The current high-fidelity generation and high-precision detection of DeepFake images are at an arms race. We believe that producing DeepFakes that are highly realistic and 'detection evasive' can serve the ultimate goal of improving future generation DeepFake detection capabilities. In this paper, we propose a simple yet powerful pipeline to reduce the artifact patterns of fake images without hurting image quality by performing implicit spatial-domain notch filtering. We first demonstrate that frequency-domain notch filtering, although famously shown to be effective in removing periodic noise in the spatial domain, is infeasible for our task at hand due to the manual designs required for the notch filters. We, therefore, resort to a learning-based approach to reproduce the notch filtering effects, but solely in the spatial domain. We adopt a combination of adding overwhelming spatial noise for breaking the periodic noise pattern and deep image filtering to reconstruct the noise-free fake images, and we name our method DeepNotch. Deep image filtering provides a specialized filter for each pixel in the noisy image, producing filtered images with high fidelity compared to their DeepFake counterparts. Moreover, we also use the semantic information of the image to generate an adversarial guidance map to add noise intelligently. Our large-scale evaluation on 3 representative state-of-the-art DeepFake detection methods (tested on 16 types of DeepFakes) has demonstrated that our technique significantly reduces the accuracy of these 3 fake image detection methods, 36.79% on average and up to 97.02% in the best case.

翻译：当前高保真生成与高精度检测的深度伪造图像处于军备竞赛状态。我们认为，生成高度逼真且具备'检测规避性'的深度伪造内容，能够服务于提升未来深度伪造检测能力的终极目标。本文提出一种简洁而强大的流程，通过执行隐式空间域陷波滤波，在不损害图像质量的前提下减少伪造图像的伪影模式。我们首先证明：频域陷波滤波虽在空间域周期性噪声去除方面效果显著，但因其陷波滤波器需人工设计而无法适用于当前任务。因此，我们采用基于学习的方法，仅在空间域复现陷波滤波效果。我们结合添加过量空间噪声以破坏周期性噪声模式，与深度图像滤波重建无噪声伪造图像，并将所提方法命名为DeepNotch。深度图像滤波器为含噪图像中的每个像素提供特定滤波核，生成相较于原始深度伪造图像具有高保真度的滤波图像。此外，我们利用图像语义信息生成对抗性引导图，实现噪声的智能添加。基于3种代表性最新深度伪造检测方法（针对16类深度伪造测试）的大规模评估表明，本技术显著降低了这3种伪造图像检测方法的准确率，平均降低36.79%，最优情况下可达97.02%。