CalvinBackup/disrupting-deepfakes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
196 Commits 1 Branch 0 Tags
a8084a8f55928882c3831e41afd5818f522122bb
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Nataniel Ruiz a8084a8f55 online
2020-03-10 16:27:27 -04:00
cyclegan
First commit.
2020-03-09 17:37:40 -04:00
ganimation
First commit.
2020-03-09 17:37:40 -04:00
imgs
online
2020-03-10 16:27:27 -04:00
pix2pixHD
First commit.
2020-03-09 17:37:40 -04:00
stargan
First commit.
2020-03-09 17:37:40 -04:00
._.DS_Store
All
2019-12-21 16:37:10 -05:00
.DS_Store
online
2020-03-10 16:27:27 -04:00
.gitignore
First commit.
2020-03-09 17:37:40 -04:00
README.md
online
2020-03-10 16:27:27 -04:00

README.md

Disrupting Deepfakes: Adversarial Attacks on Conditional Image Translation Networks

[Paper]

Official PyTorch implementation of Disrupting Deepfakes. This repository contains code for adversarial attacks (disruptions) for (conditional) image translation networks. The StarGAN, GANimation, pix2pixHD and CycleGAN networks are included - and the attacks can be adapted to any image translation network. We include adaptations of FGSM, I-FGSM and PGD attacks.

Datasets

TODO: Include download instructions for datasets.

Attack Testing

Here are bash commands for testing our vanilla attacks on each different architecture.

# StarGAN Attack Test
cd stargan
python main.py --mode test --dataset CelebA --image_size 256 --c_dim 5 --selected_attrs Black_Hair Blond_Hair Brown_Hair Male Young --model_save_dir='stargan_celeba_256/models' --result_dir='stargan_celeba_256/results_test' --test_iters 200000 --batch_size 1

# GANimation Attack Test
cd ganimation
python main.py --mode animation

# pix2pixHD Attack Test
cd pix2pixHD
python test.py --name label2city_1024p --netG local --ngf 32 --resize_or_crop none

# CycleGAN Attack Test
python test.py --dataroot datasets/horse2zebra/testA --name horse2zebra_pretrained --model test --no_dropout

If you want to change the attack method being used, look into the attack.py scripts in each architecture folder and change the number of iterations, attack magnitude and step size. You can also re-run the class transferring and blur evasion experiments on StarGAN by commenting/uncommenting lines 54-61 in stargan/main.py or modifying the stargan/solver.py script to change the attack type.

In order to change attack types for GANimation you can modify lines 386-470 by commenting out the vanilla attack and uncommenting the attack you want to run.

Attack Testing

In order to run G+D adversarial training on StarGAN run:

# StarGAN Adversarial Training
python main.py --mode train --dataset CelebA --image_size 256 --c_dim 5 --sample_dir stargan_both/samples --log_dir stargan_both/logs --model_save_dir stargan_both/models --result_dir stargan_both/results --selected_attrs Black_Hair Blond_Hair Brown_Hair Male Young

If you wish to run vanilla training or generator adversarial training, comment/uncomment the appropriate lines (l.44-49) in stargan/main.py

Image Translation Network Implementations

We use code from StarGAN, GANimation, pix2pixHD, CycleGAN and advertorch. These are all great repositories and we encourage you to check them out and cite them in your work.

Citation

If you find this work useful for your research, please cite our paper:

@article{ruiz2020disrupting,
    title={Disrupting Deepfakes: Adversarial Attacks Against Conditional Image Translation Networks and Facial Manipulation Systems},
    author={Nataniel Ruiz and Sarah Adel Bargal and Stan Sclaroff},
    year={2020},
    eprint={2003.01279},
    archivePrefix={arXiv},
    primaryClass={cs.CV}
}
Reference in New Issue View Git Blame Copy Permalink
S
Description
🔥🔥Defending Against Deepfakes Using Adversarial Attacks on Conditional Image Translation Networks
adversarial-attackscomputer-visiondeep-learningdeepfake-detectiondeepfakesdefendingdefending-deepfakesdisrupting-deepfakesface-swapfaceswapfake-newsmachine-learning
Readme 50 MiB
Languages
Python 93.3%
Jupyter Notebook 3.6%
Shell 2.1%
MATLAB 0.5%
TeX 0.4%
Other 0.1%