Category Archives: Computer Science

A New Method To Protect WebAssembly Against Spectre Attacks (Computer Science)

Computer scientists have developed a new compiler framework, called Swivel, to protect WebAssembly, or Warm, against Spectre attacks—the class of execution attacks, which exploit the way processors predict the computations that need to happen next. The team will present its research at the USENIX Security Symposium taking place Aug. 11 to 13, 2021. 

Wasm is an instruction set that has increasingly been used to sandbox untrusted code outside the browser. But unfortunately, Spectre attacks can bypass Wasm’s isolation guarantees. To prevent this, Swivel ensures that potentially malicious code can neither use Spectre attacks to break out of the Wasm sandox pr force another Wasm client or the embedding process itself to leak secret data. 

Swivel does this via two different approaches: a software-only approach that can be used on existing CPUs; and a hardware-assisted approach that uses extensions available in Intel 11th-generation CPUs.

Full story:

Provided by University of California San Diego

Julia Programming Language Tackles Differential Equation Challenges (Computer Science / Maths)

Casting models of a complex system in terms of differential equations on networks allows researchers to use its underlying structure for efficient simulations

Emerging open-source programming language Julia is designed to be fast and easy to use. Since it is particularly suited for numerical applications, such as differential equations, scientists in Germany are using it to explore the challenges involved in transitioning to all-renewable power generation.

Decarbonization implies a radical restructuring of power grids, which are huge complex systems with a wide variety of constraints, uncertainties, and heterogeneities. Power grids will become even more complex in the future, so new computational tools are needed.

In Chaos, from AIP Publishing, Potsdam Institute for Climate Impact Research (PIK) scientists describe a software package they built to enable the simulation of general dynamical systems on complex networks.

They wanted to build an open-source tool — so anyone can verify its software structure and algorithms — to make all state-of-the-art algorithms within Julia’s ecosystem easily accessible to engineers and physicists. Their package, called NetworkDynamics.jl, started out as the computational backend of another one, PowerDynamics.jl.

“We realized our computational backend would be useful to other researchers within the dynamical systems community as well,” said Michael Lindner, a postdoctoral researcher at PIK.

The two theoretical pillars of their work are differential equations and complex networks.

“By casting models of power grids or brains, for example, in terms of differential equations on networks, we give them a clear underlying structure,” he said. “The network encodes locality, what interacts with what, and the differential equations encode dynamics, how things change with time.”

This enables researchers to obtain state-of-the-art simulation speeds.

“We first compute all the interactions among network components, then the back reactions of individual components to that interaction. This allows us to compute the entire evolution of the system within two easily parallelizable loops,” said Lindner.

Since Julia is fast and easy to write and has a library for solving differential equations (DifferentialEquations.jl), researchers can implement and simulate complicated models within one day — rather than the month it used to require with other languages.

“It removes some of the barriers limiting scientific creativity,” Lindner said. “I hadn’t even thought about certain models and important questions before, just because they seemed completely out of reach with my given time constraints and programming skills.”

A good, intuitive interface to high-performance algorithms is “important for science today,” he said, “because they enable scientists to focus on their research questions and models instead of code and implementation details.”

The article, “NetworkDynamics.jl – Composing and simulating complex networks in Julia,” is authored by Michael Lindner, Lucas Lincoln, Fenja Drauschke, Julia M. Koulen, Hans Würfel, Anton Plietzsch, and Frank Hellmann. It will appear in Chaos on June 22, 2021 (DOI: 10.1063/5.0051387). After that date, it can be accessed at

Featured image: Schematic view of the structure of DynamicNetworks.jl. CREDIT: Michael Lindner, Lucas Lincoln, Fenja Drauschke, Julia M. Koulen, Hans Würfel, Anton Plietzsch, and Frank Hellmann

Provided by AIP Publishing

A Scientist From HSE University Has Developed an Image Recognition Algorithm (Computer Science)

A scientist from HSE University has developed an image recognition algorithm that works 40% faster than analogues. It can speed up real-time processing of video-based image recognition systems. The results of the study have been published in the journal Information Sciences.

Convolutional neural networks (CNNs), which include a sequence of convolutional layers, are widely used in computer vision. Each layer in a network has an input and an output. The digital description of the image goes to the input of the first layer and is converted into a different set of numbers at the output. The result goes to the input of the next layer and so on until the class label of the object in the image is predicted in the last layer. For example, this class can be a person, a cat, or a chair. For this, a CNN is trained on a set of images with a known class label. The greater the number and variability of the images of each class in the dataset are, the more accurate the trained network will be.

If there are only a few examples in the training set, the additional training (fine-tuning) of the neural network is used. CNN is trained to recognize images from a similar dataset that solves the original problem. For example, when a neural network learns to recognize faces or their attributes (emotions, gender, age), it is preliminary trained to identify celebrities from their photos. The resulting neural network is then fine-tuned on the available small dataset to identify the faces of family or relatives in home video surveillance systems. The more depth (number) of layers there are in a CNN, the more accurately it predicts the type of object in the image. However, if the number of layers is increased, more time is required to recognize objects.

The study’s author, Professor Andrey Savchenko of the HSE Campus in Nizhny Novgorod, was able to speed up the work of a pre-trained convolutional neural network with arbitrary architecture, consisting of 90-780 layers in his experiments. The result was an increase in recognition speed of up to 40%, while controlling the loss in accuracy to no more than 0.5-1%. The scientist relied on statistical methods such as sequential analysis and multiple comparisons (multiple hypothesis testing).

“The decision in the image recognition problem is made by a classifier — a special mathematical algorithm that receives an array of numbers (features/embeddings of an image) as inputs, and outputs a prediction about which class the image belongs to. The classifier can be applied by feeding it the outputs of any layer of the neural network. To recognize “simple” images, the classifier only needs to analyse the data (outputs) from the first layers of the neural network.

There is no need to waste further time if we are already confident in the reliability of the decision made. For “complex” pictures, the first layers are clearly not enough — you need to move on to the next. Therefore, classifiers were added to the neural network into several intermediate layers. Depending on the complexity of the input image, the proposed algorithm decided whether to continue recognition or complete it. Since it is important to control errors in such a procedure, I applied the theory of multiple comparisons: I introduced many hypotheses, at which intermediate layer to stop, and sequentially tested these hypotheses,” explained Professor Savchenko.

If the first classifier already produced a decision that was considered reliable by the multiple hypothesis testing procedure, the algorithm stopped. If the decision was declared unreliable, the calculations in the neural network continued to the intermediate layer, and the reliability check was repeated.

As the scientist notes, the most accurate decisions are obtained for the outputs of the last layers of the neural network. Early network outputs are classified much faster, which means it is necessary to simultaneously train all classifiers in order to accelerate recognition while controlling loss in accuracy. For example, so that the error due to an earlier stop is no more than 1%.

“High accuracy is always important for image recognition. For example, if a decision in face recognition systems is made incorrectly, then either someone outside can gain access to confidential information or conversely the user will be repeatedly denied access, because the neural network cannot identify him correctly. Speed can sometimes be sacrificed, but it matters, for example, in video surveillance systems, where it is highly desirable to make decisions in real time, that is, no more than 20-30 milliseconds per frame. To recognize an object in a video frame here and now, it is very important to act quickly, without losing accuracy,” said Professor Savchenko.

Reference: A.V. Savchenko, Fast inference in convolutional neural networks based on sequential three-way decisions, Information Sciences, Volume 560, 2021, Pages 370-385, ISSN 0020-0255, (

Provided by National Research University Higher School of Economics

Efficient Vacuum Deposition Approach Improves Performance of Formamidine-based Perovskite Solar Cells (Chemistry)

Perovskite solar cells (PSCs), the third generation photovoltage technology, are obtaining more and more attention.

The power conversion efficiency of small area PSCs can reach over 25.5% by solution method. However, it is difficult to achieve uniform preparation in large area and high-throughput production by solution preparation technology, and the solvent residues also affect the stability of the devices.

Recently, a research team led by Prof. LIU Shengzhong from the Dalian Institute of Chemical Physics (DICP) of the Chinese Academy of Sciences, in collaboration with Prof. FENG Jiangshan from Shaanxi Normal University, developed high-throughput large-area vacuum deposition approach for high-performance formamidine-based PSCs.

Their findings were published in Energy & Environmental Science on March 26.

The researchers prepared CsxFA1-xPbI3 thin films with large size, high density and high quality on 400cm2 rigid and 300cm2 flexible substrates by layer-to-layer deposition technology. By combing with low vacuum and low temperature annealing strategy, they effectively regulated the nucleation and grain growth of perovskite thin films.

“The photoelectric conversion efficiency of the PSC fabricated by combining the Spiro-OMeTAD hole transport layer (HTL) is 21.32%, which is the highest PCE of the PSC fabricated by vacuum method ever reported,” said Prof. LIU.

In addition, the researchers resolved the HTLs prepared by vacuum method, and obtained photoelectric conversion efficiency of 18.89% by full vacuum deposition method. The efficiency of a PSC prepared by the all-vacuum process increases by 1% from its initial value after storage in ambient in the dark for 189 days, demonstrating the high stability of devices prepared by full vacuum method.

This study shows that the all-vacuum method can realize the large-area and high-throughput preparation of PSCs with high efficiency and high stability.

Featured image: (a) Schematic illustration of multisource vacuum deposition with an in-vacuum annealing process for large-area perovskite films. Photographs of FA-based perovskite films deposited on (b) glass and (c) PET substrates (Image by DUAN Lianjie and WANG Hui)  

Reference: Jiangshan Feng et al., “High-throughput large-area vacuum deposition for high-performance formamidine-based perovskite solar cells”, Energy & Environmental Science, 2021. Link to paper

Provided by Chinese Academy of Sciences

Surrey Develops A Breakthrough New Simulation Platform (Computer Science)

Computer scientists from the University of Surrey have helped to create state-of-the-art software that could be used to simulate how the brain develops or cancers progress, allowing healthcare professionals to develop better treatment strategies.

Together with partners across seven international organisations, Surrey has released the BioDynaMo v1.0 – a software platform designed to create, run and visualise 3D agent-based simulations.

The open-source code is available to download from the BioDynaMo website.

Agent-based simulations are central to a wide range of research fields, from biology to business and epidemiology to economics. This powerful new platform could play a key role in unlocking exciting discoveries in a range of scientific fields.

The BioDynaMo consortium includes the University of Surrey, CERN, Newcastle University, GSI Helmholtz Center, University of Cyprus, University of Geneva, ImmunoBrain Checkpoint and SCImPULSE Foundation.

Dr Roman Bauer, Lecturer of Computer Science at the University of Surrey and spokesperson for BioDynaMo, said: “We have built the BioDynaMo platform to help scientists perform simulations of previously unimaginable scale and complexity. Our platform makes it possible to tackle challenging scientific questions – helping us understand how diseases such as COVID-19 could affect different communities across the globe.”

“We hope that the versatility and usability of this open-source software will lead to BioDynaMo becoming a standard tool for reproducible computational research.”

Dr Fons Rademakers, CERN openlab Chief Research Officer and BioDynaMo engineering leader, said: “We are proud to be bringing our expertise in computing and simulation to this exciting project as part of CERN’s knowledge transfer activities for the benefit of medical applications. We spent a lot of time and effort on the simulation engine’s scalability by using multi-threading and GPU acceleration extensively throughout the code. Also, the code quality is constantly monitored by many tests continuously executed during the development. Although this is a v1.0 release, we feel very positive about it and very sure that this is only the beginning.”

Featured image credit: gettyimages

Provided by University of Surrey

Danish Computer Scientist Has Developed a Superb Algorithm For Finding the Shortest Route (Computer science)

One of the most classic algorithmic problems deals with calculating the shortest path between two points. A more complicated variant of the problem is when the route traverses a changing network—whether this be a road network or the internet. For 40 years, an algorithm has been sought to provide an optimal solution to this problem. Now, computer scientist Christian Wulff-Nilsen of the University of Copenhagen and two research colleagues have come up with a recipe.

When heading somewhere new, most of us leave it to computer algorithms to help us find the best route, whether by using a car’s GPS, or public transport and map apps on their phone. Still, there are times when a proposed route doesn’t quite align with reality. This is because road networks, public transportation networks and other networks aren’t static. The best route can suddenly be the slowest, e.g. because a queue has formed due to roadworks or an accident.

People probably don’t think about the complicated math behind routing suggestions in these types of situations. The software being used is trying to solve a variant for the classic algorithmic “shortest path” problem, the shortest path in a dynamic network. For 40 years, researchers have been working to find an algorithm that can optimally solve this mathematical conundrum. Now, Christian Wulff-Nilsen of the University of Copenhagen’s Department of Computer Science has succeeded in cracking the nut along with two colleagues.

“We have developed an algorithm, for which we now have mathematical proof, that it is better than every other algorithm up to now—and the closest thing to optimal that will ever be, even if we look 1000 years into the future,” says Associate Professor Wulff-Nilsen. The results were presented at the prestigious FOCS 2020 conference.

Optimally, in this context, refers to an algorithm that spends as little time and as little computer memory as possible to calculate the best route in a given network. This is not just true of road and transportation networks, but also the internet or any other type of network.

Networks as graphs

The researchers represent a network as a so-called dynamic graph”. In this context, a graph is an abstract representation of a network consisting of edges, roads for example, and nodes, representing intersections, for example. When a graph is dynamic, it means that it can change over time. The new algorithm handles changes consisting of deleted edges—for example, if the equivalent of a stretch of a road suddenly becomes inaccessible due to roadworks.

“The tremendous advantage of seeing a network as an abstract graph is that it can be used to  represent any type of network. It could be the internet, where you want to send data via as short a route as possible, a human brain or the network of friendship relations on Facebook. This makes graph algorithms applicable in a wide variety of contexts,” explains Christian Wulff-Nilsen.

Traditional algorithms assume that a graph is static, which is rarely true in the real world. When these kinds of algorithms are used in a dynamic network, they need to be rerun every time a small change occurs in the graph—which wastes time.

More data necessitates better algorithms

Finding better algorithms is not just useful when travelling. It is necessary in virtually any area where data is produced, as Christian Wulff-Nilsen points out:

“We are living in a time when volumes of data grow at a tremendous rate and the development of hardware simply can’t keep up. In order to manage all of the data we produce, we need to develop smarter software that requires less running time and memory. That’s why we need smarter algorithms,” he says.

He hopes that it will be possible to use this algorithm or some of the techniques behind it in practice, but stresses that this is theoretical evidence and first requires experimentation.

Christian Wulff-Nilsen (Photo: University of Copenhagen)


  • The research article “Near-Optimal Decremental SSSP in Dense Weighted Digraphs” was presented at the prestigious FOCS 2020 conference.
  • The article was written by Christian Wulff-Nilsen, of the University of Copenhagen’s Department of Computer Science, and former Department of Computer Science PhD student Maximillian Probst Gutenberg and assistant professor Aaron Bernstein of Rutgers University.
  • The version of the “shortest path” problem that the researchers solved is called “The Decremental Single-Source Shortest Path Problem”. It is essentially about maintaining the shortest paths in a changing dynamic network from one starting point to all other nodes in a graph. The changes to a network consist of edge removals.
  • The paper gives a mathematical proof that the algorithm is essentially the optimal one for dynamic networks. On average, users will be able to change routes according to calculations made in constant time.

Featured image credit: gettyimages

Provided by University of Copenhagen

NTU Singapore Scientists Develop Laser System That Generates Random Numbers at Ultrafast Speeds (Computer Science)

​An international team of scientists has developed a system that can generate random numbers over a hundred times faster than current technologies, paving the way towards faster, cheaper, and more secure data encryption in today’s digitally connected world.

The random number generator system was jointly developed by researchers from Nanyang Technological University, Singapore (NTU Singapore), Yale University, and Trinity College Dublin, and made in NTU.

Random numbers are used for a variety of purposes, such as generating data encryption keys and one-time passwords (OTPs) in everyday processes such online banking and e-commerce to shore up their security.

The system uses a laser with a special hourglass-shaped cavity to generate random patterns, which are formed by light rays reflecting and interacting with each other within the cavity. By reading the patterns, the system generates many series of random numbers at the same time (see Image 1).

The researchers found that like snowflakes, no two number sequences generated using the system were the same, due to the unpredictable nature of how the light rays reflect and interact with each other in the cavity.

The laser used in the system is about one millimeter long, smaller than most other lasers. It is also energy efficient and can be operated with any household power socket, as it only requires a one-ampere (1A) current.

Professor Wang Qijie, the lead scientist in the development of the laser system, pictured with a close-up of the prototype. Credit: NTU Singapore

In their study published in one of the world’s leading scientific journals Science on 26 February 2021, the researchers verified the effectiveness of their random number generator using two tests, including one published by the US National Institute of Standards and Technology.  

The research team has proven that the NTU-made random number generator which is faster and more secure than existing comparable technologies, could help safeguard users’ data in a world that is steadily relying more on Internet transactions (see Image 2).

Professor Wang Qijie from NTU’s School of Electrical and Electronic Engineering & School of Physical and Mathematical Science, as well as The Photonics Institute, who led the NTU team involved in the international research, said, “Current random number generators run by computers are cheap and effective. However, they are vulnerable to attacks, as hackers could predict future number sequences if they discover the algorithm used to generate the numbers. Our system is safer as it uses an unpredictable method to generate numbers, making it impossible for even those with the same device to replicate.”

The NTU-designed system records light patterns caused by the reflection of a laser beam, which it then uses to generate a series of random numbers. Credit: NTU Singapore

Dr Zeng Yongquan, a Research Fellow from NTU’s School of Physical and Mathematical Sciences, who co-designed the laser system, said: “Our system surpasses current random number generators, as the method can simultaneously generate many more random sequences of information at an even faster rate.”

The team’s laser system can also generate about 250 terabytes of random bits per second – more than a hundred times faster than current computer-based random number generators.

At its speed, the system would only take about 12 seconds to generate a body of random numbers equivalent to the size of information in the largest library in the world – the US Library of Congress.

Elaborating on the future of the system, the team is working on making the technology ready for practical use, by incorporating the laser into a compact chip that enables the random numbers generated to be fed directly into a computer.

Featured image: Professor Wang Qijie, the lead scientist in the development of the laser system, pictured with a prototype. Credit: NTU Singapore

Reference: Kyungduk Kim, Stefan Bittner, Yongquan Zeng, Stefano Guazzotti, Ortwin Hess, Qi Jie Wang, Hui Cao, “Massively parallel ultrafast random bit generation with a chip-scale laser”, Science 26 Feb 2021: Vol. 371, Issue 6532, pp. 948-952 DOI: 10.1126/science.abc2666

Provided by Nanyang Technological University

Researchers Develop Speedier Network Analysis For a Range of Computer Hardware (Engineering / Computer Science)

The advance could boost recommendation algorithms and internet search.

Graphs — data structures that show the relationship among objects — are highly versatile. It’s easy to imagine a graph depicting a social media network’s web of connections. But graphs are also used in programs as diverse as content recommendation (what to watch next on Netflix?) and navigation (what’s the quickest route to the beach?). As Ajay Brahmakshatriya summarizes: “graphs are basically everywhere.”

Brahmakshatriya has developed software to more efficiently run graph applications on a wider range of computer hardware. The software extends GraphIt, a state-of-the-art graph programming language, to run on graphics processing units (GPUs), hardware that processes many data streams in parallel. The advance could accelerate graph analysis, especially for applications that benefit from a GPU’s parallelism, such as recommendation algorithms.

Brahmakshatriya, a PhD student in MIT’s Department of Electrical Engineering and Computer Science and the Computer Science and Artificial Intelligence Laboratory, will present the work at this month’s International Symposium on Code Generation and Optimization. Co-authors include Brahmakshatriya’s advisor, Professor Saman Amarasinghe, as well as Douglas T. Ross Career Development Assistant Professor of Software Technology Julian Shun, postdoc Changwan Hong, recent MIT PhD student Yunming Zhang PhD ’20 (now with Google), and Adobe Research’s Shoaib Kamil.

When programmers write code, they don’t talk directly to the computer hardware. The hardware itself operates in binary — 1s and 0s — while the coder writes in a structured, “high-level” language made up of words and symbols. Translating that high-level language into hardware-readable binary requires programs called compilers. “A compiler converts the code to a format that can run on the hardware,” says Brahmakshatriya. One such compiler, specially designed for graph analysis, is GraphIt.

The researchers developed GraphIt in 2018 to optimize the performance of graph-based algorithms regardless of the size and shape of the graph. GraphIt allows the user not only to input an algorithm, but also to schedule how that algorithm runs on the hardware. “The user can provide different options for the scheduling, until they figure out what works best for them,” says Brahmakshatriya. “GraphIt generates very specialized code tailored for each application to run as efficiently as possible.”

A number of startups and established tech firms alike have adopted GraphIt to aid their development of graph applications. But Brahmakshatriya says the first iteration of GraphIt had a shortcoming: It only runs on central processing units or CPUs, the type of processor in a typical laptop.

“Some algorithms are massively parallel,” says Brahmakshatriya, “meaning they can better utilize hardware like a GPU that has 10,000 cores for execution.” He notes that some types of graph analysis, including recommendation algorithms, require a high degree of parallelism. So Brahmakshatriya extended GraphIt to enable graph analysis to flourish on GPUs.

Brahmakshatriya’s team preserved the way GraphIt users input algorithms, but adapted the scheduling component for a wider array of hardware. “Our main design decision in extending GraphIt to GPUs was to keep the algorithm representation exactly the same,” says Brahmakshatriya. “Instead, we added a new scheduling language. So, the user can keep the same algorithms that they had before written before [for CPUs], and just change the scheduling input to get the GPU code.”

This new, optimized scheduling for GPUs gives a boost to graph algorithms that require high parallelism — including recommendation algorithms or internet search functions that sift through millions of websites simultaneously. To confirm the efficacy of GraphIt’s new extension, the team ran 90 experiments pitting GraphIt’s runtime against other state-of-the-art graph compilers on GPUs. The experiments included a range of algorithms and graph types, from road networks to social networks. GraphIt ran fastest in 65 of the 90 cases and was close behind the leading algorithm in the rest of the trials, demonstrating both its speed and versatility.

GraphIt “advances the field by attaining performance and productivity simultaneously,” says Adrian Sampson, a computer scientist at Cornell University who was not involved with the research. “Traditional ways of doing graph analysis have one or the other: Either you can write a simple algorithm with mediocre performance, or you can hire an expert to write an extremely fast implementation — but that kind of performance is rarely accessible to mere mortals. The GraphIt extension is the key to letting ordinary people write high-level, abstract algorithms and nonetheless getting expert-level performance out of GPUs.”

Sampson adds the advance could be particularly useful in rapidly changing fields: “An exciting domain like that is genomics, where algorithms are evolving so quickly that high-performance expert implementations can’t keep up with the rate of change. I’m excited for bioinformatics practitioners to get their hands on GraphIt to expand the kinds of genomic analyses they’re capable of.”

Brahmakshatriya says the new GraphIt extension provides a meaningful advance in graph analysis, enabling users to go between CPUs and GPUs with state-of-the-art performance with ease. “The field these days is tooth-and-nail competition. There are new frameworks coming out every day,” He says. But he emphasizes that the payoff for even slight optimization is worth it. “Companies are spending millions of dollars each day to run graph algorithms. Even if you make it run just 5 percent faster, you’re saving many thousands of dollars.”

This research was funded, in part, by the National Science Foundation, U.S. Department of Energy, the Applications Driving Architectures Center, and the Defense Advanced Research Projects Agency.

Featured image: MIT researchers developed software to more efficiently run graph applications on a range of computing hardware, including both CPUs and GPUs. Credits: Image: Istockphoto images edited by MIT News

Reference paper: “Compiling Graph Applications for GPUs with GraphIt”

Provided by MIT

Deepfake Detectors Can Be Defeated, Computer Scientists Show For the First Time (Computer Science)

Systems designed to detect deepfakes –videos that manipulate real-life footage via artificial intelligence–can be deceived, computer scientists showed for the first time at the WACV 2021 conference which took place online Jan. 5 to 9, 2021.

Researchers showed detectors can be defeated by inserting inputs called adversarial examples into every video frame. The adversarial examples are slightly manipulated inputs which cause artificial intelligence systems such as machine learning models to make a mistake. In addition, the team showed that the attack still works after videos are compressed.

“Our work shows that attacks on deepfake detectors could be a real-world threat,” said Shehzeen Hussain, a UC San Diego computer engineering Ph.D. student and first co-author on the WACV paper. “More alarmingly, we demonstrate that it’s possible to craft robust adversarial deepfakes in even when an adversary may not be aware of the inner workings of the machine learning model used by the detector.”

In deepfakes, a subject’s face is modified in order to create convincingly realistic footage of events that never actually happened. As a result, typical deepfake detectors focus on the face in videos: first tracking it and then passing on the cropped face data to a neural network that determines whether it is real or fake. For example, eye blinking is not reproduced well in deepfakes, so detectors focus on eye movements as one way to make that determination. State-of-the-art Deepfake detectors rely on machine learning models for identifying fake videos.

The extensive spread of fake videos through social media platforms has raised significant concerns worldwide, particularly hampering the credibility of digital media, the researchers point out. “If the attackers have some knowledge of the detection system, they can design inputs to target the blind spots of the detector and bypass it,” said Paarth Neekhara, the paper’s other first coauthor and a UC San Diego computer science student.

Researchers created an adversarial example for every face in a video frame. But while standard operations such as compressing and resizing video usually remove adversarial examples from an image, these examples are built to withstand these processes. The attack algorithm does this by estimating over a set of input transformations how the model ranks images as real or fake. From there, it uses this estimation to transform images in such a way that the adversarial image remains effective even after compression and decompression.

The modified version of the face is then inserted in all the video frames. The process is then repeated for all frames in the video to create a deepfake video. The attack can also be applied on detectors that operate on entire video frames as opposed to just face crops.

The team declined to release their code so it wouldn’t be used by hostile parties.

High success rate

Researchers tested their attacks in two scenarios: one where the attackers have complete access to the detector model, including the face extraction pipeline and the architecture and parameters of the classification model; and one where attackers can only query the machine.

learning model to figure out the probabilities of a frame being classified as real or fake. In the first scenario, the attack’s success rate is above 99 percent for uncompressed videos. For compressed videos, it was 84.96 percent. In the second scenario, the success rate was 86.43 percent for uncompressed and 78.33 percent for compressed videos. This is the first work which demonstrates successful attacks on state-of-the-art Deepfake detectors. 

“To use these deepfake detectors in practice, we argue that it is essential to evaluate them against an adaptive adversary who is aware of these defenses and is intentionally trying to foil these defenses,” researchers write. “We show that the current state of the art methods for deepfake detection can be easily bypassed if the adversary has complete or even partial knowledge of the detector.”

To improve detectors, researchers recommend an approach similar to what is known as adversarial training: during training, an adaptive adversary continues to generate new deepfakes that can bypass the current state of the art detector; and the detector continues improving in order to detect the new deepfakes.

Reference: Shehzeen Hussain, Malhar Jere, Farinaz Koushanfar, Paarth Neekhara,  Julian McAuley, “Adversarial Deepfakes: Evaluating Vulnerability of Deepfake Detectors to Adversarial Examples“, ArXiv, 2021.

Provided by UC San Diego