As AI-generated synthetic images become increasingly realistic, Vision Transformers (ViTs) have emerged as a cornerstone of modern deepfake detection. However, the prevailing reliance on frozen, pre-trained backbones introduces a subtle yet critical vulnerability. In this work, we present the Surrogate Iterative Adversarial Attack (SIAA), a gray-box attack that exploits knowledge of the detector's ViT backbone alone and operates entirely within the target detector's feature space to craft highly effective adversarial examples. Through our experiments, involving multiple ViT-based detectors and diverse gray-box scenarios, including few-shot learning, complete training misalignment and attack transferability tests, we demonstrate that this vulnerability consistently yields high attack success rates, often approaching white-box performance. By doing so, we reveal that backbone knowledge alone is sufficient to undermine detector reliability, highlighting the urgent need for more resilient defenses in adversarial multimedia forensics.
骨干网络即一切:评估冻结基础模型在合成图像取证中的脆弱性 / Backbone is All You Need: Assessing Vulnerabilities of Frozen Foundation Models in Synthetic Image Forensics
本文发现,当前许多基于视觉Transformer的深度伪造检测器,由于依赖冻结的预训练骨干网络,存在一个关键漏洞:攻击者只需知道检测器使用的骨干网络类型,无需完整模型信息,就能通过一种名为SIAA的灰盒攻击方法,生成能轻易欺骗检测器的对抗样本,其攻击成功率往往接近白盒攻击水平,这警示我们需要更稳健的防御策略。
源自 arXiv: 2605.13381
