Go to DBLP homepageGenerating Optimized Universal Adversarial Watermark for Preventing Face Deepfake
Abstract: With the increasing development of deepfake in facial editing and the easy accessibility of image and video content on the internet, the security risks of spreading false personal information through social media platforms are becoming increasingly serious. The harm caused by deepfake includes spreading false information, pornography, financial fraud, privacy breaches, and security system damage. To address these security issues, it is necessary to strengthen the detection and defense of deepfake. Current research mainly focuses on the detection of deepfake images and videos. In recent years, some work has proposed using the method of generating adversarial samples to deal with the malicious operations of GAN networks in deepfake. And it has proposed different single perturbation fusion methods to generate universal adversarial watermarks that can defend against modifications by multiple models. However, all of these works generate single-step watermarks using gradient-based methods, which cannot accurately control the required perturbation strength, resulting in large errors and more irrelevant information compared to the original image after superimposing the watermark. To solve this problem, we propose an optimized adversarial face deepfake watermark and measure the protection success rate and defense performance of this method on single and multiple models. From the extensive experimental results, we find that the perturbation generated by the Optimization-based method can successfully generate smaller perturbations while ensuring a high protection success rate, making the adversarial samples closer to the original samples. It can also be applied to different types of models and loss functions, accurately generating perturbation strength, and has a wider range of applicability.
Loading