(ORDO NEWS) — Technologies that professionally deceive human perception are widely used in various fields.
For example, in South Korea, a presidential candidate is promoted with the help of a deepfake. What is deepfake and is it really dangerous, Alexander Parkin, head of research projects at VisionLabs, told us.
Do not believe your eyes, computer
The term deepfake – from deep learning (“deep learning”) and fake (“fake”) – is used quite widely and refers to almost any change in digital media in order to mislead a computer image recognition system or a live observer.
For example, instead of one face, “attach” another to the figure of a person in the video (this is called Face Swap, face replacement), or instead of a satisfied smile, it is plausible to depict a grimace of indignation (Face Reenactment, facial expression replacement).
In addition to deepfake, there are two main attack vectors for recognition systems: on computational algorithms and on the cameras themselves.
The first type includes Adversarial attacks – carefully prepared changes in the input data, the result of which is the issuance of an erroneous decision by the neural network; say, when the image of a turtle, which is absolutely unambiguous for a person, is perceived by a machine as a racing car.
The attack “on the camera”, the peak of popularity of which occurred in the early years of the widespread use of face recognition systems, is Liveness, the replacement of a living face in front of the camera with its artificial likeness – a photo printed on paper, a portrait shot on a tablet screen, a mask realistically painted and printed on a 3D printer .
Fortunately, modern recognition systems are already quite good at resisting Liveness attacks at the algorithm level.
A detailed analysis of the image is carried out in search of special features: for a printed photo, this may be a cut of a paper sheet, for a picture on a tablet, iridescent glare from external light sources on an LCD matrix, etc.
You can ask a person standing in front of the camera to shake his head up and down , turn in different directions to increase the reliability of identification and at the same time make sure that there is no “face swap” here.
The situation is somewhat more complicated if the computing module of the recognition system and the camera are not combined in one housing but interact via the Internet.
For example, a person in the course of a Zoom conference with a bank employee applies for a loan, and it is necessary to make sure whether he is who he claims to be and whose documents he presents.
Here, the danger of traffic interception already arises: an attacker imitates an image from a virtual camera on a PC, replacing his own face with a computer model on the principle of the “live masks” popular today in video chats, but much more believable.
A fake image, capable of misleading even a live operator, is sent to the video conference, so that the bank recognition system receives deliberately false information.
Liveness attacks are the least resource intensive for an attacker and therefore dangerous. But serious resources were invested in time to counter them, so that today their effectiveness is very low.
Attacks of the Adversarial class, on the contrary, are extremely difficult to execute – deep knowledge about the structure and principles of operation of this particular pattern recognition system is required. Therefore, their relevance as a practical danger is close to zero.
Deepfake deepfake strife
The deepfake itself is neither good nor bad – computational tools have objectively evolved to a state that has made it possible to realistically simulate a human face in near-real-time dynamics.
This technology has many quite respectable applications, just remember the appearance of Leia Organa in the movie Rogue One, which takes place in the Star Wars universe just before the third episode of A New Hope, filmed back in 1977.
Leia in the new tape was portrayed by actress Ingvild Deyla, but her face was replaced by the neural network-generated face of Carrie Fisher, the original Leia, who passed away in 2016.
In the same way, a famous actor can agree to the use of his face in a commercial without making adjustments to his busy schedule – an understudy and a deepfake system will do everything for him.
The entertainment industry is perhaps best suited for deepfake as a legal technology. In the same movie, when dubbing, the approach will make it possible to get rid of the annoying discrepancy between the movement of the lips of the characters on the screen and the sounds they utter.
In computer games, automatic procedural generation of believable human faces will also be in great demand – artists and 3D modelers will be able to focus more on designing armor, weapons, interiors, buildings and other elements.
The already mentioned “live masks” in video chats will become even more impressive – it will be possible not only to put a cartoon image on your face, but also change your hairstyle, hair color, acquire a very naturalistic beard or moving cat ears on the fly.
But there are many negative examples of the use of deepfakes. In social networks, where artificial intelligence tries to automatically detect bots (fake accounts used to promote blogs, raise news ratings), the emphasis is often placed on comparing profile photos with available databases.
The believable faces generated by the neural network are able to successfully deceive the AI counteracting the bots – you will have to spend the energy and time of live moderators on identifying fake accounts.
In general, the development of deepfakes for various purposes in the world today is occupied by many companies, while only a few are engaged in counteraction. There are three significant problems with recognizing deepfakes.
First: technologies are steadily developing, so that a neural network trained, roughly speaking, on last year’s data sets, will hardly distinguish new deepfakes created using the most advanced algorithms from shooting from nature. And the wider the arsenal of deepfake developers, the more difficult it becomes to identify them.
The second difficulty is that videos on the Internet are most often uploaded with decent compression. Compression algorithms suppress many details that are insignificant to the human eye, but these artifacts help neural networks determine where the deepfake is and where it is not. Training recognition systems on compressed videos still gives a lot of errors, but this area is developing extremely actively today.
And finally, we must not forget about time: identifying a deepfake with a high probability is not a quick matter. Here it is important to strike a balance depending on the task: the same social network, when searching for bots by profile photos, can afford to spend more time analyzing each picture, while the system for verifying transactions through a webcam must respond to a request in a matter of seconds. We have to constantly invent new approaches.
One way or another, both the development and detection of deepfakes today are among the most urgent IT tasks.
There is no doubt that in a couple of years this direction will reach a completely new level, which will make it possible in real time to both plausibly replace persons with legal goals, and to identify illegal attempts of such manipulations.
—
Online:
Contact us: [email protected]
Our Standards, Terms of Use: Standard Terms And Conditions.