具有隐私保护特性的深度伪造人脸检测模型

A Deepfake Face Image Detection Model Supporting Privacy Protection

现有伪脸检测研究都是在明文条件下开展,而人脸图像具有重要的隐私性.因此,基于加性秘密分享框架,提出一种具有隐私保护特性的深度伪造人脸图像检测模型.首先在现有基础运算协议的基础上,构建4个安全通信协议,并通过理论分析证明了它们的安全性和正确性;然后使用不共谋的双服务器构建一个类明文的环境,在构建的安全通信协议支持下,双服务器中预训练好的ResNet50模型交互协同计算;最后综合双服务器的运算结果,在不暴露输入的情况下实现安全伪脸检测.在公开数据集FaceForensics++,Celeb-DF和DFDC上的实验结果表明,所提模型能够在实现支持隐私保护的前提下,与明文条件下的ResNet50模型准确率保持一致;所提出的隐私保护模型也适用于ResNet50之外的其他明文SOTA伪脸检测模型,如Xception和EfficientNet-B0等.

Existing researches on deepfake face detection are all performed under plaintext conditions,while face images are with significant privacy.Therefore,a deepfake detection model with privacy-preserving properties is proposed based on the additive secret sharing framework.Firstly,four secure communication protocols are constructed on the basis of the existing fundamental computing protocols.Secondly,a non-colluding dual server is used to construct a plaintext-like environment.With the support of the constructed secure communication protocols,the pre-trained ResNet50 models in dual servers compute interactively and cooperatively.Finally,the results of the dual servers are merged to achieve secure deepfake detection without exposing the input.The security and correctness of the proposed protocols are proved by theoretical analysis.Experiments on the public datasets FaceForensics++,Celeb-DF and DFDC further prove that the proposed security detection model can achieve the same accuracy as its corresponding plain text ResNet50 model under the premise of supporting privacy protection.Furthermore,the proposed privacy preservation model is also applicable to other plaintext state-of-the-art deepfake detection models,such as Xception and EfficientNet-B0.