Hiding Faces in Plain Sight: Disrupting AI Face Synthesis with Adversarial Perturbations

TL;DR

This paper introduces adversarial perturbations to disrupt AI face synthesis and detection, aiming to protect individuals from fake videos by reducing face detection accuracy across various attack settings.

Contribution

It proposes novel adversarial attack schemes against DNN-based face detectors in white-box, gray-box, and black-box scenarios, demonstrating their effectiveness.

Findings

Effective disruption of state-of-the-art face detectors

Successful attack across multiple datasets

Applicable in white-box, gray-box, and black-box settings

Abstract

Recent years have seen fast development in synthesizing realistic human faces using AI technologies. Such fake faces can be weaponized to cause negative personal and social impact. In this work, we develop technologies to defend individuals from becoming victims of recent AI synthesized fake videos by sabotaging would-be training data. This is achieved by disrupting deep neural network (DNN) based face detection method with specially designed imperceptible adversarial perturbations to reduce the quality of the detected faces. We describe attacking schemes under white-box, gray-box and black-box settings, each with decreasing information about the DNN based face detectors. We empirically show the effectiveness of our methods in disrupting state-of-the-art DNN based face detectors on several datasets.