The current high-fidelity generation and high-precision detection of DeepFake images are at an arms race. We believe that producing DeepFakes that are highly realistic and 'detection evasive' can serve the ultimate goal of improving future generation DeepFake detection capabilities. In this paper, we propose a simple yet powerful pipeline to reduce the artifact patterns of fake images without hurting image quality by performing implicit spatial-domain notch filtering. We first demonstrate that frequency-domain notch filtering, although famously shown to be effective in removing periodic noise in the spatial domain, is infeasible for our task at hand due to the manual designs required for the notch filters. We, therefore, resort to a learning-based approach to reproduce the notch filtering effects, but solely in the spatial domain. We adopt a combination of adding overwhelming spatial noise for breaking the periodic noise pattern and deep image filtering to reconstruct the noise-free fake images, and we name our method DeepNotch. Deep image filtering provides a specialized filter for each pixel in the noisy image, producing filtered images with high fidelity compared to their DeepFake counterparts. Moreover, we also use the semantic information of the image to generate an adversarial guidance map to add noise intelligently. Our large-scale evaluation on 3 representative state-of-the-art DeepFake detection methods (tested on 16 types of DeepFakes) has demonstrated that our technique significantly reduces the accuracy of these 3 fake image detection methods, 36.79% on average and up to 97.02% in the best case.

翻译：当前，深度伪造图像的高保真生成与高精度检测正处于军备竞赛状态。我们认为，生成既高度逼真又能"逃避检测"的深度伪造内容，可服务于提升未来世代深度伪造检测能力的终极目标。本文提出一种简洁而强大的流水线，通过执行隐式空间域陷波滤波，在不损伤图像质量的前提下减少伪造图像的伪影模式。我们首先证明，频域陷波滤波虽在空间域去除周期性噪声方面效果显著，但因其滤器需人工设计而无法直接应用于当前任务。为此，我们转向基于学习的方法，完全在空间域复现陷波滤波效果。我们采用叠加过量空间噪声以打破周期性噪声模式，并结合深度图像滤波重建无噪声伪造图像，将此方法命名为DeepNotch。深度图像滤波能为含噪图像中的每个像素提供专属滤波器，生成的滤波图像与原始深度伪造图像相比具有极高保真度。此外，我们还利用图像的语义信息生成对抗性引导图，从而智能地添加噪声。针对3种代表性先进深度伪造检测方法（涵盖16类深度伪造类型）的大规模评估表明，我们的技术可将这3种伪造图像检测方法的平均准确率降低36.79%，最佳情况下降低97.02%。