DetectDF: A Deep Learning Approach for Adversarially Robust Deepfake Detection in Realtime

Abstract

"Advancements in Generative AI have led to deepfakes, presenting both media innovation opportunities and risks such as incrimination and misinformation. Deep learning can identify existing deepfakes but struggles with unfamiliar data, as well as a new threat in the form of adversarial attacks cause detection challenges. The ongoing evolution of deepfake technology initiates a digital forensics arms race. Current deepfakes can undermine detection models with adversarial perturbations, emphasizing the importance of ensuring digital content integrity and security. Existing technological and research efforts fall short in providing the necessary generalization to counteract the evolving tactics of deepfake creation. The goal is to produce a deep learning model, extensively trained across multiple datasets, to bridge this generalization gap. Crucially, the model aims to address the existing shortcomings in identifying adversarial perturbations in deepfake content and enhance the accuracy of models against such challenges. This involves training various models to recognize adversarial perturbations, including techniques like Projected Gradient Descent (PGD) and Fast Gradient Sign Method (FGSM). The proposed solution enables users to verify the authenticity of videos regardless of adversarial perturbations. The author employed a combined dataset of Meta's DFDC, Celeb-DF, Celeb-DF-v2 and FaceForensics datasets amounting to about 11,500 videos. After performing face detection and face extraction, the frames were fed as images to several DL models in a supervised learning manner. The author experimented with transfer learning approaches using InceptionResNetV2, EfficientNetB4, EfficientNetB3, XceptionNet, ResNet50, VGG19 and VGG16 models with various fine tuning techniques. Extensive testing was conducted with individual models and different ensemble combinations. VGG19 transfer learning model with the fine tuning adjustments and rigorous adversarial training proved to be the most robust against adversarial and unperturbed data with 0.90 ROC and 82% Accuracy."