The current high-fidelity generation and high-precision detection of DeepFake images are at an arms race. We believe that producing DeepFakes that are highly realistic and 'detection evasive' can serve the ultimate goal of improving future generation DeepFake detection capabilities. In this paper, we propose a simple yet powerful pipeline to reduce the artifact patterns of fake images without hurting image quality by performing implicit spatial-domain notch filtering. We first demonstrate that frequency-domain notch filtering, although famously shown to be effective in removing periodic noise in the spatial domain, is infeasible for our task at hand due to the manual designs required for the notch filters. We, therefore, resort to a learning-based approach to reproduce the notch filtering effects, but solely in the spatial domain. We adopt a combination of adding overwhelming spatial noise for breaking the periodic noise pattern and deep image filtering to reconstruct the noise-free fake images, and we name our method DeepNotch. Deep image filtering provides a specialized filter for each pixel in the noisy image, producing filtered images with high fidelity compared to their DeepFake counterparts. Moreover, we also use the semantic information of the image to generate an adversarial guidance map to add noise intelligently. Our large-scale evaluation on 3 representative state-of-the-art DeepFake detection methods (tested on 16 types of DeepFakes) has demonstrated that our technique significantly reduces the accuracy of these 3 fake image detection methods, 36.79% on average and up to 97.02% in the best case.

翻译：当前深度伪造图像的高保真生成与高精度检测正处于军备竞赛阶段。我们认为，生成高度逼真且具备“检测规避”能力的深度伪造图像，最终将服务于提升下一代深度伪造检测能力的目标。本文提出一种简洁而强大的处理流程，通过执行隐式空间域陷波滤波，在不损害图像质量的前提下减少伪造图像的伪影模式。我们首先证明，频域陷波滤波虽然以有效消除空间域周期性噪声而著称，但由于需要手工设计陷波滤波器，不适用于当前任务。因此，我们采用基于学习的方法，仅在空间域中复现陷波滤波效果。我们结合添加大规模空间噪声以打破周期性噪声模式，以及深度图像滤波以重建无噪声伪造图像，并将该方法命名为DeepNotch。深度图像滤波为含噪图像中每个像素提供专用滤波器，生成与原始深度伪造图像相比具有高保真度的滤波图像。此外，我们还利用图像的语义信息生成对抗性引导图，以智能地添加噪声。在3种代表性先进深度伪造检测方法（针对16种深度伪造类型进行测试）上的大规模评估表明，我们的技术显著降低了这3种伪造图像检测方法的准确率，平均降低36.79%，最佳情况下降幅达97.02%。