Evasion Attack on Deepfake Detection via DCT Trace Manipulation
Luca Guarnera1, Francesco Guarnera1, Alessandro Ortis1, Sebastiano Battiato1, Giovanni Puglisi2
1 Department of Mathematics and Computer Science, University of Catania, Italy
2 Department of Mathematics and Computer Science, University of Cagliari, Italy
luca.guarnera@unict.it, francesco.guarnera@unict.it, alessandro.ortis@unict.it, sebastiano.battiato@unict.it, puglisi@unica.it
ICPR 2024 International Workshops and Challenges
Proposed pipeline. First (1), the overall statistics (in mean) of the real dataset are extracted using DCT. Then, given a deepfake image as input (2), the DCT is applied followed by the histogram matching algorithm. Finally, the adversarial deepfake image is reconstructed through IDCT. The latter is given as input to the machine learning classifiers with the aim of obtaining a misclassification, i.e., real.
ABSTRACT
In the last years, lots of approaches devoted to recognize fake images have been developed. Some of them, exploiting traces left in the frequency domain by the fake image generators, were able to achieve satisfactory results also employing simple classifiers. In this paper, a novel white-box evasion attack was introduced to deceive a specific class of frequency-based deepfake detectors exploiting DCT (Discrete Cosine Transform) features. Specifically, statistics computed from the distribution of the AC frequencies computed from fake images are aligned to the corresponding values extracted from authentic images. The robustness of both classical and state-of-the-art DCT-based classifiers has been tested with respect to the proposed attack considering fake images generated by Generative Adversarial Networks and Diffusion Models.
|
Download Paper |
