IDEAS home Printed from https://ideas.repec.org/a/gam/jftint/v14y2022i2p46-d738430.html
   My bibliography  Save this article

The Framework of Cross-Domain and Model Adversarial Attack against Deepfake

Author

Listed:
  • Haoxuan Qiu

    (College of Information and Cyber Security, People’s Public Security University of China, Beijing 100038, China)

  • Yanhui Du

    (College of Information and Cyber Security, People’s Public Security University of China, Beijing 100038, China)

  • Tianliang Lu

    (College of Information and Cyber Security, People’s Public Security University of China, Beijing 100038, China)

Abstract

To protect images from the tampering of deepfake, adversarial examples can be made to replace the original images by distorting the output of the deepfake model and disrupting its work. Current studies lack generalizability in that they simply focus on the adversarial examples generated by a model in a domain. To improve the generalization of adversarial examples and produce better attack effects on each domain of multiple deepfake models, this paper proposes a framework of Cross-Domain and Model Adversarial Attack (CDMAA). Firstly, CDMAA uniformly weights the loss function of each domain and calculates the cross-domain gradient. Then, inspired by the multiple gradient descent algorithm (MGDA), CDMAA integrates the cross-domain gradients of each model to obtain the cross-domain perturbation vector, which is used to optimize the adversarial example. Finally, we propose a penalty-based gradient regularization method to pre-process the cross-domain gradients to improve the success rate of attacks. CDMAA experiments on four mainstream deepfake models showed that the adversarial examples generated from CDMAA have the generalizability of attacking multiple models and multiple domains simultaneously. Ablation experiments were conducted to compare the CDMAA components with the methods used in existing studies and verify the superiority of CDMAA.

Suggested Citation

  • Haoxuan Qiu & Yanhui Du & Tianliang Lu, 2022. "The Framework of Cross-Domain and Model Adversarial Attack against Deepfake," Future Internet, MDPI, vol. 14(2), pages 1-16, January.
    • Handle: RePEc:gam:jftint:v:14:y:2022:i:2:p:46-:d:738430
    as

    Download full text from publisher

    File URL: https://www.mdpi.com/1999-5903/14/2/46/pdf
    Download Restriction: no
    File URL: https://www.mdpi.com/1999-5903/14/2/46/
    Download Restriction: no
    ---><---

    Corrections

    All material on this site has been provided by the respective publishers and authors. You can help correct errors and omissions. When requesting a correction, please mention this item's handle: RePEc:gam:jftint:v:14:y:2022:i:2:p:46-:d:738430. See general information about how to correct material in RePEc.

    If you have authored this item and are not yet registered with RePEc, we encourage you to do it here. This allows to link your profile to this item. It also allows you to accept potential citations to this item that we are uncertain about.

    We have no bibliographic references for this item. You can help adding them by using this form .

    If you know of missing items citing this one, you can help us creating those links by adding the relevant references in the same way as above, for each refering item. If you are a registered author of this item, you may also want to check the "citations" tab in your RePEc Author Service profile, as there may be some citations waiting for confirmation.

    For technical questions regarding this item, or to correct its authors, title, abstract, bibliographic or download information, contact: MDPI Indexing Manager (email available below). General contact details of provider: https://www.mdpi.com .

    Please note that corrections may take a couple of weeks to filter through the various RePEc services.

    IDEAS is a RePEc service. RePEc uses bibliographic data supplied by the respective publishers.