Deepfake detector first tricked

Programmers have shown that the detector can be fooled by inserting input data, they are also called examples

competition, in each video frame.Adversarial examples are slightly modified inputs that cause AI systems to be wrong. In addition, the team has shown that the method works even after compressing the video.

Recall that in deepfakes or deepfakes, the faceany subject can be changed to someone else's so that it looks believable. This can create realistic footage of events that never actually happened.

Typical deepfake detectors focus on facesin the video: they first track them and then send a separate piece of the face to a neural network that determines if the video is real or fake. For example, eye blinking is poorly reproduced in deepfakes, so detectors focus on eye movements. Modern Deepfake detectors rely on machine learning models to identify fake videos.

The authors of the work tested their video processingin two scenarios: the first, where the attackers have full access to the detector model, the face extraction method and the architecture and parameters of the classification model; and another, where attackers can only query a machine learning model to figure out the likelihood that a frame will be classified as real or fake.

In the first case, the probability to deceive the detectorwas 99% for uncompressed videos, and 84.96% for compressed. In the second case, the detector was able to cheat at 86.43% for uncompressed and 78.33% for compressed video. This is the first work to demonstrate successful attacks on modern deepfake detectors.

The California programmers refused to release their open source code so that it would not be used for misinformation.

Read more:

Look at an 8 trillion pixel image of Mars

A nuclear rocket engine is being built for flights to Mars. How is it dangerous?

Abortion and science: what will happen to the children who will give birth