Saved in:
Bibliographic Details
Main Authors: Serrano, Adrian, Umlil, Erwan, Thomas, Ronan
Format: Preprint
Published: 2026
Subjects:
Online Access:https://arxiv.org/abs/2601.05986
Tags: Add Tag
No Tags, Be the first to tag this record!
_version_ 1866915719326728192
author Serrano, Adrian
Umlil, Erwan
Thomas, Ronan
author_facet Serrano, Adrian
Umlil, Erwan
Thomas, Ronan
contents Deepfake detection systems deployed in real-world environments are subject to adversaries capable of crafting imperceptible perturbations that degrade model performance. While adversarial training is a widely adopted defense, its effectiveness under realistic conditions -- where attackers operate with limited knowledge and mismatched data distributions - remains underexplored. In this work, we extend the DUMB -- Dataset soUrces, Model architecture and Balance - and DUMBer methodology to deepfake detection. We evaluate detectors robustness against adversarial attacks under transferability constraints and cross-dataset configuration to extract real-world insights. Our study spans five state-of-the-art detectors (RECCE, SRM, XCeption, UCF, SPSL), three attacks (PGD, FGSM, FPBA), and two datasets (FaceForensics++ and Celeb-DF-V2). We analyze both attacker and defender perspectives mapping results to mismatch scenarios. Experiments show that adversarial training strategies reinforce robustness in the in-distribution cases but can also degrade it under cross-dataset configuration depending on the strategy adopted. These findings highlight the need for case-aware defense strategies in real-world applications exposed to adversarial attacks.
format Preprint
id arxiv_https___arxiv_org_abs_2601_05986
institution arXiv
publishDate 2026
record_format arxiv
spellingShingle Deepfake detectors are DUMB: A benchmark to assess adversarial training robustness under transferability constraints
Serrano, Adrian
Umlil, Erwan
Thomas, Ronan
Computer Vision and Pattern Recognition
Cryptography and Security
Deepfake detection systems deployed in real-world environments are subject to adversaries capable of crafting imperceptible perturbations that degrade model performance. While adversarial training is a widely adopted defense, its effectiveness under realistic conditions -- where attackers operate with limited knowledge and mismatched data distributions - remains underexplored. In this work, we extend the DUMB -- Dataset soUrces, Model architecture and Balance - and DUMBer methodology to deepfake detection. We evaluate detectors robustness against adversarial attacks under transferability constraints and cross-dataset configuration to extract real-world insights. Our study spans five state-of-the-art detectors (RECCE, SRM, XCeption, UCF, SPSL), three attacks (PGD, FGSM, FPBA), and two datasets (FaceForensics++ and Celeb-DF-V2). We analyze both attacker and defender perspectives mapping results to mismatch scenarios. Experiments show that adversarial training strategies reinforce robustness in the in-distribution cases but can also degrade it under cross-dataset configuration depending on the strategy adopted. These findings highlight the need for case-aware defense strategies in real-world applications exposed to adversarial attacks.
title Deepfake detectors are DUMB: A benchmark to assess adversarial training robustness under transferability constraints
topic Computer Vision and Pattern Recognition
Cryptography and Security
url https://arxiv.org/abs/2601.05986