数据与模型安全 课件 第10周：深度伪造与检测

Deepfakes

and

Detection姜育刚，马兴军，吴祖煊Recap:

week9MembershipInferenceAttackDifferentialPrivacyThisWeekGeneralTampering（一般数据篡改）Deepfake（深度伪造，图像）DeepfakeVideos（深度伪造，视频）DetectionDALL·E3OpenAIText2Image,

ImageEditing…Imagen

2GoogleText2Image,

Text2VedioStableDiffusion

3StabilityAIText2Image,

ImageEditing…SignificantProgressinComputerVisionThis

person

does

not

exist,/

AnAI-generatedportraitsoldfor$432,000attheChristie‘s(2018)AIartworkwonfirstprizeinartcompetition.(2022)Theresolutionandfidelityofgeneratedfaceimagesareconstantlyimproving.20192021SignificantProgressinComputerVisionGenerateanimageusingthefirstparagraphof"OneHundredYearsofSolitude"

(2021)DaLL·E2（2022）Generateanimagebasedontext:“Ihave

alwayswantedtobeacoolpandaridingaskateboardinSantaMonica.”Imagic（2022）Editimageswithtext.SignificantProgressinComputerVisionDataTamperingandForgeryDefinition：Tamperimagesandvideoswithvarietyoftechniques,suchasdeepfakes.Accordingtothecontentandtypeofthetampereddata:

generaltampering&faceforgery.

AfakeimageaboutBushJr.electionThisWeek

GeneralTamperingDeepfakeDeepfakeVideosDetectionGeneralTamperingDefinition:tampertheoriginalimagebyadjustingthespatialpositionofobjects,replacingtheoriginalcontentwithforgedcontent(stylemodification,texturetransformation,imagerestoration…)

TaxonomyContext-basedtamperforegroundobjectstamperimagebackgroundConditionedText-guidedimagetamperingGeneralTamperingModeldifferentelementsintheimage:theshapeofobjects,theinteractionbetweenobjectsandtheirrelativepositions,…

？CoreProblem：howtodecoupledifferentelementsinanimage?(Foreground&Background,Texture&Structure,…)ForegroundTamperingConstructobject-levelsemanticsegmentationmapsHong,S

et

al.

Learninghierarchicalsemanticimagemanipulationthroughstructured

representations.

NeurIPS,

2018.BackgroundTamperingZou,Z

et

al.Castleinthesky:dynamicskyreplacementandharmonizationinvideos.

IEEETransactionsonImageProcessing.

2022.thebackgroundcanbeviewedasalargerobjectText-guidedTampering|CLIPRadford,A.

et

al.Learningtransferablevisualmodelsfromnaturallanguagesupervision.

ICML,

2021.Text-guidedTampering|CLIP+StyleGANPatashnik,O.

et

al.Styleclip:text-drivenmanipulationofstyleganimagery.

ICCV,

2021.Text-guidedTampering|StyleGANLatent

codeMapping

functionResidual

codetarget

codePatashnik,O.

et

al.Styleclip:text-drivenmanipulationofstyleganimagery.

ICCV,

2021.Text-guidedTampering|DiffusionHo,J.

et

al.Denoisingdiffusionprobabilisticmodels.NeurIPS,

2020.ThedirectedgraphicalmodelofDDPMGraphicalmodelsfordiffusion(left)andnon-Markovian(right)inferencemodelsSong,J.

et

al.Denoisingdiffusionimplicitmodels.ICLR,

2022.Text-guidedTampering|CLIP+DiffusionRombachR.etal.High-resolutionimagesynthesiswithlatentdiffusionmodels,

CVPR,2022.StableDiffusionThisWeekGeneralTampering

DeepfakeDeepfakeVideosDetectionDeepfakeDefinition:

believablemediageneratedbyadeepneuralnetworkForm:

generation&manipulationofhumanimageryDeeplearning+fakeGANs(GenerativeAdversarialNetworks)Derivesfromthe“zero-sumgame”ingametheory.LearnthedistributionofdatathroughaGeneratorandaDiscriminatorFaceForgeryAlice’sbodywithBob’sfaceAliceBobDatacollectionModeltrainingDeepfakefaceforgeryFaceForgeryDatacollectionModeltrainingDeepfakefaceforgeryFaceForgeryDatacollectionModeltrainingDeepfakefaceforgeryFaceForgeryReenactment(人脸重演)Replacement(人脸互换)Editing(人脸编辑)Synthesis(人脸合成)MirskyY,LeeW.Thecreationanddetectionofdeepfakes:Asurvey.ACMComputingSurveys(CSUR),2021,54(1):1-41.

FaceForgerySTEPS：DetectsandcropsthefaceExtractsintermediaterepresentationsGeneratesanewfacebasedonsomedrivingsignalBlendsthegeneratedfacebackintothetargetframeMirskyY,LeeW.Thecreationanddetectionofdeepfakes:Asurvey.ACMComputingSurveys(CSUR),2021,54(1):1-41.FaceReenactmentSTEPSingeneral:facetracking(面部追踪)facematching(面部匹配)facetransfer(面部迁移)PareidoliaFaceReenactmentSong,L.

et

al.Everything‘stalkin’:pareidoliafacereenactment.CVPR,

2021.pareidoliafacereenactmentPareidoliaFaceReenactmentChallengesThetargetfacesarenothumanfaces1Shapevariance2Texturevariancee.g.squaremouthe.g.woodtextureSong,L.

et

al.Everything‘stalkin’:pareidoliafacereenactment.CVPR,

2021.PURAParametricUnsupervisedReenactmentAlgorithmParametricShapeModeling(PSM，参数化形状建模)ExpansionaryMotionTransfer(EMT，扩展运动迁移)UnsupervisedTextureSynthesizer

(UTS，无监督纹理合成器)Song,L.

et

al.Everything‘stalkin’:pareidoliafacereenactment.CVPR,

2021.PURAParametricUnsupervisedReenactmentAlgorithmSong,L.

et

al.Everything‘stalkin’:pareidoliafacereenactment.CVPR,

2021.FaceReplacement|SimswapHighFidelityFaceSwappingChen,R.

et

al.Simswap:anefficientframeworkforhighfidelityfaceswapping.ACMMM,

2021.❌lacktheabilitytogeneralizetoarbitraryidentity❌failtopreserveattributeslikefacialexpressionandgazedirectionIDInjectionModule(IIM)(身份注入模块)WeakFeatureMatchingLoss(弱特征匹配损失)FaceReplacement|SimswapHighFidelityFaceSwappingChen,R.,et

al.

Simswap:anefficientframeworkforhighfidelityfaceswapping.ACMMM,

2020FaceReplacement|SimswapIdentityLossWeakFeatureMatchingLossChen,R.,et

al.

Simswap:anefficientframeworkforhighfidelityfaceswapping.ACMMM,

2020ThisWeekGeneralTamperingDeepfake

DeepfakeVideosDetectionDeepfakeVideosMoredimensions:TiminginformationTherelativepositionofdifferentsubjectsandobjectsAudiofakesDeepfakeVideosChallengesHowtogeneratereasonablegesturesHowtogenerateafakevideoinhighresolutionHowtogeneratehigh-qualitylongvideosReasonableGesturesSiarohin,A.

et

al.Firstordermotionmodelforimageanimation.

NeurIPS,

2-19.First-order-motionModelReasonableGesturesSiarohin,A.

et

al.

Firstordermotionmodelforimageanimation.

NeurIPS,

2019.MotionEstimationModuleUseasetoflearnedkeypointsandtheiraffinetransformationstopredictdensemotionReasonableGesturesGenerationModuleWarpthesourceimageaccordingtoInpainttheimagepartsthatareoccludedinthesourceimage.Siarohin,A.

et

al.

Firstordermotionmodelforimageanimation.

NeurIPS,

2019.HighResolutionTian,Y.,

et

al.

Agoodimagegeneratoriswhatyouneedforhigh-resolutionvideosynthesis.ICLR,

2022.MoCoGAN-HDHigh-qualityLongVideosYu,S.

et

al.Generatingvideoswithdynamics-awareimplicitgenerativeadversarialnetworks.arXivpreprintarXiv:2202.10571.DIGANThisWeekGeneralTamperingDeepfakeDeepfakeVideos

DetectionTamperingDetectionTaxonomy:GeneralTamperingDetection——whetheranordinaryobjectinanimagehasbeentamperedwithDeepfakeDetection——whetherthepartofthefaceintheimagehasbeentamperedwithFeatures&SemanticsGeneralTamperingDetectionExistinggeneraltamperingdetectionmethodsmainlyfocusonsplicing,copy-moveandremovalGeneralTamperingDetectionEarlydetectionmethodsImageTamperingThecorrelationbetweenpixelsintroducedduringcameraimaging(LCA,…)Thefrequency-domainorstatisticalfeaturesoftheimageandthenoiseitcontains(PRNU)GeneralTamperingDetectionCopy-moveDetectionMethodsBlock-basedregionduplicationDivideanimageintomanyequal-sizeblocks,andifduplicatedregionsexistintheimage,thereshouldbeduplicatedblocksaswell.Comparetheblocks.(Pixelvalues,Statisticalmeasures,Frequencycoefficients,Momentinvariants,…)Keypoint-basedregionduplicationConcentrateonafewkeypointswithinanimagesothecomputationcostcanbesignificantlyreduced.(SIFT,SURF)SplicingDetectionMethodsEdgeanomalyRegionanomaly:JPEGcompressionRegionanomaly:lightinginconsistencyRegionanomaly:inconsistencesofcameratracesGeneralTamperingDetectionGeneralTamperingDetectionRemovalDetectionMethodsBlurringartifactsbydiffusion-basedtamperingBlockduplicationbyexemplar-basedtamperingGeneralTamperingDetectionLaterdetectionmethods(DL)Medianfilteringforensics+CNN(Chenetal.,2015)RGB-N(Zhouetal.,2018)SPAN,spatialpyramidattentionnetwork(Huetal.,2020)Mantra-Net(Wuetal.,2019)PSCC-Net,progressivespatio-channelcorrelationnetwork(Liuetal.,2022)CountermeasuresDetectionPreventionMirskyY,LeeW.Thecreationanddetectionofdeepfakes:Asurvey.ACMComputingSurveys,2021,54(1):1-41.Detection|Artifact-specificDeepfakesoftengenerateartifactswhichmaybesubtletohumans,butcanbeeasilydetectedusingmachinelearningandforensicanalysis.Blending

(spatial)Environment(spatial)

Forensics(spatial)

Behavior(temporal)Physiology(temporal)Synchronization

(temporal)Coherence(temporal)MirskyY,LeeW.Thecreationanddetectionofdeepfakes:Asurvey.ACMComputingSurveys,2021,54(1):1-41.BlendingTrainedaCNNtopredictanimage’sblendingboundaryandalabel(realorfake)LingzhiLi,et

al.Facex-rayformoregeneralfaceforgerydetection.CVPR,

2020.BlendingSplicesimilarfacesfoundthroughfaciallandmarksimilaritytogenerateadatasetoffaceswaps.OverviewofgeneratingatrainingsampleLingzhiLi,et

al.Facex-rayformoregeneralfaceforgerydetection.CVPR,

2020.ForensicsDetectdeepfakesbyanalyzingsubtlefeaturesandpatternsleftbythemodel.GANsleaveuniquefingerprintsItispossibletoclassifythegeneratorgiventhecontent,eveninthepresenceofcompressionandnoiseNingYu

et

al.AttributingfakeimagestoGANs:LearningandanalyzingGANfingerprints.ICCV,

2019.Detection|UndirectedApproachesTraindeepneuralnetworksasgenericclassifiers,andletthenetworkdecidewhichfeaturestoanalyze.ClassificationAnomalyDetectionClassificationTharinduF.,

et

al.

ExploitingHumanSocialCognitionfortheDetectionofFakeandFraudulentFacesviaMemoryNetworks.

arXiv:1911.07844.HierarchicalMemoryNetwork(HMN)architectureAnomalyDetectionanomalydetectionmodelsaretrainedonthenormaldataandthendetectoutliersduringdeployment.RunWang

et

al.Fakespotter:

Asimplebaselineforspottingai-synthesizedfakefaces.arXiv:1909.06122.Monitorneuronbehaviors(coverage)tospotAI-synthesizedfakefaces.Obtainastrongersignalfromthanjustusingtherawpixels.Isabletoovercomenoiseandotherdistortions.Detection|SummaryMirskyY,LeeW.Thecreationanddetectionofdeepfakes:Asurvey.ACMComputingSurveys,2021.Detection|SummaryMirskyY,LeeW.Thecreationanddetectionofdeepfakes:Asurvey.ACMComputingSurveys,2021.Prevention&MitigationDataprovenance(数据溯源)Dataprovenanceofmultimediashouldbetrackedthroughdistributedledgersandblockchainnetworks.(Fraga-Lamasetal.,2019)ThecontentshouldberankedbyparticipantsandAI.(Chenetal.,2019.)Thecon