Chinese Journal of Network and Information Security ›› 2023, Vol. 9 ›› Issue (4): 1-15.doi: 10.11959/j.issn.2096-109x.2023049
• Comprehensive Review •
Shiyu HUANG1, Feng YE1,2, Tianqiang HUANG1,2, Wei LI1, Liqing HUANG1,2, Haifeng LUO1,2
Revised:
2023-05-30
Online:
2023-08-01
Published:
2023-08-01
Supported by:
CLC Number:
Shiyu HUANG, Feng YE, Tianqiang HUANG, Wei LI, Liqing HUANG, Haifeng LUO. Survey on adversarial attacks and defense of face forgery and detection[J]. Chinese Journal of Network and Information Security, 2023, 9(4): 1-15.
"
对抗特性 | 实现方法 | 代表工作 | 优点 | 缺点 |
黑盒迁移性 | 查询法 | 文献[ | 无须训练替代模型 | 受查询次数限制 |
替代模型法 | 文献[ | 不受查询次数限制 | 要训练结构相似的替代模型 | |
目标函数优化噪声 | 文献[85,87-88,93] | 无须额外处理成本 | 效果有限,噪声依然分布于全图 | |
对抗隐蔽性 | 核心区域加噪 | 文献[ | 减少加噪区域 | 注意力区域偏差,导致攻击效果不佳 |
图像其他域中加噪 | 文献[ | 噪声较难察觉 | 黑盒攻击能力一般 | |
对抗性GAN | 文献[91,95-96] | 无须添加噪声 | 训练GAN需要计算成本 | |
对抗鲁棒性 | 目标函数优化噪声 | 文献[ | 无须额外处理成本 | 无法考虑所有可能的图像处理 |
对抗性GAN | 文献[91,95-96] | 不受图像处理防御影响 | 训练GAN需要计算成本 | |
数据迁移性 | 目标函数优化噪声 | 文献[ | 提升对抗噪声生成效率 | 会降低特定图像攻击能力 |
"
防御方式 | 具体技术 | 代表工作 | 优点 | 缺点 |
梯度正则 | Lipschitz 正则化[ | 文献[ | 没有额外的处理开销 | 防御效果有限,仅有轻微的性能提升 |
模型集成 | 模型输出分数集成 | 文献[ | 集成各模型的优势进行投 | 需要训练多个用于集成的子模型,且无法 |
正交梯度的模型集成 | 文献[ | 票,简单有效 | 防御可迁移的对抗方法 | |
图像处理 | 深度图像先验[ | 文献[ | 与具体模型结构无关,能兼 | 无法防御对抗性 GAN 的指纹去除攻击, |
双边滤波 | 文献[ | 容各种检测模型 | 且会导致图像质量降低而影响取证精度 | |
联合对抗训练 | 文献[ | 通用性强,能够防御多种形 | 需要额外生成对抗样本以供模型学习,计 | |
对抗训练 | 噪声对抗训练 | 文献[ | 式的对抗攻击 | 算开销较大,且要控制训练数据比例 |
频率域伪影对抗训练 | 文献[ |
[1] | KINGMA D P , WELLING M . Auto-encoding variational bayes[C]// Proceedings of the International Conference on Learning Representations (ICLR). 2014. |
[2] | GOODFELLOW I , POUGET-ABADIE J , MIRZA M ,et al. Generative adversarial networks[J]. Communications of the ACM, 2020,63(11): 139-144. |
[3] | THIES J , ZOLLHOFER M , STAMMINGER M ,et al. Face2face:Real-time face capture and reenactment of rgb videos[C]// Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR). 2016: 2387-2395. |
[4] | THIES J , ZOLLH?FER M , NIE?NER M . Deferred neural rendering:image synthesis using neural textures[J]. ACM Transactions on Graphics (TOG), 2019,38(4): 1-12. |
[5] | FaceSwap[EB]. |
[6] | DeepFakes[EB]. |
[7] | LI L , BAO J , YANG H ,et al. Faceshifter:towards high fidelity and occlusion aware face swapping[J]. arXiv Preprint arXiv:1912.13457, 2019. |
[8] | MIRZA M , OSINDERO S . Conditional generative adversarial nets[C]// Proceedings of the Conference on Neural Information Processing Systems (NIPS). 2014. |
[9] | CHOI Y , CHOI M , KIM M ,et al. Stargan:unified generative adversarial networks for multi-domain image-to-image translation[C]// Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR). 2018: 8789-8797. |
[10] | HE Z , ZUO W , KAN M ,et al. Attgan:Facial attribute editing by only changing what you want[J]. IEEE transactions on image processing, 2019,28(11): 5464-5478. |
[11] | LIU M , DING Y , XIA M ,et al. Stgan:a unified selective transfer network for arbitrary image attribute editing[C]// Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). 2019: 3673-3682. |
[12] | KARRAS T , LAINE S , AILA T . A style-based generator architecture for generative adversarial networks[C]// Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). 2019: 4401-4410. |
[13] | KARRAS T , LAINE S , AITTALA M ,et al. Analyzing and improving the image quality of stylegan[C]// Proceedings of the IEEE/CVF conference on Computer Vision and Pattern Recognition (CVPR). 2020: 8110-8119. |
[14] | KARRAS T , AITTALA M , LAINE S ,et al. Alias-free generative adversarial networks[C]// Advances in Neural Information Processing Systems. 2021: 852-863. |
[15] | SIMONYAN K , ZISSERMAN A . Very deep convolutional networks for large-scale image recognition[C]// Proceedings of the International Conference on Learning Representations (ICLR). 2015. |
[16] | HE K , ZHANG X , REN S ,et al. Deep residual learning for image recognition[C]// Proceedings of the IEEE Conference on Computer Vision and Pattern recognition (CVPR). 2016: 770-778. |
[17] | CHOLLET F . Xception:deep learning with depthwise separable convolutions[C]// Proceedings of the IEEE Conference on Computer vision and Pattern recognition (CVPR). 2017: 1251-1258. |
[18] | HOWARD A G , ZHU M , CHEN B ,et al. Mobilenets:efficient convolutional neural networks for mobile vision applications[J]. arXiv Preprint arXiv:1704.04861, 2017. |
[19] | TAN M , LE Q . Efficientnet:rethinking model scaling for convolutional neural networks[C]// International Conference on Machine Learning (ICML). 2019: 6105-6114. |
[20] | DOSOVITSKIY A , BEYER L , KOLESNIKOV A ,et al. An image is worth 16x16 words:transformers for image recognition at scale[J]. arXiv Preprint arXiv:2010.11929, 2020. |
[21] | SZEGEDY C , ZAREMBA W , SUTSKEVER I ,et al. Intriguing properties of neural networks[C]// Proceedings of the International Conference on Learning Representations (ICLR). 2014. |
[22] | 林点, 潘理, 易平 . 面向图像识别的卷积神经网络鲁棒性研究进展[J]. 网络与信息安全学报, 2022,8(3): 111-122. |
LIN D , PAN L , YI P . Research on the robustness of convolutional neural networks in image recognition[J]. Chinese Journal of Network and Information Security, 2022,8(3): 111-122. | |
[23] | ZHANG J , LI C . Adversarial examples:opportunities and challenges[J]. IEEE Transactions on Neural Networks and Learning Systems, 2019,31(7): 2578-2593. |
[24] | 乔通, 姚宏伟, 潘彬民 ,等. 基于深度学习的数字图像取证技术研究进展[J]. 网络与信息安全学报, 2021,7(5): 13-28. |
QIAO T , YAO H W , PAN B M ,et al. Research progress of digital image forensic techniques based on deep learning[J]. Chinese Journal of Network and Information Security, 2021,7(5): 13-28. | |
[25] | 董琳, 黄丽清, 叶锋 ,等. 人脸伪造检测泛化性方法综述[J]. 计算机科学, 2022,49(2): 12-30. |
DONG L , HUANG L Q , YE F ,et al. Survey on generalization methods of face forgery detection[J]. Computer Science, 2022,49(2): 12-30. | |
[26] | NGUYEN T T , NGUYEN Q V H , NGUYEN D T ,et al. Deep learning for deepfakes creation and detection:a survey[J]. Computer Vision and Image Understanding, 2022,223:103525. |
[27] | GOODFELLOW I J , SHLENS J , SZEGEDY C . Explaining and harnessing adversarial examples[C]// Proceedings of the International Conference on Learning Representations (ICLR). 2015. |
[28] | KURAKIN A , GOODFELLOW I J , BENGIO S . Adversarial examples in the physical world[M]// Artificial Intelligence Safety and Security. 2018: 99-112. |
[29] | PAPERNOT N , MCDANIEL P , GOODFELLOW I ,et al. Practical black-box attacks against machine learning[C]// Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. 2017: 506-519. |
[30] | MOOSAVI-DEZFOOLI S M , FAWZI A , FROSSARD P . Deepfool:a simple and accurate method to fool deep neural networks[C]// Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 2016: 2574-2582. |
[31] | PAPERNOT N , MCDANIEL P , JHA S ,et al. The limitations of deep learning in adversarial settings[C]// 2016 IEEE European Symposium on Security and Privacy (EuroS&P). 2016: 372-387. |
[32] | MARDY A , MAKELOV A , SCHMIDT L ,et al. Towards deep learning models resistant to adversarial attacks[C]// Proceedings of the International Conference on Learning Representations(ICLR). 2018. |
[33] | MOOSAVI-DEZFOOLI S M , FAWZI A , FAWZI O ,et al. Universal adversarial perturbations[C]// Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition(CVPR). 2017: 1765-1773. |
[34] | CARLINI N , WAGNER D . Towards evaluating the robustness of neural networks[C]// 2017 IEEE Symposium on Security and Privacy (S&P). 2017: 39-57. |
[35] | LIU Y , CHEN X , LIU C ,et al. Delving into transferable adversarial examples and black-box attacks[C]// Proceedings of the International Conference on Learning Representations (ICLR). 2017: 1-24. |
[36] | DONG Y , LIAO F , PANG T ,et al. Boosting adversarial attacks with momentum[C]// Proceedings of the IEEE Conference on Computer Vision and Pattern recognition (CVPR). 2018: 9185-9193. |
[37] | SHI Y , WANG S , HAN Y . Curls & whey:boosting black-box adversarial attacks[C]// Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition(CVPR). 2019: 6519-6527. |
[38] | XIE C , ZHANG Z , ZHOU Y ,et al. Improving transferability of adversarial examples with input diversity[C]// Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). 2019: 2730-2739. |
[39] | DONG Y , PANG T , SU H ,et al. Evading defenses to transferable adversarial examples by translation-invariant attacks[C]// Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). 2019: 4312-4321. |
[40] | WANG W , YIN B , YAO T ,et al. Delving into data:effectively substitute training for black-box attack[C]// Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). 2021: 4761-4770. |
[41] | FAN M , GUO W , YU S ,et al. Enhance transferability of adversarial examples with model architecture[J]. arXiv Preprint arXiv:2202.13625, 2022. |
[42] | NESTEROV Y , SPOKOINY V . Random gradient-free minimization of convex functions[J]. Foundations of Computational Mathematics, 2017,17(2): 527-566. |
[43] | ILYAS A , ENGSTROM L , ATHALYE A ,et al. Black-box adversarial attacks with limited queries and information[C]// International Conference on Machine Learning (ICML). 2018: 2137-2146. |
[44] | ILYAS A , ENGSTROM L , MADRY A . Prior convictions:Black-box adversarial attacks with bandits and priors[C]// Proceedings of the International Conference on Learning Representations (ICLR). 2019. |
[45] | GUO C , GARDNER J , YOU Y ,et al. Simple black-box adversarial attacks[C]// International Conference on Machine Learning (ICML). 2019: 2484-2493. |
[46] | LI H , XU X , ZHANG X ,et al. Qeba:Query-efficient boundary-based black box attack[C]// Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). 2020: 1221-1230. |
[47] | MAHO T , FURON T , LE MERRER E . Surfree:a fast surrogate-free black-box attack[C]// Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). 2021: 10430-10439. |
[48] | ABBASI M , GAGNé C . Robustness to adversarial examples through an ensemble of specialists[C]// Proceedings of the International Conference on Learning Representations Workshops (ICLR). 2017. |
[49] | HE W , WEI J , CHEN X ,et al. Adversarial example defense:ensembles of weak defenses are not strong[C]// 11th USENIX Workshop on Offensive Technologies (WOOT 17). 2017. |
[50] | PAPERNOT N , MCDANIEL P , WU X ,et al. Distillation as a defense to adversarial perturbations against deep neural networks[C]// 2016 IEEE Symposium on Security and Privacy (S&P). 2016: 582-597. |
[51] | YE N , LI Q , ZHOU X Y ,et al. Amata:an annealing mechanism for adversarial training acceleration[C]// Proceedings of the AAAI Conference on Artificial Intelligence(AAAI). 2021,35(12): 10691-10699. |
[52] | SHAFAHI A , NAJIBI M , GHIASI M A ,et al. Adversarial training for free![J]. Advances in Neural Information Processing Systems, 2019,32. |
[53] | YAN Z , GUO Y , ZHANG C . Deep defense:training DNNS with improved adversarial robustness[J]. Advances in Neural Information Processing Systems, 2018,31. |
[54] | SONG C , HE K , WANG L ,et al. Improving the generalization of adversarial training with domain adaptation[C]// Proceedings of the International Conference on Learning Representations (ICLR). 2019: 1-14. |
[55] | DZIUGAITE G K , GHAHRAMANI Z , ROY D M . A study of the effect of jpg compression on adversarial images[J]. arXiv Preprint arXiv:1608.00853, 2016. |
[56] | MUSTAFA A , KHAN S H , HAYAT M ,et al. Image super-resolution as a defense against adversarial attacks[J]. IEEE Transactions on Image Processing, 2019,29: 1711-1724. |
[57] | MENG D , CHEN H . Magnet:a two-pronged defense against adversarial examples[C]// Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. 2017: 135-147. |
[58] | YANG Y , ZHANG G , KATABI D ,et al. Me-net:towards effective adversarial robustness with matrix estimation[C]// International Conference on Machine Learning (ICML). 2019: 1-22. |
[59] | ULYANOV D , VEDALDI A , LEMPITSKY V . Deep image prior[C]// Proceedings of the IEEE Conference on Computer Vision and Pattern recognition (CVPR). 2018: 9446-9454. |
[60] | JIA X , WEI X , CAO X ,et al. Comdefend:an efficient image compression model to defend adversarial examples[C]// Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). 2019: 6084-6092. |
[61] | YANG C , DING L , CHEN Y ,et al. Defending against gan-based deepfake attacks via transformation-aware adversarial faces[C]// 2021 International Joint Conference on Neural Networks (IJCNN). 2021: 1-8. |
[62] | WU Y , ABDALMAGEED W , NATARAJAN P . Mantra-net:manipulation tracing network for detection and localization of image forgeries with anomalous features[C]// Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 2019: 9543-9552. |
[63] | HUANG Q , ZHANG J , ZHOU W ,et al. Initiative defense against facial manipulation[C]// Proceedings of the AAAI Conference on Artificial intelligence (AAAI). 2021,35(2): 1619-1627. |
[64] | WANG R , HUANG Z , CHEN Z ,et al. Anti-forgery:towards a stealthy and robust deepfake disruption attack via adversarial perceptual-aware perturbations[J]. arXiv Preprint arXiv:2206.00477, 2022. |
[65] | CHEN Z , XIE L , PANG S ,et al. Magdr:mask-guided detection and reconstruction for defending deepfakes[C]// Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). 2021: 9014-9023. |
[66] | TRIPATHY S , KANNALA J , RAHTU E . Icface:interpretable and controllable face reenactment using GANs[C]// Proceedings of the IEEE/CVF Winter Conference on Applications of Computer Vision (WACV). 2020: 3385-3394. |
[67] | ANEJA S , MARKHASIN L , NIE?NER M . TAFIM:targeted adversarial attacks against facial image manipulations[C]// European Conference on Computer Vision (ECCV). 2022: 58-75. |
[68] | CHEN R , CHEN X , NI B ,et al. Simswap:an efficient framework for high fidelity face swapping[C]// Proceedings of the 28th ACM International Conference on Multimedia. 2020: 2003-2011. |
[69] | DONG J , XIE X . Visually maintained image disturbance against deepfake face swapping[C]// 2021 IEEE International Conference on Multimedia and Expo (ICME). 2021: 1-6. |
[70] | DONG J , WANG Y , LAI J ,et al. Restricted black-box adversarial attack against deepfake face swapping[J]. arXiv Preprint arXiv:2204.12347, 2022. |
[71] | RUIZ N , BARGAL S A , SCLAROFF S . Disrupting deepfakes:Adversarial attacks against conditional image translation networks and facial manipulation systems[C]// European Conference on Computer Vision (ECCV). 2020: 236-251. |
[72] | YEH C Y , CHEN H W , TSAI S L ,et al. Disrupting image-translation-based deepfake algorithms with adversarial attacks[C]// Proceedings of the IEEE/CVF Winter Conference on Applications of Computer Vision Workshops (WACV). 2020: 53-62. |
[73] | ISOLA P , ZHU J Y , ZHOU T ,et al. Image-to-image translation with conditional adversarial networks[C]// Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR). 2017: 1125-1134. |
[74] | ZHU J Y , PARK T , ISOLA P ,et al. Unpaired image-to-image translation using cycle-consistent adversarial networks[C]// Proceedings of the IEEE International Conference on Computer Vision (CVPR). 2017: 2223-2232. |
[75] | 裘昊轩, 杜彦辉, 芦天亮 . 针对深度伪造的对抗攻击算法动态APGD设计[J]. 计算机工程与应用, 2022,58(24): 97-106. |
QIU H X , DU Y H , LU T L . Design of DAPGD of adversarial attack algorithm against deepfake[J]. Computer Engineering and Applications, 2022,58(24): 97-106. | |
[76] | CROCE F , HEIN M . Reliable evaluation of adversarial robustness with an ensemble of diverse parameter-free attacks[C]// International Conference on Machine Learning. 2020: 2206-2216. |
[77] | RUIZ N , BARGAL S A , SCLAROFF S . Protecting against image translation deepfakes by leaking universal perturbations from black-box neural networks[J]. arXiv Preprint arXiv:2006.06493, 2020. |
[78] | PEARSON K . LIII.On lines and planes of closest fit to systems of points in space[J]. The London,Edinburgh,and Dublin Philosophical Magazine and Journal of Science, 1901,2(11): 559-572. |
[79] | YEH C Y , CHEN H W , SHUAI H H ,et al. Attack as the best defense:nullifying image-to-image translation GANs via limit-aware adversarial attack[C]// Proceedings of the IEEE/CVF International Conference on Computer Vision (ICCV). 2021: 16188-16197. |
[80] | LYU L . Smart watermark to defend against deepfake image manipulation[C]// 2021 IEEE 6th International Conference on Computer and Communication Systems (ICCCS). 2021: 380-384. |
[81] | HUANG H , WANG Y , CHEN Z ,et al. Cmua-watermark:a cross-model universal adversarial watermark for combating deepfakes[C]// Proceedings of the AAAI Conference on Artificial Intelligence (AAAI). 2022,36(1): 989-997. |
[82] | QIU H , DU Y , LU T . The framework of cross-domain and model adversarial attack against deepfake[J]. Future Internet, 2022,14(2): 46. |
[83] | DéSIDéRI J A . Multiple-gradient descent algorithm (MGDA) for multiobjective optimization[J]. Comptes Rendus Mathematique, 2012,350(5-6): 313-318. |
[84] | KIM J , KIM M , KANG H ,et al. U-gat-it:unsupervised generative attentional networks with adaptive layer-instance normalization for image-to-image translation[C]// Proceedings of the International Conference on Learning Representations (ICLR). 2020. |
[85] | HUSSAIN S , NEEKHARA P , JERE M ,et al. Adversarial deepfakes:evaluating vulnerability of deepfake detectors to adversarial examples[C]// Proceedings of the IEEE/CVF Winter Conference on Applications of Computer Vision (WACV). 2021: 3348-3357. |
[86] | AFCHAR D , NOZICK V , YAMAGISHI J ,et al. Mesonet:a compact facial video forgery detection network[C]// 2018 IEEE International Workshop on Information Forensics and Security (WIFS). IEEE, 2018: 1-7. |
[87] | CARLINI N , FARID H . Evading deepfake-image detectors with white-and black-box attacks[C]// Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition Workshops (CVPR). 2020: 658-659. |
[88] | GANDHI A , JAIN S . Adversarial perturbations fool deepfake detectors[C]// 2020 International Joint Conference on Neural Networks (IJCNN). 2020: 1-8. |
[89] | NEEKHARA P , DOLHANSKY B , BITTON J ,et al. Adversarial threats to deepfake detection:a practical perspective[C]// Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern recognition (CVPR). 2021: 923-932. |
[90] | LIAO Q , LI Y , WANG X ,et al. Imperceptible adversarial examples for fake image detection[C]// Proceedings of the IEEE International Conference on Image Processing (ICIP). 2021. |
[91] | LI D , WANG W , FAN H ,et al. Exploring adversarial fake images on face manifold[C]// Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition(CVPR). 2021: 5789-5798. |
[92] | JIA S , MA C , YAO T ,et al. Exploring frequency adversarial attacks for face forgery detection[C]// Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition(CVPR). 2022: 4103-4112. |
[93] | FAN L , LI W , CUI X . Deepfake-image anti-forensics with adversarial examples attacks[J]. Future Internet, 2021,13(11): 288. |
[94] | WANG Y , DING X , YANG Y ,et al. Perception matters:exploring imperceptible and transferable anti-forensics for GAN-generated fake face imagery detection[J]. Pattern Recognition Letters, 2021,146: 15-22. |
[95] | ZHAO X , STAMM M C . Making GAN-generated images difficult to spot:a new attack against synthetic image detectors[J]. arXiv preprint arXiv:2104.12069, 2021. |
[96] | LIU C , CHEN H , ZHU T ,et al. Making deepfakes more spurious:evading deep face forgery detection via trace removal attack[J]. IEEE Transactions on Dependable and Secure Computing, 2023. |
[97] | KHAN S A , ARTUSI A , DAI H . Adversarially robust deepfake media detection using fused convolutional neural network predictions[J]. arXiv Preprint arXiv:2102.05950, 2021. |
[98] | SZEGEDY C , VANHOUCKE V , IOFFE S ,et al. Rethinking the inception architecture for computer vision[C]// Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 2016: 2818-2826. |
[99] | DUTTA H , PANDEY A , BILGAIYAN S . EnsembleDet:ensembling against adversarial attack on deepfake detection[J]. Journal of Electronic Imaging, 2021,30(6): 063030. |
[100] | HOODA A , MANGAOKAR N , FENG R ,et al. Towards adversarially robust deepfake detection:an ensemble approach[J]. arXiv preprint arXiv:2202.05687, 2022. |
[101] | LUO Y , YE F , WENG B ,et al. A novel defensive strategy for facial manipulation detection combining bilateral filtering and joint adversarial training[J]. Security and Communication Networks,2021, 2021. |
[102] | WANG Z , GUO Y , ZUO W . Deepfake forensics via an adversarial game[J]. IEEE Transactions on Image Processing, 2022. |
[103] | CHEN L , ZHANG Y , SONG Y ,et al. Self-supervised learning of adversarial example:towards good generalizations for deepfake detection[C]// Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR). 2022: 18710-18719. |
[104] | JEONG Y , KIM D , RO Y ,et al. FrePGAN:robust deepfake detection using frequency-level perturbations[J]. arXiv Preprint arXiv:2202.03347, 2022. |
[105] | HO J , JAIN A , ABBEEL P . Denoising diffusion probabilistic models[C]// Advances in Neural Information Processing Systems. 2020: 6840-6851. |
[106] | ROMBACH R , BLATTMANN A , Lorenz D ,et al. High-resolution image synthesis with latent diffusion models[C]// Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 2022: 10684-10695. |
[107] | SUN P , LI Y , QI H ,et al. Landmark breaker:obstructing deepfake by disturbing landmark extraction[C]// 2020 IEEE International Workshop on Information Forensics and Security (WIFS). 2020: 1-6. |
[1] | Chuntao ZHU, Chengxi YIN, Bolin ZHANG, Qilin YIN, Wei LU. Forgery face detection method based on multi-domain temporal features mining [J]. Chinese Journal of Network and Information Security, 2023, 9(3): 123-134. |
[2] | Jingwen LI, Yawen LI. Application and risk response of deep synthesis technology [J]. Chinese Journal of Network and Information Security, 2023, 9(2): 184-190. |
[3] | Wenxuan WU, Wenbo ZHOU, Weiming ZHANG, Nenghai YU. Deepfake detection method based on patch-wise lighting inconsistency [J]. Chinese Journal of Network and Information Security, 2023, 9(1): 167-177. |
[4] | Jiaying LIN, Wenbo ZHOU, Weiming ZHANG, Nenghai YU. Lip forgery detection via spatial-frequency domain combination [J]. Chinese Journal of Network and Information Security, 2022, 8(6): 146-155. |
[5] | Dian LIN, Li PAN, Ping YI. Research on the robustness of convolutional neural networks in image recognition [J]. Chinese Journal of Network and Information Security, 2022, 8(3): 111-122. |
[6] | Baolin QIU, Ping YI. Adversarial examples defense method based on multi-dimensional feature maps knowledge distillation [J]. Chinese Journal of Network and Information Security, 2022, 8(2): 88-99. |
[7] | Pengcheng WANG, Haibin ZHENG, Jianfei ZOU, Ling PANG, Hu LI, Jinyin CHEN. Robustness evaluation of commercial liveness detection platform [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 180-189. |
[8] | Zhongyuan QIN, Zhaoxiang HE, Tao LI, Liquan CHEN. Adversarial example defense algorithm for MNIST based on image reconstruction [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 86-94. |
[9] | Xiaojuan GONG, Tianqiang HUANG, Bin WENG, Feng YE, Chao XU, Lijun YOU. Deepfake swapped face detection based on double attention [J]. Chinese Journal of Network and Information Security, 2021, 7(2): 151-160. |
[10] | Bin WANG, Liang CHEN, Yaguan QIAN, Yankai GUO, Qiqi SHAO, Jiamin WANG. Moving target defense against adversarial attacks [J]. Chinese Journal of Network and Information Security, 2021, 7(1): 113-120. |
[11] | Ximeng LIU,Lehui XIE,Yaopeng WANG,Xuru LI. Adversarial attacks and defenses in deep learning [J]. Chinese Journal of Network and Information Security, 2020, 6(5): 36-53. |
[12] | Guanghan DUAN,Chunguang MA,Lei SONG,Peng WU. Research on structure and defense of adversarial example in deep learning [J]. Chinese Journal of Network and Information Security, 2020, 6(2): 1-11. |
[13] | Fei YAN,Minglun ZHANG,Liqiang ZHANG. Adversarial examples detection method based on boundary values invariants [J]. Chinese Journal of Network and Information Security, 2020, 6(1): 38-45. |
Viewed | ||||||
Full text |
|
|||||
Abstract |
|
|||||
|