Metamorphic testing-based adversarial attack to fool deepfake detectors

Nyee Thoang Lim, Meng Yi Kuan, Muxin Pu, Mei Kuan Lim, Chun Yong Chong

Research output: Chapter in Book/Report/Conference proceedingConference PaperResearchpeer-review

2 Citations (Scopus)


Deepfakes utilise Artificial Intelligence (AI) techniques to create synthetic media where the likeness of one person is replaced with another. There are growing concerns that deepfakes can be maliciously used to create misleading and harmful digital contents. As deepfakes become more common, there is a dire need for deepfake detection technology to help spot deepfake media. Present deepfake detection models are able to achieve outstanding accuracy (>90%). However, most of them are limited to within-dataset scenario. Most models do not generalise well enough in cross-dataset scenario. Furthermore, state-of-the-art deepfake detection models rely on neural network-based classification models that are known to be vulnerable to adversarial attacks. Motivated by the need for a robust deepfake detection model, this study adapts metamorphic testing (MT) principles to help identify potential factors that could influence the robustness of the examined model, while overcoming the test oracle problem in this domain. Metamorphic testing is specifically chosen as the testing technique as it fits our demand to address learning-based system testing with probabilistic outcomes from largely black-box components, based on potentially large input domains. We performed our evaluations on MesoInception-4 and TwoStreamNet models, which are the state-of-the-art deepfake detection models. This study identified makeup application as an adversarial attack that could fool deepfake detectors. Our experimental results demonstrate that both the MesoInception-4 and TwoStreamNet models degrade in their performance by up to 30% when the input data is perturbed with makeup.

Original languageEnglish
Title of host publication2022 26th International Conference on Pattern Recognition, ICPR 2022
EditorsMichael Jenkin, Henrik I. Christensen, Cheng-Lin Liu
Place of PublicationPiscataway NJ USA
PublisherIEEE, Institute of Electrical and Electronics Engineers
Number of pages7
ISBN (Electronic)9781665490627
ISBN (Print)9781665490634
Publication statusPublished - 2022
EventInternational Conference on Pattern Recognition 2022 - Montreal, Canada
Duration: 21 Aug 202225 Aug 2022
Conference number: 26th (Proceedings)

Publication series

NameProceedings - International Conference on Pattern Recognition
PublisherIEEE, Institute of Electrical and Electronics Engineers
ISSN (Print)1051-4651
ISSN (Electronic)2831-7475


ConferenceInternational Conference on Pattern Recognition 2022
Abbreviated titleICPR 2022
Internet address

Cite this