2D-Malafide: Adversarial Attacks Against Face Deepfake Detection Systems
This work addresses the vulnerability of deepfake detection systems to adversarial attacks, which is an incremental advancement in security for digital media applications.
The paper tackled the problem of deceiving face deepfake detection systems by introducing 2D-Malafide, a lightweight adversarial attack using 2D convolutional filters, which significantly degraded the performance of state-of-the-art detectors in experiments on the FaceForensics++ dataset.
We introduce 2D-Malafide, a novel and lightweight adversarial attack designed to deceive face deepfake detection systems. Building upon the concept of 1D convolutional perturbations explored in the speech domain, our method leverages 2D convolutional filters to craft perturbations which significantly degrade the performance of state-of-the-art face deepfake detectors. Unlike traditional additive noise approaches, 2D-Malafide optimises a small number of filter coefficients to generate robust adversarial perturbations which are transferable across different face images. Experiments, conducted using the FaceForensics++ dataset, demonstrate that 2D-Malafide substantially degrades detection performance in both white-box and black-box settings, with larger filter sizes having the greatest impact. Additionally, we report an explainability analysis using GradCAM which illustrates how 2D-Malafide misleads detection systems by altering the image areas used most for classification. Our findings highlight the vulnerability of current deepfake detection systems to convolutional adversarial attacks as well as the need for future work to enhance detection robustness through improved image fidelity constraints.