Hiding Faces in Plain Sight: Disrupting AI Face Synthesis with Adversarial Perturbations
This work addresses the defense against fake face synthesis for individuals, though it is incremental as it builds on existing adversarial attack methods.
The paper tackles the problem of AI-synthesized fake faces by developing adversarial perturbations to disrupt face detection, reducing detection quality under various attack settings.
Recent years have seen fast development in synthesizing realistic human faces using AI technologies. Such fake faces can be weaponized to cause negative personal and social impact. In this work, we develop technologies to defend individuals from becoming victims of recent AI synthesized fake videos by sabotaging would-be training data. This is achieved by disrupting deep neural network (DNN) based face detection method with specially designed imperceptible adversarial perturbations to reduce the quality of the detected faces. We describe attacking schemes under white-box, gray-box and black-box settings, each with decreasing information about the DNN based face detectors. We empirically show the effectiveness of our methods in disrupting state-of-the-art DNN based face detectors on several datasets.