Skip to main content
  1. Home
  2. Emerging Tech
  3. Features

Inside the rapidly escalating war between deepfakes and deepfake detectors

By
Add as a preferred source on Google
 

Imagine a twisty-turny movie about a master criminal locked in a war of wits with the world’s greatest detective.

Recommended Videos

The criminal seeks to pull off a massive confidence trick, using expert sleight of hand and an uncanny ability to disguise himself as virtually anyone on the planet. He’s so good at what he does that he can make people believe they saw things that never actually happened.

But then we meet the detective. She’s a brilliant, stop-at-nothing sort who can spot the “tell” of any thief. She knows just what to look for, and even the tiniest behavior — a raised eyebrow here, a dropped vowel there — is enough to alert her when something’s awry. She’s the only person to ever catch our antagonist, and now she’s hot on his trail once again.

However, there’s a problem: Our thief knows that she knows what to look for. As a result, he has changed up his game, without the protagonist realizing it.

The deepfake problem

This is, in essence, the story of deepfakes and deepfake detection thus far. Deepfakes, a form of synthetic media in which people’s likenesses can be digitally altered like a Face/Off remake directed by A.I. researchers, have been a cause for concern since they sprung onto the scene in 2017. While many deepfakes are lighthearted (swapping out Arnie for Sly Stallone in The Terminator), they also pose a potential threat. Deepfakes have been used to create fake pornographic videos that appear real and they’ve been used in political hoaxes, as well as in financial fraud.

Lest such hoaxes become an even bigger problem, someone needs to be able to step in and say, definitively, when a deepfake is being used and when it isn’t.

“Deepfake detectors work by looking for those details of a deepfake that aren’t quite right by scouring images for not just uncanny valleys, but the tiniest uncanny pothole.”

It didn’t take long for the first deepfake detectors to appear. By April 2018, I covered one of the earlier efforts to do this, which was built by researchers at Germany’s Technical University of Munich. Just like deepfake technology itself, it used A.I. — only this time its creators were utilizing it not to create fakes, but to spot them.

Image used with permission by copyright holder

Deepfake detectors work by looking for those details of a deepfake that aren’t quite right by scouring images for not just uncanny valleys, but the tiniest uncanny pothole. They crop face data from images and then pass it through a neural network to figure out its legitimacy. Giveaway details might include things like badly reproduced eye blinking.

But now researchers from the University of California San Diego have come up with a way of defeating deepfake detectors by inserting what are called adversarial examples into video frames. Adversarial examples are a fascinating — yet terrifying — glitch in the A.I. Matrix. They’re capable of fooling even the smartest of recognition systems into, for example, thinking a turtle is a gun, or an espresso is a baseball. They do this by subtly adding noise into an image so that it causes the neural network to make the wrong classification.

Like mistaking a rifle for a shelled reptile. Or a faked video for a real one.

Fooling the detectors

“There has been a recent surge in methods for generating realistic deepfake videos,” Paarth Neekhara, a UC San Diego computer engineering grad student, told Digital Trends. “Since these manipulated videos can be used for malicious purposes, there has been a significant effort in developing detectors that can reliably detect deepfake videos. For example, Facebook recently launched the Deepfake Detection Challenge to accelerate the research on developing deepfake detectors. [But] while these detection methods can achieve more than 90% accuracy on a dataset of fake and real videos, our work shows that they can be easily bypassed by an attacker. An attacker can inject a carefully crafted noise, that is fairly imperceptible to the human eye, into each frame of a video so that it gets misclassified by a victim detector.”

Facebook Deepfake Challenge
Image used with permission by copyright holder

Attackers can craft these videos even if they don’t possess specific knowledge of the detector’s architecture and parameters. These attacks also still work after videos are compressed, as they would be if they were shared online on a platform like YouTube.

When tested, the method was more than 99% capable of fooling detection systems when given access to the detector model. However, even at its lowest success levels — for compressed videos in which no information was known about the detector models — it still defeated them 78.33% of the time. That’s not great news.

The researchers are declining to publish their code on the basis that it could be misused, Neekhara noted. “The adversarial videos generated using our code can potentially bypass other unseen deepfake detectors that are being used in production by some social media [platforms,]” he explained. “We are collaborating with teams that are working on building these deepfake detection systems, and are using our research to build more robust detection systems.”

A game of deepfake cat and mouse

This isn’t the end of the story, of course. To return to our movie analogy, this would still be only around 20 minutes into the film. We haven’t gotten to the scene yet where the detective realizes that the thief thinks he’s got her fooled. Or to the bit where the thief realizes that the detective knows that he knows that she knows. Or .. you get the picture.

Such a cat-and-mouse game for deepfake detection, which is likely to continue indefinitely, is well-known to anyone who has worked in cybersecurity. Malicious hackers find vulnerabilities, which are then blocked by developers, before hackers find vulnerabilities in their fixed version, which then gets tweaked by the devs yet again. Continue ad infinitum.

“Yes, the deepfake generation and detection systems closely follow the virus and antivirus dynamics,” Shehzeen Hussain, a UC San Diego computer engineering Ph.D. student, told Digital Trends. “Currently, deepfake detectors are trained on a dataset of real and fake videos generated using existing deepfake synthesis techniques. There is no guarantee that such detectors will be foolproof against future deepfake generation systems … To stay ahead in the arms race, detection methods need to be regularly updated and trained on upcoming deepfake synthesis techniques. [They] also need to be made robust to adversarial examples by incorporating adversarial videos during training.”

A paper describing this work, titled “Adversarial Deepfakes: Evaluating Vulnerability of Deepfake Detectors to Adversarial Examples,” was recently presented at the WACV 2021 virtual conference.

Luke Dormehl
Luke Dormehl
Former Contributor
I'm a UK-based tech writer covering Cool Tech at Digital Trends. I've also written for Fast Company, Wired, the Guardian…
Topics
Robots just ran the Beijing half-marathon faster than the world record holder
humanoid robot running a marathon

A humanoid robot just ran a half-marathon faster than the world record holder. It might not seem impressive at first, but considering last year, the fastest robot at Beijing's humanoid robot half-marathon finished in two hours and 40 minutes, this is a huge achievement. 

As reported by the Associated Press, the winning robot at this year's Beijing half-marathon crossed the finish line in 50 minutes and 26 seconds, comfortably beating the human world record of 57 minutes recently set by Jacob Kiplimo. 

Read more
As if the plate wasn’t already full, AI is about to worsen the global e-waste crisis
New report highlights a rising environmental concern
Stack of graphics cards and motherboards in a landfill site e-waste

AI is already changing how the world works, but it’s also quietly making one of our biggest environmental problems even worse. And no, this isn’t about energy consumption this time. It’s about the hardware. Because every smarter AI model comes with a physical cost.

AI is about to supercharge the e-waste problem

Read more
Smart glasses are finding a surprise niche — Korean drama and theater shows
Urban, Night Life, Person

Every year, millions of people follow Korean content without speaking a word of the language. They stream shows with subtitles, read translated lyrics, and find workarounds. But live theater has always been a different problem — you can't pause or rewind it. That's the problem: a Korean startup thinks it's cracked, and Yuroy Wang was one of the first to try it. The 22-year-old Taipei retail worker is a K-pop fan who loves Korean culture but doesn't speak the language. When he went to see "The Second Chance Convenience Store," a touring play based on a Korean novel that was a bestseller in Taiwan, he expected supertitles. What he got instead was a pair of chunky black-framed AI-powered glasses sitting on his nose, translating the dialogue in real time directly on the lenses. "As soon as I found out they were available, I couldn't wait to try them," he said. Wang is part of a growing audience discovering that smart glasses, a category of tech that has struggled to find mainstream purpose for years, might have just found their calling in the most unexpected of places: live Korean theater.

How do the glasses work?

Read more