Deepfakes aren’t a big deal at Facebook right now, but the company continues to fund technology research to protect against future threats. The latest work, working with scholars from Michigan State University (MSU), with a combined team creating a method to reverse engineer deep fakes, analyze AI-generated images to identify features in the machine learning models that generated them.
This is useful because it can help Facebook track down malicious actors spreading deep fakes on various social networks. This content may contain misinformation but may contain pornography that you do not consent to. This is a depressingly common application of deepfake technology. Current work is still in the research phase and is not ready for deployment.
Previous research in this area has been able to confirm whether known AI models generated deepfakes, but this work, led by MSU’s Vishal Asnani, goes one step further by identifying architectural characteristics of unknown models. These characteristics, called hyperparameters, must be tuned in each machine learning model, like parts of an engine. It leaves a unique fingerprint on the overall finished image and can be used to identify the source.
It is important to identify characteristics of unknown models, says Tal Hassner, head of research at Facebook. The Budge, This is because deepfake software is very easy to customize. This could allow malicious actors to hide their tracks if investigators are trying to track their activities.
“Let’s say an evil actor creates a lot of different deepfakes and uploads them to different users on different platforms,” Hassner said. “If this is a new AI model that no one has seen before, there is very little we could say about it in the past. Now we can say here, uploaded photos there, all from the same model. ‘ And if we could take over a laptop or a computer [used to generate the content], we would be able to say, ‘This is the culprit.’”
Hassner compares the work with forensic techniques used to identify the camera model used to take pictures by looking for patterns in the resulting images. “But not everyone can make their own camera,” he says. “Anyone with moderate experience and a standard computer can create their own models that generate deepfakes.”
The resulting algorithm can not only fingerprint the characteristics of the generative model, but also identify whether a known model generates an image and whether the image is a deepfake in the first place. “On standard benchmarks, we get cutting-edge results,” Hassner says.
However, it is important to note that even these state-of-the-art results are unreliable. When Facebook held a deepfake detection contest last year, the winning algorithm was only able to detect 65.18% of AI-manipulated videos. Relevant researchers said that using algorithms to detect deep fakes is still an “unsolved problem”.
One of the reasons is that the field of generative AI is very active. New technologies are posted daily and it is almost impossible to catch up with any filter.
Those involved in the field are familiar with these dynamics, and Hassner agrees when asked if publishing this new fingerprint algorithm could lead to research undetected in this way. “I expect that,” he says. “This is a cat and mouse game, and it continues to be a cat and mouse game.”