University at Buffalo (UB)
Combating AI Synthesized Media Beyond Detection
Siwei Lyu receives $500,000 SaTC: CORE award, to explore ways to combat DeepFakes rather than simply detecting them.
This project aims to combat deepfakes more effectively and beyond detection with active and proactive approaches to root out deepfakes and protect individuals from deepfake attacks. The active and proactive approaches take effect before the deepfake is generated. The active approach does not interfere with the training or generation of deepfake, whereas the proactive approach aims to disrupt these processes to prevent the deepfake. This project work provides timely and needed technologies to mitigate the negative impacts of deepfakes in cyberspace and society at large.
Recent years have seen a startling and troubling rise of online disinformation. One disconcerting form of disinformation is the manipulation of images/audios/videos to impersonate someone else. Realistic manipulations can be generated by advanced AI technologies in the form of deep neural networks, and commonly known as deepfakes. Deepfakes can be weaponized to cause negative consequences. Although detection methods have demonstrated promising performance on benchmark datasets, they are not adequate and have several limitations. This project aims to combat deepfakes more effectively and beyond detection with active and proactive approaches to root out deepfakes and protect individuals from deepfake attacks. The active and proactive approaches take effect before the deepfake is generated. The active approach does not interfere with the training or generation of deepfake, whereas the proactive approach aims to disrupt these processes to prevent the deepfake. This project work provides timely and needed technologies to mitigate the negative impacts of deepfakes in cyberspace and society at large.
This project includes four main research activities. The first is to strengthen the defense of current deepfake detection methods against anti-forensic attacks. The approach taken here is to use random ensemble models that process input with a randomly chosen member from an infinite ensemble of classification models. The second activity aims to attribute a deepfake to its generation model, i.e., recover the specific means that a deepfake is created. This step is important tracing a deepfake's origin and author. In the third activity, the research effort is focused on the methods that actively add traces to synthesized deepfakes by contaminating the training data. The fourth activity of this project further studies methods that can obstruct deepfake generation by using data poisoning to sabotage the training process. The poisoned data will lead to reduced efficiency and low-quality deepfakes.