ML Security PapersA Sanity Check for Multi-In-Domain Face Forgery Detection in the Real World
Jikang Cheng 1, Renye Yan 1, Zhiyuan Yan 1, Yaozhong Gan 2, Xueyi Zhang 3, Zhongyuan Wang 4, Wei Peng 5, Ling Liang 1
Published on arXiv
2512.04837
Output Integrity Attack
OWASP ML Top 10 — ML09
Key Finding
DevDet improves per-frame real/fake classification accuracy (ACC) under domain-unspecified conditions while maintaining AUC generalization to unseen deepfake data
DevDet
Novel technique introduced
Existing methods for deepfake detection aim to develop generalizable detectors. Although "generalizable" is the ultimate target once and for all, with limited training forgeries and domains, it appears idealistic to expect generalization that covers entirely unseen variations, especially given the diversity of real-world deepfakes. Therefore, introducing large-scale multi-domain data for training can be feasible and important for real-world applications. However, within such a multi-domain scenario, the differences between multiple domains, rather than the subtle real/fake distinctions, dominate the feature space. As a result, despite detectors being able to relatively separate real and fake within each domain (i.e., high AUC), they struggle with single-image real/fake judgments in domain-unspecified conditions (i.e., low ACC). In this paper, we first define a new research paradigm named Multi-In-Domain Face Forgery Detection (MID-FFD), which includes sufficient volumes of real-fake domains for training. Then, the detector should provide definitive real-fake judgments to the domain-unspecified inputs, which simulate the frame-by-frame independent detection scenario in the real world. Meanwhile, to address the domain-dominant issue, we propose a model-agnostic framework termed DevDet (Developer for Detector) to amplify real/fake differences and make them dominant in the feature space. DevDet consists of a Face Forgery Developer (FFDev) and a Dose-Adaptive detector Fine-Tuning strategy (DAFT). Experiments demonstrate our superiority in predicting real-fake under the MID-FFD scenario while maintaining original generalization ability to unseen data.
Key Contributions
- Defines a new Multi-In-Domain Face Forgery Detection (MID-FFD) paradigm requiring definitive per-frame real/fake judgments under domain-unspecified conditions
- Proposes Face Forgery Developer (FFDev) to amplify real/fake feature differences so they dominate the latent space over domain-driven variation
- Proposes Dose-Adaptive detector Fine-Tuning (DAFT) strategy that preserves generalization to unseen domains when adapting any backbone detector
🛡️ Threat Analysis
Paper proposes novel deepfake detection architecture (DevDet with FFDev and DAFT components) for detecting AI-generated/manipulated face content — directly addresses output integrity and AI-generated content detection, which is core ML09 scope.