cispa_all_3878.pdf (17.93 MB)

UnGANable: Defending Against GAN-based Face Manipulation

Download (17.93 MB)
conference contribution
posted on 2023-11-29, 18:24 authored by Zheng LiZheng Li, Ning Yu, Ahmed Salem, Michael BackesMichael Backes, Mario FritzMario Fritz, Yang ZhangYang Zhang
Deepfakes pose severe threats of visual misinformation to our society. One representative deepfake application is face manipulation that modifies a victim’s facial attributes in an image, e.g., changing her age or hair color. The state-of-the-art face manipulation techniques rely on Generative Adversarial Networks (GANs). In this paper, we propose the first defense system, namely UnGANable, against GAN-inversionbased face manipulation. In specific, UnGANable focuses on defending GAN inversion, an essential step for face manipulation. Its core technique is to search for alternative images (called cloaked images) around the original images (called target images) in image space. When posted online, these cloaked images can jeopardize the GAN inversion process. We consider two state-of-the-art inversion techniques including optimization-based inversion and hybrid inversion, and design five different defenses under five scenarios depending on the defender’s background knowledge. Extensive experiments on four popular GAN models trained on two benchmark face datasets show that UnGANable achieves remarkable effectiveness and utility performance, and outperforms multiple baseline methods. We further investigate four adaptive adversaries to bypass UnGANable and show that some of them are slightly effective.


Preferred Citation

Zheng Li, Ning Yu, Ahmed Salem, Michael Backes, Mario Fritz and Yang Zhang. UnGANable: Defending Against GAN-based Face Manipulation. In: Usenix Security Symposium (USENIX-Security). 2023.

Primary Research Area

  • Trustworthy Information Processing

Name of Conference

Usenix Security Symposium (USENIX-Security)

Legacy Posted Date


Open Access Type

  • Unknown


@inproceedings{cispa_all_3878, title = "UnGANable: Defending Against GAN-based Face Manipulation", author = "Li, Zheng and Yu, Ning and Salem, Ahmed and Backes, Michael and Fritz, Mario and Zhang, Yang", booktitle="{Usenix Security Symposium (USENIX-Security)}", year="2023", }

Usage metrics


    No categories selected


    Ref. manager