Detect fakes from the dataset containing real images and CNN-augmented images
Click the links for:
*All the figures are listed in the report.
Introduction
In this study, we implement a “universal” detector to identify fake images generated by 10 different CNN-based models from an existing study (Wang et al., 2020). As deep image synthesis technology advances, people are more worried about whether they are able to tell real and fake images apart. This issue is significant as the technology can be used for malicious purposes, such as manipulating global politics, identity theft, and tarnishing the reputation of someone. Wang et al. showed that a classifier (ResNet-50) trained on only one CNN generator (ProGAN) is generalizable to other architectures to distinguish real and fake images.
This has a potentially impactful application for detecting and eliminating fictitious online media masqueraded as recordings of real events. Identifying faked reporting is extremely relevant in an age where information, no matter how engineered and distant from the truth, can be both easily accessed and disseminated. This project deals with a binary classification problem that categorizes image datasets into real and CNN-generated (fake) images and how generalizable such classification a model is.
Related Work
Similar to Wang et al. (2020), Cozzolino et al. (2018) explored a method to detect fake images under cross-model transfer. However, instead of focusing on simple classifiers that can be used for different models (Wang et al.), they propose a new learning method, called rensicTransfer (FT), that improves the performance.
He, Zhang, Ren, & Sun (2015) developed the ResNet which forms the basis for the current project. It proposes a new neural network model for training very deep networks using learning residual functions. They show around a 28% improvement on a 1000 class classification task using deep layers that are efficiently trained.
Methodology
We adapted the universal detector (ResNet-50) to detect neural net generated images from real photographs. This was done through importing a ResNet framework, removing the head, and attaching a fully-connected, binary classifier layer. This network was preloaded with ImageNet trained weights and then trained on ProGAN generated images provided by the seed paper, Wang et al. (2020). Within this project, only a subset of ProGAN training set was used to train the model. This subset included real and fake images of cats and dogs for the first set of trials, then with the addition of people and cars for the second round of testing. Training was done with only 1 epoch on a total of 40,000 or 52,000 total images for the cats/dog only and cats, dogs, persons, cars m respectively. The network was validated after every 10 batches of 100 images with ProGAN images excluded from the training set The test set included 1000 images from a selection of generative neural networks. This included StyleGAN, StyleGAN2, StarGAN, BigGAN, Deepfake, SeeingDark, san, IMLE, among others. See Figure 1 for examples. The training and test images were sized at 224x224 pixels and normalized with nearly the same technique as the seed paper.
Results
Part 1
With only training with cats and dogs samples from ProGAN the network was capable of discriminating between fake and real images at an average of 65% (SE of 4%). Although this is relatively low compared to the smashing success of the seed paper, this result is very indicative of the ability of the modified ResNet to quickly learn the trace left behind by generative networks. Additionally, it becomes apparent when looking at the accuracy for individual generated networks, shown in Figure 2, that the fake discriminating network succeeded far more in certain classes of generators than others. It appeared geared better towards networks with (StyleGAN and BigGAN) than networks which achieve different goals such as image enhancement (CRN and IMLE). Against expectations, the model did well with other categories outside cats and dogs of different generative networks. For example, it scored surprisingly well with StarGAN which produces generated images trained on photos of celebrities.
Part 2
We next trained the modified ResNet on a mix of the cat and dog categories and person and cars categories of the ProGan images. The expectation is that with a more diversified training set, the model should perform better on generalizing to the output of other models. Specifically, we hoped to see improvement on DeepFake images as they are centered on imitating facial features and expressions of humans. However, training the model with additional images after the first training severely diminished its performance on the test set, suggesting that the model learned some GAN trace that was not generalizable, even within its own data set. This would explain how informal testing (not reported here) of the network with its own dataset never reached beyond 95% accuracy.
Retraining the network in blocks of cats and dogs and blocks of persons and cars was then completed. On each block, 1000 images of each category were loaded in and trained on in batches. Figure 3 shows the loss and accuracy overtime. As is apparent, the accuracy is unstable, crashing after rising to about 80% twice. The accuracies for this new model also suffered relative to the first. This is shown in Figure 4. The overall accuracy dropped to 56% (SE: 2.43%).
Challenges
We encountered a few errors as we attempt to convert PyTorch-based scripts to TensorFlow Keras. We struggled to solve an error after converting the PyTorch model to Keras (error=tensorflow.python.framework.errors_impl.UnimplementedError: The Conv2D op currently only supports the NHWC tensor format on the CPU. The op was given the format: NCHW [Op:Conv2D]'''). However, this was not the main aim of this project, and we successfully created a new model without using the weights from the original paper and test it with an image.
Handling the large dataset was another issue. Training a network on discriminating images requires thousands of examples which not only causes problems with storage, but also with the required computing time. Training was done on a subset of the data in order to alleviate storage problems and compute time. This consideration provided us with inspiration to explore the influence of the dataset choice on the effectiveness of the model.
Discussion/Reflection
We achieved the final accuracy ranging from 40% to 94% for the first model and 44% to 77% from the second model. Our first model did extremely well with distinguishing images that are generated by StarGAN (94%) and StyleGAN2 (80.8-83%). On the other hand, the model did not produce high accuracy for images from some generative networks, such as Seeingdark, San, IMLE, and Deepfake. This may be due to the features that they are particularly trained on. We thought the low accuracy in Deepfake may be improved by adding more images of human faces in the training set, which was shown to not be the case as model 2 still performed abysmally. More preprocessing techniques may be employed to improve the accuracy, but the lower performance for the second model may also be due to the low number of epochs while the variations between train images increased relative to the images used to train the first model.
We achieved the base goal to recode the network from PyTorch into TensorFlow. We attempted to obtain benchmarks set by the paper by 1) importing the model with weights trained by Wang et al. (after converting from PyTorch to TensorFlow, and 2) creating and training a new model with similar architecture. Both methods required data structure conversion. We had a challenge with the first method after converting the PyTorch model to Keras, because of the system we were using and the system it required. However, we successfully created and trained our own model (without any use of code provided by Wang et al.), which was the main focus of this project. We also successfully achieved the target goal; we were able to retrain ResNet ourselves with images produced by ProGAN. We were not able to get to the stretch goals due to unexpected errors, data management, and compute time issues we faced during the process.
Our model produced the results that we originally intended — eventually it was able to distinguish real and fake images in the categories that it was trained on, with fairly high accuracy. Specifically, our model produced 94% accuracy for images generated with StarGAN. It did not do so well on images produced by other networks that were geared towards image enhancement techniques. Our approach did not change over time — we generally followed the plan we initially intended. However, if we were to work on our project over again, we would not have tried to train the model on a local machine in the first place, and instead run everything on platforms like Google Cloud. We would also have trained on certain categories of images and tested on the same classification. We also would have avoided training on the categories in blocks (due to issues moving the large set of data around), which is the most likely cause for the degraded performance in Part 2. Even with a fairly simple, established architecture, the model was able to distinguish real and fake images with high accuracy. As Wang et al. suggested, GAN-generated images leave ‘traces’ or representations which may not be apparent from humans’ eyes but deep neural networks can pick up.
References
Cozzolino, D., Thies, J., Rössler, A., Riess, C., Nießner, M., & Verdoliva, L. (2018). Forensictransfer: Weakly-supervised domain adaptation for forgery detection. arXiv preprint arXiv:1812.02510. https://arxiv.org/pdf/1812.02510.pdf
He, K., Zhang, X., Ren, S., & Sun, J. (2016). Deep residual learning for image recognition. In Proceedings of the IEEE conference on computer vision and pattern recognition (pp. 770-778). Wang, S. Y., Wang, O., Zhang, R., Owens, A., & Efros, A. A. (2020). CNN-generated images are surprisingly easy to spot... for now. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (pp. 8695-8704).
Log in or sign up for Devpost to join the conversation.