Poisoned Forgery Face: Towards Backdoor Attacks on Face Forgery Detection
CoRR(2024)
摘要
The proliferation of face forgery techniques has raised significant concerns
within society, thereby motivating the development of face forgery detection
methods. These methods aim to distinguish forged faces from genuine ones and
have proven effective in practical applications. However, this paper introduces
a novel and previously unrecognized threat in face forgery detection scenarios
caused by backdoor attack. By embedding backdoors into models and incorporating
specific trigger patterns into the input, attackers can deceive detectors into
producing erroneous predictions for forged faces. To achieve this goal, this
paper proposes Poisoned Forgery Face framework, which enables
clean-label backdoor attacks on face forgery detectors. Our approach involves
constructing a scalable trigger generator and utilizing a novel convolving
process to generate translation-sensitive trigger patterns. Moreover, we employ
a relative embedding method based on landmark-based regions to enhance the
stealthiness of the poisoned samples. Consequently, detectors trained on our
poisoned samples are embedded with backdoors. Notably, our approach surpasses
SoTA backdoor baselines with a significant improvement in attack success rate
(+16.39% BD-AUC) and reduction in visibility (-12.65% L_∞).
Furthermore, our attack exhibits promising performance against backdoor
defenses. We anticipate that this paper will draw greater attention to the
potential threats posed by backdoor attacks in face forgery detection
scenarios. Our codes will be made available at
更多查看译文
关键词
Deepfake Detection,Backdoor Attack
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要