Skip to main content

Inside the rapidly escalating war between deepfakes and deepfake detectors

 

Imagine a twisty-turny movie about a master criminal locked in a war of wits with the world’s greatest detective.

Recommended Videos

The criminal seeks to pull off a massive confidence trick, using expert sleight of hand and an uncanny ability to disguise himself as virtually anyone on the planet. He’s so good at what he does that he can make people believe they saw things that never actually happened.

But then we meet the detective. She’s a brilliant, stop-at-nothing sort who can spot the “tell” of any thief. She knows just what to look for, and even the tiniest behavior — a raised eyebrow here, a dropped vowel there — is enough to alert her when something’s awry. She’s the only person to ever catch our antagonist, and now she’s hot on his trail once again.

However, there’s a problem: Our thief knows that she knows what to look for. As a result, he has changed up his game, without the protagonist realizing it.

The deepfake problem

This is, in essence, the story of deepfakes and deepfake detection thus far. Deepfakes, a form of synthetic media in which people’s likenesses can be digitally altered like a Face/Off remake directed by A.I. researchers, have been a cause for concern since they sprung onto the scene in 2017. While many deepfakes are lighthearted (swapping out Arnie for Sly Stallone in The Terminator), they also pose a potential threat. Deepfakes have been used to create fake pornographic videos that appear real and they’ve been used in political hoaxes, as well as in financial fraud.

Lest such hoaxes become an even bigger problem, someone needs to be able to step in and say, definitively, when a deepfake is being used and when it isn’t.

“Deepfake detectors work by looking for those details of a deepfake that aren’t quite right by scouring images for not just uncanny valleys, but the tiniest uncanny pothole.”

It didn’t take long for the first deepfake detectors to appear. By April 2018, I covered one of the earlier efforts to do this, which was built by researchers at Germany’s Technical University of Munich. Just like deepfake technology itself, it used A.I. — only this time its creators were utilizing it not to create fakes, but to spot them.

Image used with permission by copyright holder

Deepfake detectors work by looking for those details of a deepfake that aren’t quite right by scouring images for not just uncanny valleys, but the tiniest uncanny pothole. They crop face data from images and then pass it through a neural network to figure out its legitimacy. Giveaway details might include things like badly reproduced eye blinking.

But now researchers from the University of California San Diego have come up with a way of defeating deepfake detectors by inserting what are called adversarial examples into video frames. Adversarial examples are a fascinating — yet terrifying — glitch in the A.I. Matrix. They’re capable of fooling even the smartest of recognition systems into, for example, thinking a turtle is a gun, or an espresso is a baseball. They do this by subtly adding noise into an image so that it causes the neural network to make the wrong classification.

Like mistaking a rifle for a shelled reptile. Or a faked video for a real one.

Fooling the detectors

“There has been a recent surge in methods for generating realistic deepfake videos,” Paarth Neekhara, a UC San Diego computer engineering grad student, told Digital Trends. “Since these manipulated videos can be used for malicious purposes, there has been a significant effort in developing detectors that can reliably detect deepfake videos. For example, Facebook recently launched the Deepfake Detection Challenge to accelerate the research on developing deepfake detectors. [But] while these detection methods can achieve more than 90% accuracy on a dataset of fake and real videos, our work shows that they can be easily bypassed by an attacker. An attacker can inject a carefully crafted noise, that is fairly imperceptible to the human eye, into each frame of a video so that it gets misclassified by a victim detector.”

Facebook Deepfake Challenge
Image used with permission by copyright holder

Attackers can craft these videos even if they don’t possess specific knowledge of the detector’s architecture and parameters. These attacks also still work after videos are compressed, as they would be if they were shared online on a platform like YouTube.

When tested, the method was more than 99% capable of fooling detection systems when given access to the detector model. However, even at its lowest success levels — for compressed videos in which no information was known about the detector models — it still defeated them 78.33% of the time. That’s not great news.

The researchers are declining to publish their code on the basis that it could be misused, Neekhara noted. “The adversarial videos generated using our code can potentially bypass other unseen deepfake detectors that are being used in production by some social media [platforms,]” he explained. “We are collaborating with teams that are working on building these deepfake detection systems, and are using our research to build more robust detection systems.”

A game of deepfake cat and mouse

This isn’t the end of the story, of course. To return to our movie analogy, this would still be only around 20 minutes into the film. We haven’t gotten to the scene yet where the detective realizes that the thief thinks he’s got her fooled. Or to the bit where the thief realizes that the detective knows that he knows that she knows. Or .. you get the picture.

Such a cat-and-mouse game for deepfake detection, which is likely to continue indefinitely, is well-known to anyone who has worked in cybersecurity. Malicious hackers find vulnerabilities, which are then blocked by developers, before hackers find vulnerabilities in their fixed version, which then gets tweaked by the devs yet again. Continue ad infinitum.

“Yes, the deepfake generation and detection systems closely follow the virus and antivirus dynamics,” Shehzeen Hussain, a UC San Diego computer engineering Ph.D. student, told Digital Trends. “Currently, deepfake detectors are trained on a dataset of real and fake videos generated using existing deepfake synthesis techniques. There is no guarantee that such detectors will be foolproof against future deepfake generation systems … To stay ahead in the arms race, detection methods need to be regularly updated and trained on upcoming deepfake synthesis techniques. [They] also need to be made robust to adversarial examples by incorporating adversarial videos during training.”

A paper describing this work, titled “Adversarial Deepfakes: Evaluating Vulnerability of Deepfake Detectors to Adversarial Examples,” was recently presented at the WACV 2021 virtual conference.

Luke Dormehl
I'm a UK-based tech writer covering Cool Tech at Digital Trends. I've also written for Fast Company, Wired, the Guardian…
The next big role for ChatGPT could be… a brownie expert?
Depiction of a brownie and ChatGPT.

OpenAI’s ChatGPT tool has found widespread adoption, from assisting with academic work and domain-specific deep research to speeding up drug discovery. People are also loving its Ghibli image generation so much that the user load is “melting” OpenAI’s GPU stack. The next major avenue for ChatGPT could be quite a delicious adventure.
Specifically, the AI chatbot could speed up the sensory testing of brownies, potentially speeding up the development of new flavors, too. The folks over at the University of Illinois Urbana-Champaign recently published a study analyzing the potential of ChatGPT as a sensory taster for various types of brownies.

A whole new role
In the food industry, expert sensory evaluation is a huge thing. Technically referred to as organoleptic, it’s all about studying the impact of food items on various human senses. Think of taste, smell, sight, touch, texture, and even the sound. It is then tied to the emotional and sentimental side of tasting a certain food item.

Read more
Clinical test says AI can offer therapy as good as a certified expert
Interacting with Therabot AI App.

AI is being heavily pushed into the field of research and medical science. From drug discovery to diagnosing diseases, the results have been fairly encouraging. But when it comes to tasks where behavioral science and nuances come into the picture, things go haywire. It seems an expert-tuned approach is the best way forward.
Dartmouth College experts recently conducted the first clinical trial of an AI chatbot designed specifically for providing mental health assistance. Called Therabot, the AI assistant was tested in the form of an app among participants diagnosed with serious mental health problems across the United States.
“The improvements in symptoms we observed were comparable to what is reported for traditional outpatient therapy, suggesting this AI-assisted approach may offer clinically meaningful benefits,” notes Nicholas Jacobson, associate professor of biomedical data science and psychiatry at the Geisel School of Medicine.

A massive progress

Read more
AI turned Breaking Bad into an anime — and it’s terrifying
Split image of Breaking Bad anime characters.

These days, it seems like there's nothing AI programs can't do. Thanks to advancements in artificial intelligence, deepfakes have done digital "face-offs" with Hollywood celebrities in films and TV shows, VFX artists can de-age actors almost instantly, and ChatGPT has learned how to write big-budget screenplays in the blink of an eye. Pretty soon, AI will probably decide who wins at the Oscars.

Within the past year, AI has also been used to generate beautiful works of art in seconds, creating a viral new trend and causing a boon for fan artists everywhere. TikTok user @cyborgism recently broke the internet by posting a clip featuring many AI-generated pictures of Breaking Bad. The theme here is that the characters are depicted as anime characters straight out of the 1980s, and the result is concerning to say the least. Depending on your viewpoint, Breaking Bad AI (my unofficial name for it) shows how technology can either threaten the integrity of original works of art or nurture artistic expression.
What if AI created Breaking Bad as a 1980s anime?
Playing over Metro Boomin's rap remix of the famous "I am the one who knocks" monologue, the video features images of the cast that range from shockingly realistic to full-on exaggerated. The clip currently has over 65,000 likes on TikTok alone, and many other users have shared their thoughts on the art. One user wrote, "Regardless of the repercussions on the entertainment industry, I can't wait for AI to be advanced enough to animate the whole show like this."

Read more