اشترك بالحزمة الذهبية واحصل على وصول غير محدود شمرا أكاديميا
تسجيل مستخدم جديدHiding Faces in Plain Sight: Disrupting AI Face Synthesis with Adversarial Perturbations
113
0
0.0
(
0
)
اسأل ChatGPT حول البحث
ﻻ يوجد ملخص باللغة العربية
Recent years have seen fast development in synthesizing realistic human faces using AI technologies. Such fake faces can be weaponized to cause negative personal and social impact. In this work, we develop technologies to defend individuals from becoming victims of recent AI synthesized fake videos by sabotaging would-be training data. This is achieved by disrupting deep neural network (DNN) based face detection method with specially designed imperceptible adversarial perturbations to reduce the quality of the detected faces. We describe attacking schemes under white-box, gray-box and black-box settings, each with decreasing information about the DNN based face detectors. We empirically show the effectiveness of our methods in disrupting state-of-the-art DNN based face detectors on several datasets.
قيم البحث
اقرأ أيضاً
Domain squatting is a common adversarial practice where attackers register domain names that are purposefully similar to popular domains. In this work, we study a specific type of domain squatting called combosquatting, in which attackers register do
mains that combine a popular trademark with one or more phrases (e.g., betterfacebook[.]com, youtube-live[.]com). We perform the first large-scale, empirical study of combosquatting by analyzing more than 468 billion DNS records---collected from passive and active DNS data sources over almost six years. We find that almost 60% of abusive combosquatting domains live for more than 1,000 days, and even worse, we observe increased activity associated with combosquatting year over year. Moreover, we show that combosquatting is used to perform a spectrum of different types of abuse including phishing, social engineering, affiliate abuse, trademark abuse, and even advanced persistent threats. Our results suggest that combosquatting is a real problem that requires increased scrutiny by the security community.
We present optical follow-up observations for candidate clusters in the Clusters Hiding in Plain Sight (CHiPS) survey, which is designed to find new galaxy clusters with extreme central galaxies that were misidentified as bright isolated sources in t
he ROSAT All-Sky Survey catalog. We identify 11 cluster candidates around X-ray, radio, and mid-IR bright sources, including six well-known clusters, two false associations of foreground and background clusters, and three new candidates which are observed further with Chandra. Of the three new candidates, we confirm two newly discovered galaxy clusters: CHIPS1356-3421 and CHIPS1911+4455. Both clusters are luminous enough to be detected in the ROSAT All Sky-Survey data if not because of their bright central cores. CHIPS1911+4455 is similar in many ways to the Phoenix cluster, but with a highly-disturbed X-ray morphology on large scales. We find the occurrence rate for clusters that would appear to be X-ray bright point sources in the ROSAT All-Sky Survey (and any surveys with similar angular resolution) to be 2+/-1%, and the occurrence rate of clusters with runaway cooling in their cores to be <1%, consistent with predictions of Chaotic Cold Accretion. With the number of new groups and clusters predicted to be found with eROSITA, the population of clusters that appear to be point sources (due to a central QSO or a dense cool core) could be around 2000. Finally, this survey demonstrates that the Phoenix cluster is likely the strongest cool core at z<0.7 -- anything more extreme would have been found in this survey.
Motivated by the recent, serendipitous discovery of the densest known galaxy, M60-UCD1, we present two initial findings from a follow-up search, using the Sloan Digital Sky Survey, Subaru/Suprime-Cam and Hubble Space Telescope imaging, and SOuthern A
strophysical Research (SOAR)/Goodman spectroscopy. The first object discovered, M59-UCD3, has a similar size to M60-UCD1 (half-light radius of r_h ~ 20 pc) but is 40% more luminous (M_V ~ -14.6), making it the new densest-known galaxy. The second, M85-HCC1, has a size like a typical globular cluster (GC; r_h ~ 1.8 pc) but is much more luminous (M_V ~ -12.5). This hypercompact cluster is by far the densest confirmed free-floating stellar system, and is equivalent to the densest known nuclear star clusters. From spectroscopy, we find that both objects are relatively young (~9 Gyr and ~3 Gyr, respectively), with metal-abundances that resemble those of galaxy centers. Their host galaxies show clear signs of large-scale disturbances, and we conclude that these dense objects are the remnant nuclei of recently accreted galaxies. M59-UCD3 is an ideal target for follow-up with high-resolution imaging and spectroscopy to search for an overweight central supermassive black hole as was discovered in M60-UCD1. These findings also emphasize the potential value of ultra-compact dwarfs and massive GCs as tracers of the assembly histories of galaxies.
Recent advances in autoencoders and generative models have given rise to effective video forgery methods, used for generating so-called deepfakes. Mitigation research is mostly focused on post-factum deepfake detection and not on prevention. We compl
ement these efforts by introducing a novel class of adversarial attacks---training-resistant attacks---which can disrupt face-swapping autoencoders whether or not its adversarial images have been included in the training set of said autoencoders. We propose the Oscillating GAN (OGAN) attack, a novel attack optimized to be training-resistant, which introduces spatial-temporal distortions to the output of face-swapping autoencoders. To implement OGAN, we construct a bilevel optimization problem, where we train a generator and a face-swapping model instance against each other. Specifically, we pair each input image with a target distortion, and feed them into a generator that produces an adversarial image. This image will exhibit the distortion when a face-swapping autoencoder is applied to it. We solve the optimization problem by training the generator and the face-swapping model simultaneously using an iterative process of alternating optimization. Next, we analyze the previously published Distorting Attack and show it is training-resistant, though it is outperformed by our suggested OGAN. Finally, we validate both attacks using a popular implementation of FaceSwap, and show that they transfer across different target models and target faces, including faces the adversarial attacks were not trained on. More broadly, these results demonstrate the existence of training-resistant adversarial attacks, potentially applicable to a wide range of domains.
In recent year, tremendous strides have been made in face detection thanks to deep learning. However, most published face detectors deteriorate dramatically as the faces become smaller. In this paper, we present the Small Faces Attention (SFA) face d
etector to better detect faces with small scale. First, we propose a new scale-invariant face detection architecture which pays more attention to small faces, including 4-branch detection architecture and small faces sensitive anchor design. Second, feature maps fusion strategy is applied in SFA by partially combining high-level features into low-level features to further improve the ability of finding hard faces. Third, we use multi-scale training and testing strategy to enhance face detection performance in practice. Comprehensive experiments show that SFA significantly improves face detection performance, especially on small faces. Our real-time SFA face detector can run at 5 FPS on a single GPU as well as maintain high performance. Besides, our final SFA face detector achieves state-of-the-art detection performance on challenging face detection benchmarks, including WIDER FACE and FDDB datasets, with competitive runtime speed. Both our code and models will be available to the research community.
سجل دخول لتتمكن من نشر تعليقات
التعليقات
جاري جلب التعليقات
سجل دخول لتتمكن من متابعة معايير البحث التي قمت باختيارها
