OGAN: Disrupting Deepfakes with an Adversarial Attack that Survives Training
Authors:
Eran Segalis,
Eran Galili
Abstract:
Recent advances in autoencoders and generative models have given rise to effective video forgery methods, used for generating so-called "deepfakes". Mitigation research is mostly focused on post-factum deepfake detection and not on prevention. We complement these efforts by introducing a novel class of adversarial attacks---training-resistant attacks---which can disrupt face-swapping autoencoders…
▽ More
Recent advances in autoencoders and generative models have given rise to effective video forgery methods, used for generating so-called "deepfakes". Mitigation research is mostly focused on post-factum deepfake detection and not on prevention. We complement these efforts by introducing a novel class of adversarial attacks---training-resistant attacks---which can disrupt face-swapping autoencoders whether or not its adversarial images have been included in the training set of said autoencoders. We propose the Oscillating GAN (OGAN) attack, a novel attack optimized to be training-resistant, which introduces spatial-temporal distortions to the output of face-swapping autoencoders. To implement OGAN, we construct a bilevel optimization problem, where we train a generator and a face-swapping model instance against each other. Specifically, we pair each input image with a target distortion, and feed them into a generator that produces an adversarial image. This image will exhibit the distortion when a face-swapping autoencoder is applied to it. We solve the optimization problem by training the generator and the face-swapping model simultaneously using an iterative process of alternating optimization. Next, we analyze the previously published Distorting Attack and show it is training-resistant, though it is outperformed by our suggested OGAN. Finally, we validate both attacks using a popular implementation of FaceSwap, and show that they transfer across different target models and target faces, including faces the adversarial attacks were not trained on. More broadly, these results demonstrate the existence of training-resistant adversarial attacks, potentially applicable to a wide range of domains.
△ Less
Submitted 25 November, 2020; v1 submitted 17 June, 2020;
originally announced June 2020.
Time-Multiplexed Parsing in Marking-based Network Telemetry
Authors:
Alon Riesenberg,
Yonnie Kirzon,
Michael Bunin,
Elad Galili,
Gidi Navon,
Tal Mizrahi
Abstract:
Network telemetry is a key capability for managing the health and efficiency of a large-scale network. Alternate Marking Performance Measurement (AM-PM) is a recently introduced approach that accurately measures the packet loss and delay in a network using a small overhead of one or two bits per data packet. This paper introduces a novel time-multiplexed parsing approach that enables a practical a…
▽ More
Network telemetry is a key capability for managing the health and efficiency of a large-scale network. Alternate Marking Performance Measurement (AM-PM) is a recently introduced approach that accurately measures the packet loss and delay in a network using a small overhead of one or two bits per data packet. This paper introduces a novel time-multiplexed parsing approach that enables a practical and accurate implementation of AM-PM in network devices, while requiring just a single bit per packet. Experimental results are presented, based on a hardware implementation, and a software P4-based implementation.
△ Less
Submitted 23 April, 2019; v1 submitted 14 August, 2018;
originally announced August 2018.
