Exposing and Mitigating Temporal Attack in Deepfake Video Detection

TL;DR

This paper introduces SpInShield, a spectral-invariant framework that enhances deepfake video detectors' robustness against spectral manipulation attacks by decoupling semantic motion from spectral artifacts.

Contribution

The paper proposes a novel spectral adversary and optimization strategy to improve deepfake detection robustness against spectral attacks.

Findings

SpInShield outperforms baseline models by 21.30% in AUC under spectral attacks.

The framework effectively suppresses unstable spectral cues in deepfake detection.

Experiments demonstrate competitive performance on standard datasets.

Abstract

While spatiotemporal deepfake detectors achieve high AUC, our experiments reveal their susceptibility to evasion attacks. These models tend to overfit on fragile temporal spectrum cues, rather than learning robust semantic causality. To mitigate this vulnerability, we propose SpInShield, a temporal spectral-invariant defense framework explicitly designed to decouple semantic motion from manipulatable spectral artifacts. We propose a learnable spectral adversary that dynamically synthesizes severe spectral deformations, simulating extreme attack scenarios. By employing a shortcut suppression optimization strategy, SpInShield compels the encoder to extract reliable forensic cues while purging unstable spectral statistics from the latent space. Experiments show that SpInShield obtains competitive performance on widely used datasets and outperforms the strongest baseline by 21.30 percentage points in AUC under simulated amplitude spectral attacks.