| Title | Adversarial Attack on Fake-Faces Detectors Under White and Black Box Scenarios |
| Publication Type | Conference Paper |
| Year of Publication | 2021 |
| Authors | Wang, Xiying, Ni, Rongrong, Li, Wenjie, Zhao, Yao |
| Conference Name | 2021 IEEE International Conference on Image Processing (ICIP) |
| Keywords | adversarial attack, black-box, composability, Conferences, Detectors, Faked faces, feature extraction, forensic models, Forensics, generative adversarial networks, Generators, Metrics, pubcrawl, Resiliency, security, White Box Security, white-box |
| Abstract | Generative Adversarial Network (GAN) models have been widely used in various fields. More recently, styleGAN and styleGAN2 have been developed to synthesize faces that are indistinguishable to the human eyes, which could pose a threat to public security. But latest work has shown that it is possible to identify fakes using powerful CNN networks as classifiers. However, the reliability of these techniques is unknown. Therefore, in this paper we focus on the generation of content-preserving images from fake faces to spoof classifiers. Two GAN-based frameworks are proposed to achieve the goal in the white-box and black-box. For the white-box, a network without up/down sampling is proposed to generate face images to confuse the classifier. In the black-box scenario (where the classifier is unknown), real data is introduced as a guidance for GAN structure to make it adversarial, and a Real Extractor as an auxiliary network to constrain the feature distance between the generated images and the real data to enhance the adversarial capability. Experimental results show that the proposed method effectively reduces the detection accuracy of forensic models with good transferability. |
| DOI | 10.1109/ICIP42928.2021.9506273 |
| Citation Key | wang_adversarial_2021 |
Adversarial Attack on Fake-Faces Detectors Under White and Black Box Scenarios