Deepfake Forensics via An Adversarial Game
This work addresses the challenge of reliable deepfake detection for security and media integrity, but it is incremental as it builds on existing adversarial training methods.
The paper tackles the problem of poor generalization in deepfake detection models to unseen forgery technologies and image/video qualities by proposing adversarial training with pixel-wise Gaussian blurring to force models to learn more discriminative features, showing effectiveness through empirical evidence.
With the progress in AI-based facial forgery (i.e., deepfake), people are increasingly concerned about its abuse. Albeit effort has been made for training classification (also known as deepfake detection) models to recognize such forgeries, existing models suffer from poor generalization to unseen forgery technologies and high sensitivity to changes in image/video quality. In this paper, we advocate adversarial training for improving the generalization ability to both unseen facial forgeries and unseen image/video qualities. We believe training with samples that are adversarially crafted to attack the classification models improves the generalization ability considerably. Considering that AI-based face manipulation often leads to high-frequency artifacts that can be easily spotted by models yet difficult to generalize, we further propose a new adversarial training method that attempts to blur out these specific artifacts, by introducing pixel-wise Gaussian blurring models. With adversarial training, the classification models are forced to learn more discriminative and generalizable features, and the effectiveness of our method can be verified by plenty of empirical evidence. Our code will be made publicly available.