Abstract
With the rapid development of electronic payment technologies, facial recognition-based payment systems have become increasingly popular and indispensable. However, the majority of facial recognition payment systems are vulnerable to being manipulated by facial deepfake technology, and it would be a serious threat to personal property and privacy. In order to effectively defend deepfake models on the premise of minimizing alterations to the original image, we propose a union-saliency attack model which is a well-trained deepfake model while maintaining plausible detail of the original face images. To this aim, we derive a union mask mechanism to accurately determine facial region as a prior in guiding the subsequent perturbations, with the objective of minimizing the information loss on input images. Additionally, we propose a novel structural similarity loss and a noise generator to minimize detail degradation. Experiments prove that the proposed method can interfere with deepfake models effectively and minimize the distortion of the original image simultaneously.
