Research On Adversarial Example Generation Technology Against Image Deepfake Models

Deepfake is a technology that uses deep learning models to forge pictures,videos,audio and other media files.Its malicious use seriously endangers information security and social stability.In order to prevent the potential risks brought by deep forgery,this paper works on the generation technology of adversarial examples for deepfake models.In view of the low efficiency of the attack algorithm used in the research on the existing adversarial attack against deepfake models,this paper conducts research on the optimization of the adversarial example generation algorithm to approach a better solution of the algorithm.In view of the poor generalization ability of generated adversarial examples used in the existing research,this paper conducts research on multi-objective optimization of adversarial examples to expand the generalization of adversarial examples.Combining the two methods achieves a stronger antiattack effect on the deep forgery model.The main achievements of the paper are:The malicious use of deepfake models seriously compromises information security.To protect images from the tampering of deepfake,adversarial examples can be made to replace the original images by distorting the output of the deepfake model and disrupting its work.Current studies usually use some classical adversarial attack algorithms such as I-FGSM and PGD to generate adversarial examples,which have poor attack strength.In addition,most of the adversarial examples are generated by targeting a certain model in a certain domain,which lack generalizability.Aiming at the low efficiency and poor generalization ability of the attack algorithm against deepfake models,the research work was carried out from two aspects:optimizing the adversarial examples generation algorithm and the multi-objective optimization of the adversarial examples,and a stronger ability of the anti-attack deepfake model was achieved.The main achievements of this paper are:(1)In view of the low efficiency of the adversarial example generation algorithm used in current studies,this paper proposes an improved adversarial example generation algorithm DAPGD(Dynamic Auto Project Gradient Descent)to improve the attack ability of the generated adversarial examples.DAPGD uses the idea of adaptive decay learning rate,which can accelerate the algorithm convergence and improve the quality of adversarial examples.Meanwhile,the checkpoint for decaying the learning rate was dynamically set to address the problem that APGD tends to miss the best time to decay the learning rate.It can play the role of decaying the learning rate more thoroughly.Finally,as the loss function is unstable in deepfake models,the local early stopping mechanism of APGD was eliminated to improve the effectiveness and speed of the algorithm.(2)In view of the poor generalization of adversarial examples generated in current studyies,this paper proposes a Cross Domain and Model Gradient Fusion(CDMGF)method to expand the generalization of any gradient-based adversarial example generation algorithms.Firstly,CDMGF integrate the gradients of each domain in models by uniformly weighting and obtain the cross-domain gradient.Then,inspired by the Multiple Gradient Descent Algorithm(MGDA),CDMGF integrates the cross-domain gradients of each model to obtain the crossdomain perturbation vector,which is used to optimize the adversarial example.Finally,we propose a penalty-based gradient regularization method to preprocess the cross-domain gradients to improve the success rate of attacks.