Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:05 AM

Deepfake Detection Poses Problematic Technology Race

Experts hold out little hope for a robust technical solution in the long term.

With disinformation concerns increasing as the US presidential election approaches, industry and academic researchers continue to investigate ways of detecting misleading or fake content generated using deep neural networks, so-called "deepfakes."

While there have been successes — for example, focusing on artifacts such as the unnatural blinking of eyes has resulted in high accuracy rates — a key problem in the arms race between attackers and defenders remains: The neural networks used to create deepfake videos are automatically tested against a variety of techniques intended to detect manipulated media, and the latest defensive detection technologies can easily be included. The feedback loop used to create deepfakes is similar in approach — if not in technology — to the fully undetectable (FUD) services that allow malware to be automatically scrambled in a way to dodge signature-based detection technology.

Related Content:

The Rise of Deepfakes and What That Means for Identity Fraud

The Threat from the Internet—and What Your Organization Can Do About It

New on The Edge: Don't Fall for It! Defending Against Deepfakes

Detecting artifacts is ultimately a losing proposition, says Yisroel Mirsky, a post-doctoral fellow in cybersecurity at the Georgia Institute of Technology and co-author of a paper that surveyed the current state of deepfake creation and detection technologies.

"The defensive side is all doing the same thing," he says. "They are either looking for some sort of artifact that is specific to the deepfake generator or applying some generic classifier for some architecture or another. We need to look at solutions that are out of band."

The problem is well known among researchers. Take Microsoft's Sept. 1 announcement of a tool designed to help detect deepfake videos. The Microsoft Video Authenticator detects possible deepfakes by finding the boundary between inserted images and the original video, providing a score for the video as it plays.

While the technology is being released as a way to detect issues during the election cycle, Microsoft warned that disinformation groups will quickly adapt.

"The fact that [the images are] generated by AI that can continue to learn makes it inevitable that they will beat conventional detection technology," said Tom Burt, corporate vice president of customer security and trust, and Eric Horvitz, chief scientific officer, in a blog post describing the technology. "However, in the short run, such as the upcoming US election, advanced detection technologies can be a useful tool to help discerning users identify deepfakes."

Microsoft is not alone in considering current deepfake detection technology as a temporary fix. In its Deep Fake Detection Challenge (DFC) in early summer, Facebook found the winning algorithm only accurately detected fake videos about two-thirds of the time. 

"[T]he DFDC results also show that this is still very much an unsolved problem," the company said in its announcement. "None of the 2,114 participants, which included leading experts from around the globe, achieved 70 percent accuracy on unseen deepfakes in the black box data set." 

In fact, calling the competition between attackers and defenders an "arms race" is a bit of a misnomer because the advances in technology will likely mean that realistic fake videos that cannot be detected by technology will become a reality not too far in the future, says Alex Engler, the Rubenstein Fellow in governance studies at the Brookings Institute, a policy think tank.

"We have not see a dramatic improvement in deepfakes, and we haven't really a super-convincing deepfake video, but am I optimistic about the long-term view? Not really," he says. "They are going to get better. Eventually there will not be an empirical way to tell the difference between a deepfake and a legitimate video."

In a policy paper, Engler argued that policy-makers will need to plan for the future when deepfake technology is widespread and sophisticated.

On the technical side, like the anti-malware industry, there are two likely routes that deepfake detection will take. Some companies are creating ways of signing video as proof that it has not been modified. Microsoft, for example, unveiled a signing technology with a browser plug-in that the company said can be used to verify the legitimacy of videos.  

"In the longer term, we must seek stronger methods for maintaining and certifying the authenticity of news articles and other media," Burt and Hovitz wrote. "There are few tools today to help assure readers that the media they're seeing online came from a trusted source and that it wasn't altered." 

Another avenue of research is to look for other signs that a video has been modified. With machine-learning algorithms capable of turning videos into a series of content and metadata — from a transcription of any speech in the video to the location of where the video was taken — creating content-based detection algorithms could be a possibility, Georgia Tech's Mirsky says. 

"Just like malware, if you have a technique that can look at the actual content, that is helpful," he says. "It is very important because it raises the bar for the attacker. They can mitigate 90% of attacks, but the issue is that an adversary like a nation-state actor who has plenty of time and effort to refine the deepfake, it becomes very, very challenging to detect these attacks."


Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT's Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-24
A potential vulnerability has been identified in HPE OneView Global Dashboard release 2.31 which could lead to a local disclosure of privileged information. HPE has provided an update to OneView Global Dashboard. The issue is resolved in 2.32.
PUBLISHED: 2021-06-24
Improper sanitization of path in default RouteNotFoundError view in com.vaadin:flow-server versions 1.0.0 through 1.0.14 (Vaadin 10.0.0 through 10.0.18), 1.1.0 prior to 2.0.0 (Vaadin 11 prior to 14), 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), and 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 1...
PUBLISHED: 2021-06-24
URL encoding error in development mode handler in com.vaadin:flow-server versions 2.0.0 through 2.6.1 (Vaadin 14.0.0 through 14.6.1), 3.0.0 through 6.0.9 (Vaadin 15.0.0 through 19.0.8) allows local user to execute arbitrary JavaScript code by opening crafted URL in browser.
PUBLISHED: 2021-06-24
The vgacon subsystem in the Linux kernel before 5.8.10 mishandles software scrollback. There is a vgacon_scrolldelta out-of-bounds read, aka CID-973c096f6a85.
PUBLISHED: 2021-06-24
A vulnerability in agent program of HelpU remote control solution could allow an authenticated remote attacker to execute arbitrary commands This vulnerability is due to insufficient input santization when communicating customer process.