Notwithstanding offering convenience and entertainment to society, Deepfake face swapping has caused critical privacy issues with the rapid development of deep generative models. Due to imperceptible artifacts in high-quality synthetic images, passive detection models against face swapping in recent years usually suffer performance damping regarding the generalizability issue. Therefore, several studies have been attempted to proactively protect the original images against malicious manipulations by inserting invisible signals in advance. However, the existing proactive defense approaches demonstrate unsatisfactory results with respect to visual quality, detection accuracy, and source tracing ability. In this study, to fulfill the research gap, we propose the first robust identity perceptual watermarking framework that concurrently performs detection and source tracing against Deepfake face swapping proactively. We assign identity semantics regarding the image contents to the watermarks and devise an unpredictable and nonreversible chaotic encryption system to ensure watermark confidentiality. The watermarks are encoded and recovered by jointly training an encoder-decoder framework along with adversarial image manipulations. Falsification and source tracing are accomplished by justifying the consistency between the content-matched identity perceptual watermark and the recovered robust watermark from the image. Extensive experiments demonstrate state-of-the-art detection performance on Deepfake face swapping under both cross-dataset and cross-manipulation settings.

翻译：尽管深度伪造换脸技术为社会提供了便利与娱乐，但随着深度生成模型的快速发展，该技术已引发严重的隐私问题。由于高质量合成图像中存在难以察觉的伪影，近年来针对换脸攻击的被动检测模型通常因泛化能力不足而导致性能衰减。为此，部分研究尝试通过预先嵌入不可见信号来主动保护原始图像免受恶意篡改。然而，现有主动防御方法在视觉质量、检测精度和溯源能力方面仍存在不足。为填补该研究空白，本文首次提出一种鲁棒身份感知水印框架，能够主动实现面向深度伪造换脸攻击的检测与溯源。我们将图像内容的身份语义赋予水印，并设计不可预测、不可逆的混沌加密系统以确保水印机密性。通过联合训练编码器-解码器框架并引入对抗性图像篡改，实现水印的嵌入与恢复。通过验证内容匹配的身份感知水印与从图像中恢复的鲁棒水印之间的一致性，完成伪造检测与来源追踪。大量实验表明，本方法在跨数据集和跨篡改类型的深度伪造换脸检测任务中均达到业界领先水平。