This post is also available in: heעברית (Hebrew)

In a research paper, Electrical and Computer Engineering masters students Apurva Gandhi and Shomik Jain from USC Viterbi School of Engineering, Los Angeles, showed how deepfake images could fool even the most sophisticated detectors with slight modifications. A team at the University of California San Diego also arrived at similar conclusions about deepfake videos.

Today’s state-of-the-art deepfake detectors are based on convolutional neural networks. While initially, these models seem very accurate, they admit a major flaw. Gandhi and Jain showed that these deepfake detectors are vulnerable to adversarial perturbations – small, strategically-chosen changes to just a few pixel values in an image.

The neural networks the two trained initially identified over 95% of the normal, everyday deepfakes. But when they perturbed the images, the detectors were able to catch (checks notes) zero percent. Under the right circumstances, this technique essentially renders our entire deepfake security apparatus obsolete. 

The students want to make neural networks more stable to adversarial perturbations. This is done by something called regularization, a strategy that improves the neural network stability while it is still being trained. This technique improved the detection of perturbed deepfakes by 10% – encouraging but not game-changing.

Their more promising strategy, however, is something called the deep image prior defense. Essentially this process tries to remove these sneaky perturbations from the images before feeding them to a detector. To develop this technique, the two creatively re-purposed algorithms originally written to improve image quality. While the deep image prior defense identified perturbed deepfakes with 95% accuracy,  the algorithm is very slow. Processing just one image can take 20-30 minutes, according to viterbischool.usc.edu.

Prepared to dive into the world of futuristic technology? Attend INNOTECH 2023, the international convention and exhibition for cyber, HLS and innovation at Expo, Tel Aviv, on March 29th-30th

Interested in sponsoring / a display booth at the 2023 INNOTECH exhibition? Click here for details!