Deepfake CAPTCHA: A Method for Preventing Fake Calls

View on arXiv ← Back to list

Authors: Lior Yasur, Guy Frankovits, Fred M. Grabovski, Yisroel Mirsky

Published: 2023-01-08 15:34:19+00:00

AI Summary

This paper proposes D-CAPTCHA, an active defense against real-time deepfakes, primarily focusing on audio. Unlike passive detection, D-CAPTCHA challenges the deepfake model to generate content beyond its current capabilities, causing distortions that make detection easier. The system focuses on the AI's ability to create content rather than classify it, enhancing deepfake detection accuracy.

Abstract

Deep learning technology has made it possible to generate realistic content of specific individuals. These `deepfakes' can now be generated in real-time which enables attackers to impersonate people over audio and video calls. Moreover, some methods only need a few images or seconds of audio to steal an identity. Existing defenses perform passive analysis to detect fake content. However, with the rapid progress of deepfake quality, this may be a losing game. In this paper, we propose D-CAPTCHA: an active defense against real-time deepfakes. The approach is to force the adversary into the spotlight by challenging the deepfake model to generate content which exceeds its capabilities. By doing so, passive detection becomes easier since the content will be distorted. In contrast to existing CAPTCHAs, we challenge the AI's ability to create content as opposed to its ability to classify content. In this work we focus on real-time audio deepfakes and present preliminary results on video. In our evaluation we found that D-CAPTCHA outperforms state-of-the-art audio deepfake detectors with an accuracy of 91-100% depending on the challenge (compared to 71% without challenges). We also performed a study on 41 volunteers to understand how threatening current real-time deepfake attacks are. We found that the majority of the volunteers could not tell the difference between real and fake audio.

Key findings
The D-CAPTCHA system significantly improved deepfake detection, achieving an accuracy of 91-100% and a True Positive Rate (TPR) of 0.89-1.00 when challenges were used, compared to a baseline accuracy of 71% (TPR 0.66) for traditional passive detection. This demonstrates that actively challenging deepfake models effectively exposes their limitations through generated distortions. Human perception studies also revealed that a significant percentage of volunteers could not distinguish between real and fake audio, underscoring the necessity of robust active defense mechanisms.
Approach
D-CAPTCHA is an active defense system that engages callers with specific tasks, such as humming a tune or varying volume, designed to be easy for humans but difficult for real-time deepfake models to perform authentically. The system verifies the caller's response against four constraints—realism, identity, task, and time—using machine learning models. If any constraint is violated, the call is flagged as a deepfake.
Datasets
Dreal (real speech), Dfake (RT-DF voice conversion using StarGANv2-VC), Dreal,r (real challenge responses), Dfake,r (deepfake challenge responses using StarGANv2-VC), ASVspoof-DF dataset, RITW dataset
Model(s)
For realism detection (R): SpecRNet, One-Class (ResNet-18 with One-Class Softmax), GMM-ASVspoof (Gaussian Mixture Model on LFCCs), PC-DARTS (Convolutional Neural Network), Local Outlier Factor (LOF). For task detection (C): GMM classifier on MFCC features. For identity verification (I): Pre-trained ECAPA-TDNN architecture from SpeechBrain toolkit, adapted as an anomaly detector using speaker embeddings.
Author countries
Israel
← Previous
Next →