Adversarial Magnification to Deceive Deepfake Detection through Super Resolution
This work addresses vulnerabilities in deepfake detection systems, which is crucial for security and media integrity, but it is incremental as it applies an existing technique (super resolution) to a known bottleneck.
The paper tackles the problem of deepfake detection by exploring super resolution techniques as an adversarial attack, demonstrating that minimal visual changes can significantly impair detector accuracy, with results showing a notable reduction in performance.
Deepfake technology is rapidly advancing, posing significant challenges to the detection of manipulated media content. Parallel to that, some adversarial attack techniques have been developed to fool the deepfake detectors and make deepfakes even more difficult to be detected. This paper explores the application of super resolution techniques as a possible adversarial attack in deepfake detection. Through our experiments, we demonstrate that minimal changes made by these methods in the visual appearance of images can have a profound impact on the performance of deepfake detection systems. We propose a novel attack using super resolution as a quick, black-box and effective method to camouflage fake images and/or generate false alarms on pristine images. Our results indicate that the usage of super resolution can significantly impair the accuracy of deepfake detectors, thereby highlighting the vulnerability of such systems to adversarial attacks. The code to reproduce our experiments is available at: https://github.com/davide-coccomini/Adversarial-Magnification-to-Deceive-Deepfake-Detection-through-Super-Resolution