Are Watermarks Bugs for Deepfake Detectors? Rethinking Proactive Forensics
arxiv(2024)
摘要
AI-generated content has accelerated the topic of media synthesis,
particularly Deepfake, which can manipulate our portraits for positive or
malicious purposes. Before releasing these threatening face images, one
promising forensics solution is the injection of robust watermarks to track
their own provenance. However, we argue that current watermarking models,
originally devised for genuine images, may harm the deployed Deepfake detectors
when directly applied to forged images, since the watermarks are prone to
overlap with the forgery signals used for detection. To bridge this gap, we
thus propose AdvMark, on behalf of proactive forensics, to exploit the
adversarial vulnerability of passive detectors for good. Specifically, AdvMark
serves as a plug-and-play procedure for fine-tuning any robust watermarking
into adversarial watermarking, to enhance the forensic detectability of
watermarked images; meanwhile, the watermarks can still be extracted for
provenance tracking. Extensive experiments demonstrate the effectiveness of the
proposed AdvMark, leveraging robust watermarking to fool Deepfake detectors,
which can help improve the accuracy of downstream Deepfake detection without
tuning the in-the-wild detectors. We believe this work will shed some light on
the harmless proactive forensics against Deepfake.
更多查看译文
AI 理解论文
溯源树
样例
生成溯源树,研究论文发展脉络
Chat Paper
正在生成论文摘要