{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"近年來,Deepfake圖像做得越來越逼真了。在某些情況下,人類甚至沒法輕易看出這些圖像與真實圖像之間的區別。儘管Deepfake圖像的檢測仍然是業界面對的一大挑戰,但由於這項技術的水平越來越高,檢測它的動機也越來越充分,例如:如果Deepfake圖像不僅是爲了娛樂和技術展示用途,而被用於大規模欺詐行爲該怎麼辦?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"今天,我們與密歇根州立大學(MSU)合作,展示了一種檢測和歸因(attributing)Deepfake圖像的研究方法,這種方法的基礎是對單張AI生成圖像的生成模型的逆向工程。我們的方法將推動真實世界環境中的Deepfake圖像檢測和跟蹤研究,現實中Deepfake圖像本身通常是檢測器唯一能用到的信息。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/5b\/1e\/5befed249ecba774c906547eeacd741e.jpg","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"爲什麼要逆向工程?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"當前討論Deepfake圖像的方法側重於判斷圖像是真實的還是Deepfake(檢測),或識別圖像是否由訓練期間看到的模型生成(基於“封閉集”分類的圖像歸因)。但是,要想應對Deepfake圖像激增的趨勢,需要更進一步的研究,並設法將圖像歸因(image attribution)擴展到訓練中存在的有限模型集之外。重點在於超越封閉的圖像歸因方法限制,因爲Deepfake圖像可能是用在訓練中沒見過的生成模型來創建的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"逆向工程是解決Deepfake圖像問題的另一種方式,但它在機器學習中並不是一個新概念。之前關於逆向工程ML模型的研究是通過檢查其輸入\/輸出對來獲得模型的,這種方法將模型本身視爲一個黑匣子。另一種方法假設硬件信息(例如CPU和內存使用情況)在模型推理期間是可用的。這兩種方法都依賴關於模型本身的先驗知識,這限制了它們在現實世界中的實用性,因爲這些信息通常是不可用的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}},{"type":"strong"}],"text":"我們的逆向工程方法的基礎是找出用於生成單個Deepfake圖像的AI模型背後的獨特模式。"},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"我們從圖像歸因開始,然後設法發現用於生成圖像的模型屬性。將圖像歸因泛化到開放集識別後,我們就可以推理出用於創建Deepfake圖像的生成模型的更多信息,而不只是判斷出某個模型是從未見過的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"通過追蹤一組Deepfake圖像模式之間的相似性,我們還可以判斷一系列圖像是否來自單一來源。這種檢測哪些Deepfake圖像是從同一AI模型生成的能力,可以用來發現使用大量Deepfake圖像發起的誤導宣傳或其他惡意攻擊的實例。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"工作機制"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"我們首先通過一個指紋估計網絡(FEN)運行一個Deepfake圖像,以估計生成模型留下的指紋細節。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"設備指紋是由特定設備由於生成過程中的缺陷,在每個圖像上留下的微妙但獨特的圖案。在數碼攝影中,指紋是用來識別用於生成圖像的數碼相機的。與設備指紋類似,圖像指紋是由生成模型在生成的圖像上留下的獨特模式,同樣可用於識別圖像的生成模型。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/81\/0f\/811b0f7408dc26464b77590c41f37e0f.jpg","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"在深度學習時代之前,研究人員一般使用一套小型的、手工製作的、衆所周知的工具來生成照片。這些生成模型的指紋是通過他們手工製作時留下的特徵來估計的。深度學習讓可用於生成圖像的工具集變得無窮無盡,讓研究人員無法通過手工製作的特徵來識別特定的“信號”或指紋屬性。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"爲了應對這種無限的可能性,我們使用指紋的屬性作爲開發約束來執行無監督訓練。換句話說,我們根據指紋的常見屬性使用不同的約束來估計指紋,包括指紋大小、重複性、頻率範圍和對稱頻率響應等。然後我們使用不同的損失函數將這些約束應用於FEN,強制它生成的指紋具有這些所需的屬性。一旦指紋生成完成,指紋就可以用作模型解析的輸入。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"模型解析是一個新問題,它使用估計的生成模型指紋來預測模型的超參數,即構成模型架構的屬性,包括網絡層數、塊數和每個塊中使用的操作類型。模型的超參數影響它生成的Deepfake圖像類型的一個例子是,它的訓練損失函數指導模型的訓練方式。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"模型的網絡架構及其訓練損失函數類型都會影響其權重,從而影響其生成圖像的方式。爲了更好地理解超參數,我們可以將生成模型視爲一種汽車,將其超參數視爲各種特定的發動機組件。不同的汽車可能看起來很相似,但在引擎蓋下,它們可能有着非常不同的發動機和截然不同的組件。我們的逆向工程技術有點像根據汽車的聲音來識別汽車的組件,即使這是我們以前從未聽過聲音的新車。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"通過我們的模型解析方法,我們同時估計用於創建Deepfake圖像的模型的網絡架構及其訓練損失函數。我們對網絡架構中的一些連續參數做了歸一化以便於訓練,並且還進行了分層學習以對損失函數類型進行分類。由於各個生成模型在網絡架構和訓練損失函數方面大都是不一樣的,因此從Deepfake或生成圖像到超參數空間的映射,使我們能夠獲得用於創建它的模型特徵的關鍵信息。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"爲了測試這一方法,MSU研究團隊用了一個僞造圖像數據集,其中包含從100個公開可用的生成模型生成的100,000張合成圖像。100個生成模型各對應一個由整個科學界的研究人員開發和共享的開源項目。一些開源項目已經發布了僞造圖像,在這種情況下MSU研究團隊隨機選擇1,000張圖像。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"在開源項目沒有任何可用的僞造圖像的情況下,研究團隊會運行他們發佈的代碼來生成1,000張合成圖像。鑑於測試圖像可能來自現實世界中一個未曾見過的生成模型,研究團隊通過交叉驗證來模擬現實世界的應用程序,以在我們數據集的不同分割上訓練和評估我們的模型。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"我們的結果"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"由於我們是第一個做模型解析的團隊,因此沒有現有的對比基線。我們隨機打亂了ground-truth集中的每個超參數,形成了一個稱爲隨機gt的基線。這些隨機gt向量保持原始分佈。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"結果表明,我們方法的性能明顯優於隨機gt基線。這表明,與相同長度和分佈的隨機向量相比,生成的圖像與有意義的架構超參數和損失函數類型的嵌入空間之間確實存在更強的廣義相關性。我們還進行了消融研究,以證明指紋估計和分層學習的有效性。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/82\/e6\/82dcaae3b2c255acfc286744c1a9e2e6.jpg","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"從100個GM中生成的圖像在左側生成估計的指紋,在右側生成對應的頻譜。許多頻譜顯示的高頻信號是不一樣的,而有些似乎比較相似。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"除了模型解析之外,我們的FEN還可用於Deepfake圖像檢測和圖像歸因。對於這兩個任務,我們添加了一個淺層網絡,輸入估計的指紋並執行二進制(Deepfake圖像檢測)或多類分類(圖像歸因)。雖然我們的指紋估計不是爲這些任務量身定製的,但我們仍然取得了有競爭力的一流成果,表明我們的指紋估計具有優良的泛化能力。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"發展對社會負責任的人工智能技術一直是我們的優先戰略,所以我們會盡可能採用以人爲中心的研究方法。來自100個生成模型的Deepfake圖像的多樣化集合,意味着我們的模型是用有代表性的選項構建的,並且有着更好的泛化人類和非人類表徵的能力。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"儘管用於生成Deepfake圖像的一些原始圖像是公開可用的面部數據集中真實個體的圖像,但MSU研究團隊使用的是Deepfake圖像(而不是用於創建它們的原始圖像)來做取證式分析。由於這種方法會將Deepfake圖像解構爲指紋,因此MSU研究團隊分析了這種模型是否可以將指紋映射回原始圖像內容。結果表明沒有發生這種情況,這證實了指紋主要包含生成模型留下的痕跡,而不是原始Deepfake圖像的內容。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"用於本研究的所有僞造人臉圖像均由MSU生成。逆向工程過程的相關實驗也都在MSU進行。MSU將向更廣泛的研究社區開源數據集、代碼和訓練模型,以促進各個領域的研究,包括Deepfake圖像檢測、圖像歸因和生成模型的逆向工程。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"研究的意義"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"我們的研究突破了Deepfake檢測的現有侷限,引入了更適合現實環境部署的模型解析概念。這項工作將爲研究人員和從業人員提供工具,幫助他們更好地調查使用Deepfake圖像發起的大規模信息誤導事件,併爲未來的研究開闢新的方向。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"MSU的代碼、數據集和訓練模型("},{"type":"link","attrs":{"href":"https:\/\/github.com\/vishal3477\/Reverse_Engineering_GMs?fbclid=IwAR1bZrM484AT-CDEKGiaKXbn4sLYC_Ydwt6CZWo0W8xfeFkvpWeEqzhjQxg","title":null,"type":null},"content":[{"type":"text","text":"https:\/\/github.com\/vishal3477\/Reverse_Engineering_GMs?fbclid=IwAR1bZrM484AT-CDEKGiaKXbn4sLYC_Ydwt6CZWo0W8xfeFkvpWeEqzhjQxg"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":")"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"模型解析是與密歇根州立大學的Vishal Asnani和Xiaoming Liu合作開發的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}},{"type":"strong"}],"text":"原文鏈接:"},{"type":"link","attrs":{"href":"https:\/\/ai.facebook.com\/blog\/reverse-engineering-generative-model-from-a-single-deepfake-image","title":null,"type":null},"content":[{"type":"text","text":"https:\/\/ai.facebook.com\/blog\/reverse-engineering-generative-model-from-a-single-deepfake-image"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]}]}]}
Deepfake逆向工程的檢測與溯源方法
{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"近年來,Deepfake圖像做得越來越逼真了。在某些情況下,人類甚至沒法輕易看出這些圖像與真實圖像之間的區別。儘管Deepfake圖像的檢測仍然是業界面對的一大挑戰,但由於這項技術的水平越來越高,檢測它的動機也越來越充分,例如:如果Deepfake圖像不僅是爲了娛樂和技術展示用途,而被用於大規模欺詐行爲該怎麼辦?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"今天,我們與密歇根州立大學(MSU)合作,展示了一種檢測和歸因(attributing)Deepfake圖像的研究方法,這種方法的基礎是對單張AI生成圖像的生成模型的逆向工程。我們的方法將推動真實世界環境中的Deepfake圖像檢測和跟蹤研究,現實中Deepfake圖像本身通常是檢測器唯一能用到的信息。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/5b\/1e\/5befed249ecba774c906547eeacd741e.jpg","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"爲什麼要逆向工程?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"當前討論Deepfake圖像的方法側重於判斷圖像是真實的還是Deepfake(檢測),或識別圖像是否由訓練期間看到的模型生成(基於“封閉集”分類的圖像歸因)。但是,要想應對Deepfake圖像激增的趨勢,需要更進一步的研究,並設法將圖像歸因(image attribution)擴展到訓練中存在的有限模型集之外。重點在於超越封閉的圖像歸因方法限制,因爲Deepfake圖像可能是用在訓練中沒見過的生成模型來創建的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"逆向工程是解決Deepfake圖像問題的另一種方式,但它在機器學習中並不是一個新概念。之前關於逆向工程ML模型的研究是通過檢查其輸入\/輸出對來獲得模型的,這種方法將模型本身視爲一個黑匣子。另一種方法假設硬件信息(例如CPU和內存使用情況)在模型推理期間是可用的。這兩種方法都依賴關於模型本身的先驗知識,這限制了它們在現實世界中的實用性,因爲這些信息通常是不可用的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}},{"type":"strong"}],"text":"我們的逆向工程方法的基礎是找出用於生成單個Deepfake圖像的AI模型背後的獨特模式。"},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"我們從圖像歸因開始,然後設法發現用於生成圖像的模型屬性。將圖像歸因泛化到開放集識別後,我們就可以推理出用於創建Deepfake圖像的生成模型的更多信息,而不只是判斷出某個模型是從未見過的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"通過追蹤一組Deepfake圖像模式之間的相似性,我們還可以判斷一系列圖像是否來自單一來源。這種檢測哪些Deepfake圖像是從同一AI模型生成的能力,可以用來發現使用大量Deepfake圖像發起的誤導宣傳或其他惡意攻擊的實例。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"工作機制"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"我們首先通過一個指紋估計網絡(FEN)運行一個Deepfake圖像,以估計生成模型留下的指紋細節。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"設備指紋是由特定設備由於生成過程中的缺陷,在每個圖像上留下的微妙但獨特的圖案。在數碼攝影中,指紋是用來識別用於生成圖像的數碼相機的。與設備指紋類似,圖像指紋是由生成模型在生成的圖像上留下的獨特模式,同樣可用於識別圖像的生成模型。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/81\/0f\/811b0f7408dc26464b77590c41f37e0f.jpg","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"在深度學習時代之前,研究人員一般使用一套小型的、手工製作的、衆所周知的工具來生成照片。這些生成模型的指紋是通過他們手工製作時留下的特徵來估計的。深度學習讓可用於生成圖像的工具集變得無窮無盡,讓研究人員無法通過手工製作的特徵來識別特定的“信號”或指紋屬性。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"爲了應對這種無限的可能性,我們使用指紋的屬性作爲開發約束來執行無監督訓練。換句話說,我們根據指紋的常見屬性使用不同的約束來估計指紋,包括指紋大小、重複性、頻率範圍和對稱頻率響應等。然後我們使用不同的損失函數將這些約束應用於FEN,強制它生成的指紋具有這些所需的屬性。一旦指紋生成完成,指紋就可以用作模型解析的輸入。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"模型解析是一個新問題,它使用估計的生成模型指紋來預測模型的超參數,即構成模型架構的屬性,包括網絡層數、塊數和每個塊中使用的操作類型。模型的超參數影響它生成的Deepfake圖像類型的一個例子是,它的訓練損失函數指導模型的訓練方式。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"模型的網絡架構及其訓練損失函數類型都會影響其權重,從而影響其生成圖像的方式。爲了更好地理解超參數,我們可以將生成模型視爲一種汽車,將其超參數視爲各種特定的發動機組件。不同的汽車可能看起來很相似,但在引擎蓋下,它們可能有着非常不同的發動機和截然不同的組件。我們的逆向工程技術有點像根據汽車的聲音來識別汽車的組件,即使這是我們以前從未聽過聲音的新車。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"通過我們的模型解析方法,我們同時估計用於創建Deepfake圖像的模型的網絡架構及其訓練損失函數。我們對網絡架構中的一些連續參數做了歸一化以便於訓練,並且還進行了分層學習以對損失函數類型進行分類。由於各個生成模型在網絡架構和訓練損失函數方面大都是不一樣的,因此從Deepfake或生成圖像到超參數空間的映射,使我們能夠獲得用於創建它的模型特徵的關鍵信息。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"爲了測試這一方法,MSU研究團隊用了一個僞造圖像數據集,其中包含從100個公開可用的生成模型生成的100,000張合成圖像。100個生成模型各對應一個由整個科學界的研究人員開發和共享的開源項目。一些開源項目已經發布了僞造圖像,在這種情況下MSU研究團隊隨機選擇1,000張圖像。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"在開源項目沒有任何可用的僞造圖像的情況下,研究團隊會運行他們發佈的代碼來生成1,000張合成圖像。鑑於測試圖像可能來自現實世界中一個未曾見過的生成模型,研究團隊通過交叉驗證來模擬現實世界的應用程序,以在我們數據集的不同分割上訓練和評估我們的模型。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"我們的結果"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"由於我們是第一個做模型解析的團隊,因此沒有現有的對比基線。我們隨機打亂了ground-truth集中的每個超參數,形成了一個稱爲隨機gt的基線。這些隨機gt向量保持原始分佈。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"結果表明,我們方法的性能明顯優於隨機gt基線。這表明,與相同長度和分佈的隨機向量相比,生成的圖像與有意義的架構超參數和損失函數類型的嵌入空間之間確實存在更強的廣義相關性。我們還進行了消融研究,以證明指紋估計和分層學習的有效性。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https:\/\/static001.infoq.cn\/resource\/image\/82\/e6\/82dcaae3b2c255acfc286744c1a9e2e6.jpg","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"從100個GM中生成的圖像在左側生成估計的指紋,在右側生成對應的頻譜。許多頻譜顯示的高頻信號是不一樣的,而有些似乎比較相似。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"除了模型解析之外,我們的FEN還可用於Deepfake圖像檢測和圖像歸因。對於這兩個任務,我們添加了一個淺層網絡,輸入估計的指紋並執行二進制(Deepfake圖像檢測)或多類分類(圖像歸因)。雖然我們的指紋估計不是爲這些任務量身定製的,但我們仍然取得了有競爭力的一流成果,表明我們的指紋估計具有優良的泛化能力。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"發展對社會負責任的人工智能技術一直是我們的優先戰略,所以我們會盡可能採用以人爲中心的研究方法。來自100個生成模型的Deepfake圖像的多樣化集合,意味着我們的模型是用有代表性的選項構建的,並且有着更好的泛化人類和非人類表徵的能力。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"儘管用於生成Deepfake圖像的一些原始圖像是公開可用的面部數據集中真實個體的圖像,但MSU研究團隊使用的是Deepfake圖像(而不是用於創建它們的原始圖像)來做取證式分析。由於這種方法會將Deepfake圖像解構爲指紋,因此MSU研究團隊分析了這種模型是否可以將指紋映射回原始圖像內容。結果表明沒有發生這種情況,這證實了指紋主要包含生成模型留下的痕跡,而不是原始Deepfake圖像的內容。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"用於本研究的所有僞造人臉圖像均由MSU生成。逆向工程過程的相關實驗也都在MSU進行。MSU將向更廣泛的研究社區開源數據集、代碼和訓練模型,以促進各個領域的研究,包括Deepfake圖像檢測、圖像歸因和生成模型的逆向工程。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"研究的意義"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"我們的研究突破了Deepfake檢測的現有侷限,引入了更適合現實環境部署的模型解析概念。這項工作將爲研究人員和從業人員提供工具,幫助他們更好地調查使用Deepfake圖像發起的大規模信息誤導事件,併爲未來的研究開闢新的方向。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"MSU的代碼、數據集和訓練模型("},{"type":"link","attrs":{"href":"https:\/\/github.com\/vishal3477\/Reverse_Engineering_GMs?fbclid=IwAR1bZrM484AT-CDEKGiaKXbn4sLYC_Ydwt6CZWo0W8xfeFkvpWeEqzhjQxg","title":null,"type":null},"content":[{"type":"text","text":"https:\/\/github.com\/vishal3477\/Reverse_Engineering_GMs?fbclid=IwAR1bZrM484AT-CDEKGiaKXbn4sLYC_Ydwt6CZWo0W8xfeFkvpWeEqzhjQxg"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]},{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":")"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":"模型解析是與密歇根州立大學的Vishal Asnani和Xiaoming Liu合作開發的。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}],"text":" "}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}},{"type":"strong"}],"text":"原文鏈接:"},{"type":"link","attrs":{"href":"https:\/\/ai.facebook.com\/blog\/reverse-engineering-generative-model-from-a-single-deepfake-image","title":null,"type":null},"content":[{"type":"text","text":"https:\/\/ai.facebook.com\/blog\/reverse-engineering-generative-model-from-a-single-deepfake-image"}],"marks":[{"type":"color","attrs":{"color":"#494949","name":"user"}}]}]}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章