Making Generated Images Hard To Spot: A Transferable Attack On Synthetic Image Detectors
This addresses the misinformation threat from GAN-generated images by making detection harder, but it is incremental as it builds on existing adversarial attack methods.
The paper tackles the problem of synthetic image detectors being vulnerable to adversarial attacks by proposing a new anti-forensic attack that uses an adversarially trained generator to fool detectors, achieving transferability and outperforming other attacks by fooling eight state-of-the-art CNNs with images from seven GANs.
Visually realistic GAN-generated images have recently emerged as an important misinformation threat. Research has shown that these synthetic images contain forensic traces that are readily identifiable by forensic detectors. Unfortunately, these detectors are built upon neural networks, which are vulnerable to recently developed adversarial attacks. In this paper, we propose a new anti-forensic attack capable of fooling GAN-generated image detectors. Our attack uses an adversarially trained generator to synthesize traces that these detectors associate with real images. Furthermore, we propose a technique to train our attack so that it can achieve transferability, i.e. it can fool unknown CNNs that it was not explicitly trained against. We evaluate our attack through an extensive set of experiments, where we show that our attack can fool eight state-of-the-art detection CNNs with synthetic images created using seven different GANs, and outperform other alternative attacks.