattern Recogn. Lett. 124, 82–90 (2019)

    Article  Google Scholar 

  11. Choi, Y., Choi, M., Kim, M., Ha, J.W., Kim, S., Choo, J.: StarGAN: unified generative adversarial networks for multi-domain image-to-image translation. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 8789–8797 (2018)

    Google Scholar 

  12. Chollet, F.: Xception: deep learning with depthwise separable convolutions. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1251–1258 (2017)

    Google Scholar 

  13. Ciftci, U.A., Demir, I.: Fakecatcher: detection of synthetic portrait videos using biological signals. arXiv preprint arXiv:1901.02212 (2019)

  14. Cohen, J.M., Rosenfeld, E., Kolter, J.Z.: Certified adversarial robustness via randomized smoothing. arXiv preprint arXiv:1902.02918 (2019)

  15. Creswell, A., White, T., Dumoulin, V., Arulkumaran, K., Sengupta, B., Bharath, A.A.: Generative adversarial networks: an overview. IEEE Signal Process. Mag. 35(1), 53–65 (2018)

    Article  Google Scholar 

  16. Erichson, N.B., Yao, Z., Mahoney, M.W.: JumpReLU: a retrofit defense strategy for adversarial attacks. CoRR abs/1904.03750 (2019)

    Google Scholar 

  17. Feng, L., Po, L.M., Xu, X., Li, Y., Ma, R.: Motion-resistant remote imaging photoplethysmography based on the optical properties of skin. IEEE Trans. Circuits Syst. Video Technol. 25(5), 879–891 (2014)

    Article  Google Scholar 

  18. Fernandes, S., et al.: Detecting deepfake videos using attribution-based confidence metric. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) Workshops, June 2020

    Google Scholar 

  19. Fernandes, S., et al.: Predicting heart rate variations of deepfake videos using neural ode. In: Proceedings of the IEEE International Conference on Computer Vision Workshops (2019)

    Google Scholar 

  20. Guarnera, L., Giudice, O., Battiato, S.: Deepfake detection by analyzing convolutional traces. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) Workshops, June 2020

    Google Scholar 

  21. He, Z., Zuo, W., Kan, M., Shan, S., Chen, X.: AttGAN: facial attribute editing by only changing what you want. IEEE Trans. Image Process. 28(11), 5464–5478 (2019)

    Article  MathSciNet  Google Scholar 

  22. Hochreiter, S., Schmidhuber, J.: Long short-term memory. Neural Comput. 9(8), 1735–1780 (1997)

    Article  Google Scholar 

  23. Hu, S., Yu, T., Guo, C., Chao, W.L., Weinberger, K.Q.: A new defense against adversarial images: turning a weakness into a strength. In: Advances in Neural Information Processing Systems, pp. 1635–1646 (2019)

    Google Scholar 

  24. Khalid, H., Woo, S.S.: OC-FakeDect: classifying deepfakes using one-class variational autoencoder. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) Workshops, June 2020

    Google Scholar 

  25. Khodabakhsh, A., Ramachandra, R., Raja, K., Wasnik, P., Busch, C.: Fake face detection methods: can they be generalized? In: 2018 International Conference of the Biometrics Special Interest Group (BIOSIG), pp. 1–6. IEEE (2018)

    Google Scholar 

  26. Korshunov, P., Marcel, S.: DeepFakes: a new threat to face recognition? assessment and detection. CoRR abs/1812.08685. arXiv preprint arXiv:1812.08685 (2018)

  27. Kurakin, A., Goodfellow, I., Bengio, S.: Adversarial machine learning at scale. arXiv preprint arXiv:1611.01236 (2016)

  28. Lecuyer, M., Atlidakis, V., Geambasu, R., Hsu, D., Jana, S.: Certified robustness to adversarial examples with differential privacy. In: 2019 IEEE Symposium on Security and Privacy (SP), pp. 656–672. IEEE (2019)

    Google Scholar 

  29. Li, B., Chen, C., Wang, W., Carin, L.: Certified adversarial robustness with additive noise. In: Wallach, H., Larochelle, H., Beygelzimer, A., d’ Alché-Buc, F., Fox, E., Garnett, R. (eds.) Advances in Neural Information Processing Systems, vol. 32, pp. 9464–9474. Curran Associates, Inc. (2019). http://papers.nips.cc/paper/9143-certified-adversarial-robustness-with-additive-noise.pdf

  30. Li, Y., Yang, X., Sun, P., Qi, H., Lyu, S.: Celeb-DF: a large-scale challenging dataset for deepfake forensics. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 3207–3216 (2020)

    Google Scholar 

  31. de Lima, O., Franklin, S., Basu, S., Karwoski, B., George, A.: Deepfake detection using spatiotemporal convolutional networks. arXiv preprint arXiv:2006.14749 (2020)

  32. Liu, M., et al.: StGAN: a unified selective transfer network for arbitrary image attribute editing. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 3673–3682 (2019)

    Google Scholar 

  33. Lundberg, S.M., Lee, S.I.: A unified approach to interpreting model predictions. In: Advances in Neural Information Processing Systems, pp. 4765–4774 (2017)

    Google Scholar 

  34. Maddocks, S.: ‘A deepfake porn plot intended to silence me’: exploring continuities between pornographic and political deep fakes. Porn Stud. 1–9 (2020)

    Google Scholar 

  35. Madry, A., Makelov, A., Schmidt, L., Tsipras, D., Vladu, A.: Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083 (2017)

  36. Matern, F., Riess, C., Stamminger, M.: Exploiting visual artifacts to expose deepfakes and face manipulations. In: 2019 IEEE Winter Applications of Computer Vision Workshops (WACVW), pp. 83–92. IEEE (2019)

    Google Scholar 

  37. Montserrat, D.M., et al.: Deepfakes detection with automatic face weighting. In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) Workshops, June 2020

    Google Scholar 

  38. Neekhara, P., Hussain, S., Jere, M., Koushanfar, F., McAuley, J.: Adversarial deepfakes: evaluating vulnerability of deepfake detectors to adversarial examples. arXiv preprint arXiv:2002.12749 (2020)

  39. Nguyen, H.H., Fang, F., Yamagishi, J., Echizen, I.: Multi-task learning for detecting and segmenting manipulated facial images and videos. arXiv preprint arXiv:1906.06876 (2019)

  40. Pilz, C.S., Zaunseder, S., Krajewski, J., Blazek, V.: Local group invariance for heart rate estimation from face videos in the wild. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition Workshops, pp. 1254–1262 (2018)

    Google Scholar 

  41. Popova, M.: Reading out of context: pornographic deepfakes, celebrity and intimacy. Porn Stud. 1–15 (2019)

    Google Scholar 

  42. Prakash, S.K.A., Tucker, C.S.: Bounded Kalman filter method for motion-robust, non-contact heart rate estimation. Biomed. Opt. Express 9(2), 873–897 (2018)

    Article  Google Scholar 

  43. Qi, H., et al.: DeepRhythm: exposing deepfakes with attentional visual heartbeat rhythms. arXiv preprint arXiv:2006.07634 (2020)

  44. Rossler, A., Cozzolino, D., Verdoliva, L., Riess, C., Thies, J., Nießner, M.: FaceForensics++: learning to detect manipulated facial images. In: Proceedings of the IEEE International Conference on Computer Vision, pp. 1–11 (2019)

    Google Scholar 

  45. Rouast, P.V., Adam, M.T., Chiong, R., Cornforth, D., Lux, E.: Remote heart rate measurement using low-cost RGB face video: a technical literature review. Front. Comput. Sci. 12(5), 858–872 (2018)

    Article  Google Scholar 

  46. Shapley, L.S.: A value for n-person games. In: Contributions to the Theory of Games vol. 2, no. 28, pp. 307–317 (1953)

    Google Scholar 

  47. Shrikumar, A., Greenside, P., Kundaje, A.: Learning important features through propagating activation differences. arXiv preprint arXiv:1704.02685 (2017)

  48. Suwajanakorn, S., Seitz, S.M., Kemelmacher-Shlizerman, I.: Synthesizing Obama: learning lip sync from audio. ACM Trans. Graph. (TOG) 36(4), 1–13 (2017)

    Article  Google Scholar 

  49. Szegedy, C., et al.: Going deeper with convolutions. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1–9 (2015)

    Google Scholar 

  50. Thies, J., Zollhofer, M., Stamminger, M., Theobalt, C., Nießner, M.: Face2Face: real-time face capture and reenactment of RGB videos. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 2387–2395 (2016)

    Google Scholar 

  51. Tolosana, R., Vera-Rodriguez, R., Fierrez, J., Morales, A., Ortega-Garcia, J.: DeepFakes and beyond: a survey of face manipulation and fake detection. arXiv preprint arXiv:2001.00179 (2020)

  52. Wu, H.Y., Rubinstein, M., Shih, E., Guttag, J., Durand, F., Freeman, W.: Eulerian video magnification for revealing subtle changes in the world (2012)

    Google Scholar 

  53. Yang, C., Kortylewski, A., Xie, C., Cao, Y., Yuille, A.: PatchAttack: a black-box texture-based attack with reinforcement learning. arXiv preprint arXiv:2004.05682 (2020)

  54. Zhao, C., Lin, C.L., Chen, W., Li, Z.: A novel framework for remote photoplethysmography pulse extraction on compressed videos. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition Workshops, pp. 1299–1308 (2018)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Creighton University, Omaha, NE, 68131, USA

    Steven Lawrence Fernandes

  2. University of Texas at San Antonio, San Antonio, TX, 78249, USA

    Sumit Kumar Jha

Authors
  1. Steven Lawrence Fernandes
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sumit Kumar Jha
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Steven Lawrence Fernandes .

Editor information

Editors and Affiliations

  1. University of Clermont Auvergne, Clermont Ferrand, France

    Adrien Bartoli

  2. Università degli Studi di Udine, Udine, Italy

    Andrea Fusiello

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Fernandes, S.L., Jha, S.K. (2020). Adversarial Attack on Deepfake Detection Using RL Based Texture Patches. In: Bartoli, A., Fusiello, A. (eds) Computer Vision – ECCV 2020 Workshops. ECCV 2020. Lecture Notes in Computer Science(), vol 12535. Springer, Cham. https://doi.org/10.1007/978-3-030-66415-2_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-66415-2_14

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-66414-5

  • Online ISBN: 978-3-030-66415-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation