Coherent adversarial deepfake video generation

•Adversarial attacks can be ancillary technique for deepfake videos to fool CNN-based detector.•Adversarial perturbations generated frame by frame disrupt the consistency of adjacent deepfake videos frames and only obtaining weakly adversarial deepfake videos.•A robust detection method which utilizing the coherence error is proposed to distinguish weakly adversarial deepfake videos from clean ones.•Coherent adversarial deepfake videos are not sensitive to human eyes and also can evade the detection of CNN-based deepfake video detection.•Optical flow helps restrict the temporal coherence of adversarial perturbations among frames and a well-designed adaptive distortion can measure the complexity of each frame to keep the adversarial modification imperceptible. Deepfake video has been rapidly developed and attracted public concerns due to its potential wide applications, deepfake videos can be easily distinguished by DNN-based detection approaches. As the vulnerability of DNNs, the adversarial attack can be an effective way to deteriorate the ability of deepfake detection, but current adversarial attack techniques are commonly designed for individual images, which are easily perceived at the video level. To reveal the weakness of current attack methods, we first propose a robust detector utilizing the temporal consistency to discriminate between the clean and perturbed ones aiming at weakly adversarial deepfake videos, achieving maximum success rates of 100%. Then we propose a novel framework for generating high-quality adversarial deepfake videos which can fool deepfake detectors and evade the detection of adversarial perturbations simultaneously. Two pivotal techniques are utilized for improving the visual quality and the imperceptibility of adversarial perturbations: (i) Optical flow is adopted to restrict the temporal coherence of adversarial perturbations among frames; (ii) An adaptive distortion cost that can measure the complexity of each frame and help to keep the adversarial modification imperceptible. We demonstrate the effectiveness of our methods in disrupting representative DNN-based deepfake detectors. Extensive experiments are conducted to show the great improvement in coherence, visual quality, and imperceptibility of the adversarial deepfake videos. Furthermore, We hope that our adversarial deepfake generation framework can shed some light on the detection methods to fix their weakness.