Exposing Vulnerabilities of Deepfake Detection Systems with Robust Attacks

Recent advances in video manipulation techniques have made the generation of fake videos more accessible than ever before. Manipulated videos can fuel disinformation and reduce trust in media. Therefore detection of fake videos has garnered immense interest in academia and industry. Recently developed Deepfake detection methods rely on Deep Neural Networks (DNNs) to distinguish AI-generated fake videos from real videos. In this work, we demonstrate that it is possible to bypass such detectors by adversarially modifying fake videos synthesized using existing Deepfake generation methods. We further demonstrate that our adversarial perturbations are robust to image and video compression codecs, making them a real-world threat. We present pipelines in both white-box and black-box attack scenarios that can fool DNN based Deepfake detectors into classifying fake videos as real. Finally, we study the extent to which adversarial perturbations transfer across different Deepfake detectors and create more accessible attacks using universal adversarial perturbations that pose a very feasible attack scenario since they can be easily shared amongst attackers.

Download Full-text

Learned image and video compression with deep neural networks

2020 IEEE International Conference on Visual Communications and Image Processing (VCIP) ◽

10.1109/vcip49819.2020.9301828 ◽

2020 ◽

Author(s):

Dong Xu ◽

Guo Lu ◽

Ren Yang ◽

Radu Timofte

Keyword(s):

Neural Networks ◽

Video Compression ◽

Deep Neural Networks ◽

Image And Video Compression

Download Full-text

Extended Spatially Localized Perturbation GAN (eSLP-GAN) for Robust Adversarial Camouflage Patches

Sensors ◽

10.3390/s21165323 ◽

2021 ◽

Vol 21 (16) ◽

pp. 5323

Author(s):

Yongsu Kim ◽

Hyoeun Kang ◽

Naufal Suryanto ◽

Harashta Tatimma Tatimma Larasati ◽

Afifatul Mukaroh ◽

...

Keyword(s):

Object Detection ◽

Real World ◽

Deep Neural Networks ◽

Target Object ◽

Human Vision ◽

Target System ◽

Detection Model ◽

Detection Systems ◽

Attack Scenario ◽

Representative Area

Deep neural networks (DNNs), especially those used in computer vision, are highly vulnerable to adversarial attacks, such as adversarial perturbations and adversarial patches. Adversarial patches, often considered more appropriate for a real-world attack, are attached to the target object or its surroundings to deceive the target system. However, most previous research employed adversarial patches that are conspicuous to human vision, making them easy to identify and counter. Previously, the spatially localized perturbation GAN (SLP-GAN) was proposed, in which the perturbation was only added to the most representative area of the input images, creating a spatially localized adversarial camouflage patch that excels in terms of visual fidelity and is, therefore, difficult to detect by human vision. In this study, the use of the method called eSLP-GAN was extended to deceive classifiers and object detection systems. Specifically, the loss function was modified for greater compatibility with an object-detection model attack and to increase robustness in the real world. Furthermore, the applicability of the proposed method was tested on the CARLA simulator for a more authentic real-world attack scenario.

Download Full-text

Special Section Guest Editorial: Image and Video Compression Using Deep Neural Networks

Journal of Electronic Imaging ◽

10.1117/1.jei.30.4.041401 ◽

2021 ◽

Vol 30 (04) ◽

Author(s):

Ofer Hadar ◽

Touradj Ebrahimi

Keyword(s):

Neural Networks ◽

Video Compression ◽

Deep Neural Networks ◽

Guest Editorial ◽

Special Section ◽

Image And Video Compression

Download Full-text

Evaluation of Deep Neural Networks for Advanced Intrusion Detection Systems

2020 4th International Conference on Electronics, Communication and Aerospace Technology (ICECA) ◽

10.1109/iceca49313.2020.9297515 ◽

2020 ◽

Author(s):

Raj Kishore ◽

Anamika Chauhan

Keyword(s):

Neural Networks ◽

Intrusion Detection ◽

Deep Neural Networks ◽

Intrusion Detection Systems ◽

Detection Systems

Download Full-text

Hybrid deep neural networks to infer state models of black-box systems

Proceedings of the 35th IEEE/ACM International Conference on Automated Software Engineering ◽

10.1145/3324884.3416559 ◽

2020 ◽

Author(s):

Mohammad Jafar Mashhadi ◽

Hadi Hemmati

Keyword(s):

Neural Networks ◽

Deep Neural Networks ◽

Black Box ◽

State Models

Download Full-text

SADA: Semantic Adversarial Diagnostic Attacks for Autonomous Applications

Proceedings of the AAAI Conference on Artificial Intelligence ◽

10.1609/aaai.v34i07.6722 ◽

2020 ◽

Vol 34 (07) ◽

pp. 10901-10908 ◽

Cited By ~ 2

Author(s):

Abdullah Hamdi ◽

Matthias Mueller ◽

Bernard Ghanem

Keyword(s):

Neural Networks ◽

Recent Work ◽

Autonomous Navigation ◽

General Framework ◽

Deep Neural Networks ◽

Autonomous Driving ◽

Black Box ◽

Semantic Meaning ◽

Safety Critical ◽

Adversarial Attack

One major factor impeding more widespread adoption of deep neural networks (DNNs) is their lack of robustness, which is essential for safety-critical applications such as autonomous driving. This has motivated much recent work on adversarial attacks for DNNs, which mostly focus on pixel-level perturbations void of semantic meaning. In contrast, we present a general framework for adversarial attacks on trained agents, which covers semantic perturbations to the environment of the agent performing the task as well as pixel-level attacks. To do this, we re-frame the adversarial attack problem as learning a distribution of parameters that always fools the agent. In the semantic case, our proposed adversary (denoted as BBGAN) is trained to sample parameters that describe the environment with which the black-box agent interacts, such that the agent performs its dedicated task poorly in this environment. We apply BBGAN on three different tasks, primarily targeting aspects of autonomous navigation: object detection, self-driving, and autonomous UAV racing. On these tasks, BBGAN can generate failure cases that consistently fool a trained agent.

Download Full-text

Feature-Guided Black-Box Safety Testing of Deep Neural Networks

Tools and Algorithms for the Construction and Analysis of Systems - Lecture Notes in Computer Science ◽

10.1007/978-3-319-89960-2_22 ◽

2018 ◽

pp. 408-426 ◽

Cited By ~ 24

Author(s):

Matthew Wicker ◽

Xiaowei Huang ◽

Marta Kwiatkowska

Keyword(s):

Neural Networks ◽

Deep Neural Networks ◽

Black Box ◽

Safety Testing

Download Full-text

Chapter 15. Human-Centered Concept Explanations for Neural Networks

10.3233/faia210362 ◽

2021 ◽

Author(s):

Chih-Kuan Yeh ◽

Been Kim ◽

Pradeep Ravikumar

Keyword(s):

Machine Learning ◽

Neural Networks ◽

Case Studies ◽

Real World ◽

Deep Neural Networks ◽

Learning Models ◽

Real World Applications ◽

The Right ◽

Concept Activation ◽

Machine Learning Models

Understanding complex machine learning models such as deep neural networks with explanations is crucial in various applications. Many explanations stem from the model perspective, and may not necessarily effectively communicate why the model is making its predictions at the right level of abstraction. For example, providing importance weights to individual pixels in an image can only express which parts of that particular image is important to the model, but humans may prefer an explanation which explains the prediction by concept-based thinking. In this work, we review the emerging area of concept based explanations. We start by introducing concept explanations including the class of Concept Activation Vectors (CAV) which characterize concepts using vectors in appropriate spaces of neural activations, and discuss different properties of useful concepts, and approaches to measure the usefulness of concept vectors. We then discuss approaches to automatically extract concepts, and approaches to address some of their caveats. Finally, we discuss some case studies that showcase the utility of such concept-based explanations in synthetic settings and real world applications.

Download Full-text