Skip to content

CS18B/Evading-DeepFake-Detectors-via-Conditional-Diffusion-Models

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
README.md
README.md
 
 
attack_detector_128.ipynb
attack_detector_128.ipynb
 
 
attack_detector_256.ipynb
attack_detector_256.ipynb
 
 
attack_detector_256.py
attack_detector_256.py
 
 
attack_xcep_stargan.py
attack_xcep_stargan.py
 
 
attack_xcep_stylegan.py
attack_xcep_stylegan.py
 
 
autoencoding.ipynb
autoencoding.ipynb
 
 
choices.py
choices.py
 
 
config.py
config.py
 
 
config_base.py
config_base.py
 
 
dataset.py
dataset.py
 
 
dataset_util.py
dataset_util.py
 
 
dist_utils.py
dist_utils.py
 
 
experiment.py
experiment.py
 
 
experiment_classifier.py
experiment_classifier.py
 
 
inference_iqa.py
inference_iqa.py
 
 
lmdb_writer.py
lmdb_writer.py
 
 
manipulate.ipynb
manipulate.ipynb
 
 
metrics.py
metrics.py
 
 
noise_ip2p..log
noise_ip2p..log
 
 
renderer.py
renderer.py
 
 
ssim.py
ssim.py
 
 
style_attack.py
style_attack.py
 
 
style_attack_search_loss_weight.py
style_attack_search_loss_weight.py
 
 
style_test.py
style_test.py
 
 
tempencode.py
tempencode.py
 
 
templates.py
templates.py
 
 
templates_cls.py
templates_cls.py
 
 
test.py
test.py
 
 
utils.py
utils.py
 
 
visual_quality.py
visual_quality.py
 
 
visual_quality_CelebAHQ.py
visual_quality_CelebAHQ.py
 
 
visual_quality_FFHQ.py
visual_quality_FFHQ.py
 
 
visual_quality_codiff.py
visual_quality_codiff.py
 
 
visual_quality_imagic.py
visual_quality_imagic.py
 
 
visual_quality_ip2p.py
visual_quality_ip2p.py
 
 

Repository files navigation

Evading-DeepFake-Detectors-via-Conditional-Diffusion-Models

This repository provides the official PyTorch implementation of our paper:

Evading DeepFake Detectors via Conditional Diffusion Models
IH&MMSec 2024, ACM Workshop on Information Hiding and Multimedia Security
[Paper (PDF)]

🧠 Overview

DeepFake detectors play a critical role in identifying manipulated facial images. However, they are vulnerable to adversarial attacks. This work proposes a semantic reconstruction-based adversarial attack that leverages conditional diffusion models to generate imperceptible perturbations in the latent space.

Key Highlights

  • 🌀 Latent space attack using DDIM-guided conditional sampling.
  • 🕵️ Evades both spatial and frequency domain detectors (e.g., XceptionNet, SRM).
  • 🖼️ High visual quality — minimal artifacts, low LPIPS, and low FID.
  • 🎯 Supports white-box and black-box settings with meta-learning transferability.

🔧 Method

The proposed attack optimizes the latent representation of fake images in a semantic latent space extracted by a diffusion autoencoder. A conditional DDIM decoder reconstructs adversarial faces guided by:

  • Attack loss: Cross-entropy to mislead the detector.
  • Perceptual loss: LPIPS + L2 to preserve structure and realism.

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages