Deepfake-detection algorithms retrained to improve success rate

Deepfakes are images and videos which combine mixed source material to produce a synthetic result. They are the latest in a long line of still image and video manipulation techniques and their ability to pass as convincing realities is outpacing the progress of tools to spot them effectively.

The use of deepfakes can range from the trivial and amusing to the outright malicious and disturbing – including the erasure from official photographs of political figures now considered undesirable by a new regime, or the superimposition of celebrity faces into often highly explicit sexual imagery – so methods to better detect them are increasingly sought after, with the latest techniques often based on networks trained using pairs of original and synthesised images.

The new method, devised by scientists at the University of Tokyo, takes a different approach, using novel synthesised images – known as 'self-blended images' – to improve the algorithm's detection rate.

Associate professor Toshihiko Yamasaki and graduate student Kaede Shiohara, from the Computer Vision and Media Lab at the University of Tokyo, have explored the vulnerabilities related to artificial intelligence and in particular the issue of deepfakes.

“There are many different methods to detect deepfakes and also various sets of training data which can be used to develop new ones,” said Yamasaki. “The problem is the existing detection methods tend to perform well within the bounds of a training set, but less well across multiple data sets or, more crucially, when pitted against state-of-the-art real-world examples.

“We felt the way to improve successful detections might be to rethink the way in which training data are used. This led to us developing what we call self-blended images (otherwise known as SBIs).”

Typical training data for deepfake detection consist of pairs of images, comprising an unmanipulated source image and a counterpart faked image – for example, where somebody’s face or entire body has been replaced with someone else’s. Training with this kind of data limited detection to certain kinds of visual corruption, or artefacts, resulting from manipulation, but missed others.

The team accordingly experimented with training sets comprising synthesised images. In this way, they could control the kinds of artefacts the training images contained, which could in turn better train detection algorithms to find such artefacts.

“Essentially, we took clean source images of people from established data sets and introduced different subtle artefacts resulting from, for example, resizing or reshaping the image,” said Yamasaki.

“Then we blended that image with the original unaltered source. The process of blending these images would also depend on characteristics of the source image – basically a mask would be made so that only certain parts of the manipulated image would make it to the blended output. Many SBIs were compiled into our modified data set, which we then used to train detectors.”

The team found the modified data sets improved accurate detection rates by around 5-12 per cent, depending on the original data set to which they were compared. These might not sound like huge improvements, but it could make the difference between someone with malicious intent succeeding or failing to influence their target audience in some way.

“Naturally, we wish to improve upon this idea. At present, it works best on still images, but videos can have temporal artefacts we cannot yet detect. Also, deepfakes are usually only partially synthesised. We might also explore ways to detect entirely synthetic images, too,” said Yamasaki.

“However, I envisage in the near future this kind of research might work its way onto social media platforms and other service providers so that they can better flag potentially manipulated images with some kind of warning.”

The research findings – 'Detecting Deepfakes with Self-Blended Images' – has been published by the journal IEEE Xplore.

In 2019, Google made a library of thousands of AI-manipulated videos publicly accessible, hoping that researchers would use the material to develop tools to better detect deceitful content.

UCL researchers in 2020 identified 20 ways in which AI could be used to facilitate crime over the next 15 years. When ranked in order of concern, AI-synthesised media – i.e. deepfake images – was judged to pose the greatest potential to cause harm.

Researchers from the University of Exeter Law School have suggested that the rights of performers should be reformed so that their likenesses cannot be replicated using deepfake technology without their permission. Their argument is that current intellectual property laws were created long before deepfake technology existed and therefore do not take its possibilities into account.

In November last year, E&T interviewed author Michael Grothaus about his book 'Trust No One', in which he argues that AI-enabled deepfakes have moved on from amusing digital manipulation to something much more sinister.