Enhancing the Robustness of Deep Learning Based Fingerprinting to Improve Deepfake Attribution
Journal
Proceedings of the 4th ACM International Conference on Multimedia in Asia, MMAsia 2022
ISBN
9781450394789
Date Issued
2022-12-13
Author(s)
Abstract
Artificial Fingerprinting (AF or the so-called digital watermarking) is a technique that can be used to conduct Deepfake attribution by ensuring media authenticity. However, AF does not prioritize its robustness to certain kinds of distortions, making the embedded watermarks vulnerable to some standard image processing operations. Insufficient robustness reduces the practicality of digital watermarking techniques. To address this issue, we propose an enhanced distortion agnostic artificial fingerprinting (EDA-AF) framework which introduces a novel noise layer consisting of an attack booster followed by a convolutional network-based attacker. The attacker simulates various distortions by exploiting adversarial learning with AF for distortion agnostic robustness. Meanwhile, due to the modeling limitation of the convolutional network, we also employ the attack booster to apply a set of differentiable image distortions which cannot be well simulated by the attacker. Extensive experimental results show that the proposed approach improves the quality of the extracted fingerprints. EDA-AF can improve the bitwise accuracy by up to 36%, which takes another step forward on the road of Deepfake attribution.
Subjects
artificial fingerprinting | deepfakes | gaussian blur | JPEG-Compression | steganography generative adversarial networks | watermarking
Type
conference paper