ML Security PapersTowards Robust DeepFake Detection under Unstable Face Sequences: Adaptive Sparse Graph Embedding with Order-Free Representation and Explicit Laplacian Spectral Prior
Chih-Chung Hsu 1, Shao-Ning Chen 2, Chia-Ming Lee 2, Yi-Fang Wang 2, Yi-Shiuan Chou 2
Published on arXiv
2512.07498
Output Integrity Attack
OWASP ML Top 10 — ML09
Key Finding
LR-GCN achieves state-of-the-art deepfake detection performance on FF++, Celeb-DFv2, and DFDC with significantly improved robustness under severe global and local disruptions including missing faces, occlusions, and adversarially perturbed face detections
LR-GCN (Laplacian-Regularized Graph Convolutional Network)
Novel technique introduced
Ensuring the authenticity of video content remains challenging as DeepFake generation becomes increasingly realistic and robust against detection. Most existing detectors implicitly assume temporally consistent and clean facial sequences, an assumption that rarely holds in real-world scenarios where compression artifacts, occlusions, and adversarial attacks destabilize face detection and often lead to invalid or misdetected faces. To address these challenges, we propose a Laplacian-Regularized Graph Convolutional Network (LR-GCN) that robustly detects DeepFakes from noisy or unordered face sequences, while being trained only on clean facial data. Our method constructs an Order-Free Temporal Graph Embedding (OF-TGE) that organizes frame-wise CNN features into an adaptive sparse graph based on semantic affinities. Unlike traditional methods constrained by strict temporal continuity, OF-TGE captures intrinsic feature consistency across frames, making it resilient to shuffled, missing, or heavily corrupted inputs. We further impose a dual-level sparsity mechanism on both graph structure and node features to suppress the influence of invalid faces. Crucially, we introduce an explicit Graph Laplacian Spectral Prior that acts as a high-pass operator in the graph spectral domain, highlighting structural anomalies and forgery artifacts, which are then consolidated by a low-pass GCN aggregation. This sequential design effectively realizes a task-driven spectral band-pass mechanism that suppresses background information and random noise while preserving manipulation cues. Extensive experiments on FF++, Celeb-DFv2, and DFDC demonstrate that LR-GCN achieves state-of-the-art performance and significantly improved robustness under severe global and local disruptions, including missing faces, occlusions, and adversarially perturbed face detections.
Key Contributions
- Order-Free Temporal Graph Embedding (OF-TGE) that models frame-wise CNN features as an adaptive sparse graph without assuming temporal ordering, enabling robustness to shuffled, missing, or corrupted frames
- Dual-level sparsity mechanism on graph structure and node features to suppress invalid or occluded face inputs
- Explicit Graph Laplacian Spectral Prior acting as a high-pass operator to highlight structural forgery artifacts, combined with low-pass GCN aggregation to form a task-driven spectral band-pass mechanism
🛡️ Threat Analysis
Proposes a novel AI-generated content detection architecture (LR-GCN) for deepfake video detection — a primary ML09 use case. The paper introduces new forensic techniques (Order-Free Temporal Graph Embedding, Laplacian Spectral Prior) for detecting manipulated facial content, which is output integrity/authenticity research.