Explainability-Driven Adversarial Robustness Assessment for Generalized Deepfake Detectors | Research Square window.SnipcartSettings = { analytics: { enabled: false } }; (function() { var accessVector = localStorage.getItem('access_vector') || ''; window.dataLayer = window.dataLayer || []; if (accessVector) { window.dataLayer.push({ user: { profile: { profileInfo: { snid: accessVector } } } }); } })(); (function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src='https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);})(window,document,'script','dataLayer','GTM-K279D39R'); Browse Preprints In Review Journals COVID-19 Preprints AJE Video Bytes Research Tools Research Promotion AJE Professional Editing AJE Rubriq About Preprint Platform In Review Editorial Policies Our Team Advisory Board Help Center Sign In Submit a Preprint Cite Share Download PDF Research Article Explainability-Driven Adversarial Robustness Assessment for Generalized Deepfake Detectors Lorenzo Cirillo, Andrea Gervasio, Irene Amerini This is a preprint; it has not been peer reviewed by a journal. https://doi.org/ 10.21203/rs.3.rs-6473433/v1 This work is licensed under a CC BY 4.0 License Status: Published Journal Publication published 05 Aug, 2025 Read the published version in EURASIP Journal on Information Security → Version 1 posted 11 You are reading this latest preprint version Abstract The capabilities of generative models to produce high-quality fake images require deepfake detectors to be accurate and have strong generalization performance. Moreover, the explainability and adversarial robustness of deepfake detectors are critical to apply such models in real-world scenarios. In this paper, we propose a framework that leverages explainability to assess the adversarial robustness of deepfake detectors. Specifically, we apply feature attribution methods to identify image regions where the model is focusing to make its prediction. Then we use the generated heatmaps to perform an explainability-driven attack, perturbing the most relevant and irrelevant regions with gradient-based adversarial techniques. We feed the model with the resulting adversarial images and measure the accuracy drop and the attack success rate. We tested our methodology on state-of-the-art models with strong generalization abilities, providing a comprehensive and explainability-driven evaluation of their robustness. Experimental results show the explainability analysis serves as a tool to reveal vulnerabilities of generalized deepfake detectors to adversarial attacks. Deepfake detection Model explainability Adversarial robustness Generalized deepfake detectors Explainability-driven attack Full Text Additional Declarations No competing interests reported. Cite Share Download PDF Status: Published Journal Publication published 05 Aug, 2025 Read the published version in EURASIP Journal on Information Security → Version 1 posted Editorial decision: Revision requested 06 Jun, 2025 Reviews received at journal 30 May, 2025 Reviews received at journal 12 May, 2025 Reviewers agreed at journal 05 May, 2025 Reviews received at journal 01 May, 2025 Reviewers agreed at journal 01 May, 2025 Reviewers agreed at journal 29 Apr, 2025 Reviewers invited by journal 28 Apr, 2025 Editor assigned by journal 28 Apr, 2025 Submission checks completed at journal 21 Apr, 2025 First submitted to journal 17 Apr, 2025 You are reading this latest preprint version Research Square lets you share your work early, gain feedback from the community, and start making changes to your manuscript prior to peer review in a journal. As a division of Research Square Company, we’re committed to making research communication faster, fairer, and more useful. We do this by developing innovative software and high quality services for the global research community. Our growing team is made up of researchers and industry professionals working together to solve the most critical problems facing scientific publishing. Also discoverable on Platform About Our Team In Review Editorial Policies Advisory Board Help Center Resources Author Services Accessibility API Access RSS feed Manage Cookie Preferences © Research Square 2026 | ISSN 2693-5015 (online) Privacy Policy Terms of Service Do Not Sell My Personal Information {"props":{"pageProps":{"initialData":{"identity":"rs-6473433","acceptedTermsAndConditions":true,"allowDirectSubmit":false,"archivedVersions":[],"articleType":"Research Article","associatedPublications":[],"authors":[{"id":449506831,"identity":"1bd03b9d-4932-4af5-b7b9-019b4fa50ce1","order_by":0,"name":"Lorenzo Cirillo","email":"data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAZAAAAAyAQMAAABI0h/eAAAABlBMVEX///8AAABVwtN+AAAACXBIWXMAAA7EAAAOxAGVKw4bAAAA/klEQVRIie3PMWvCQBTA8Rce3C1Pbw0o9itcyXq0XyVSuCwVHAsdFAJ2ElfzLTJljgT0Kwh1UPwCkY516KXGinDJ3OH+013Ij/cOwOX6h3X/TgiQ78cwAPCm1Z2qL7bYHQklBFfSB7QbdnczZDitzwoaxjA+PxzHZwXio3MwU1SUfsaz8vT6RMBFbiW0CYIlafALLg3Ro3S3ipMke6HGxXzNeuQXIJFVbylG6XYYYyfDNsK/Sd5IJC9k0joFKbyRsCZFM6E19ijXZrdfoh8TQ7wk2xBDlDYi+Mz7orMaiMUay/JNPXS30RFO2fuzEKu9dUwdWRZo+9/lcrlcrf0Ac8xN8hj8k28AAAAASUVORK5CYII=","orcid":"","institution":"Sapienza University of Rome","correspondingAuthor":true,"prefix":"","firstName":"Lorenzo","middleName":"","lastName":"Cirillo","suffix":""},{"id":449506832,"identity":"aad0b9b0-aa5e-46cd-aaf8-dc7c29ff8f38","order_by":1,"name":"Andrea Gervasio","email":"","orcid":"","institution":"Sapienza University of Rome","correspondingAuthor":false,"prefix":"","firstName":"Andrea","middleName":"","lastName":"Gervasio","suffix":""},{"id":449506833,"identity":"ac62a41a-d3d3-4079-a245-4200f41df545","order_by":2,"name":"Irene Amerini","email":"","orcid":"","institution":"Sapienza University of Rome","correspondingAuthor":false,"prefix":"","firstName":"Irene","middleName":"","lastName":"Amerini","suffix":""}],"badges":[],"createdAt":"2025-04-17 16:23:15","currentVersionCode":1,"declarations":"","doi":"10.21203/rs.3.rs-6473433/v1","doiUrl":"https://doi.org/10.21203/rs.3.rs-6473433/v1","draftVersion":[],"editorialEvents":[{"content":"https://doi.org/10.1186/s13635-025-00211-9","type":"published","date":"2025-08-05T15:58:03+00:00"}],"editorialNote":"","failedWorkflow":false,"files":[{"id":88814217,"identity":"c595d25b-4e8b-426c-95e8-8c0a227e355a","added_by":"auto","created_at":"2025-08-11 16:08:35","extension":"pdf","order_by":1,"title":"","display":"","copyAsset":false,"role":"manuscript-pdf","size":1189220,"visible":true,"origin":"","legend":"","description":"","filename":"eurasipdeepfake.pdf","url":"https://assets-eu.researchsquare.com/files/rs-6473433/v1_covered_0dad28c2-d1bf-4bbc-9420-248e547dc4be.pdf"}],"financialInterests":"No competing interests reported.","formattedTitle":"Explainability-Driven Adversarial Robustness Assessment for Generalized Deepfake Detectors","fulltext":[],"fulltextSource":"","fullText":"","funders":[],"hasAdminPriorityOnWorkflow":false,"hasManuscriptDocX":false,"hasOptedInToPreprint":true,"hasPassedJournalQc":"","hasAnyPriority":false,"hideJournal":false,"highlight":"","institution":"","isAcceptedByJournal":true,"isAuthorSuppliedPdf":true,"isDeskRejected":"","isHiddenFromSearch":false,"isInQc":false,"isInWorkflow":false,"isPdf":true,"isPdfUpToDate":true,"isWithdrawnOrRetracted":false,"journal":{"display":true,"email":"
[email protected]","identity":"eurasip-journal-on-information-security","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"jins","sideBox":"Learn more about [EURASIP Journal on Information Security](https://jis-eurasipjournals.springeropen.com/)","snPcode":"13635","submissionUrl":"https://submission.nature.com/new-submission/13635/3","title":"EURASIP Journal on Information Security","twitterHandle":"@SpringerEng","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"stoa","reportingPortfolio":"BMC/SO AJ","inReviewEnabled":true,"inReviewRevisionsEnabled":true},"keywords":"Deepfake detection, Model explainability, Adversarial robustness, Generalized deepfake detectors, Explainability-driven attack","lastPublishedDoi":"10.21203/rs.3.rs-6473433/v1","lastPublishedDoiUrl":"https://doi.org/10.21203/rs.3.rs-6473433/v1","license":{"name":"CC BY 4.0","url":"https://creativecommons.org/licenses/by/4.0/"},"manuscriptAbstract":"\u003cp\u003eThe capabilities of generative models to produce high-quality fake images require deepfake detectors to be accurate and have strong generalization performance. Moreover, the explainability and adversarial robustness of deepfake detectors are critical to apply such models in real-world scenarios. In this paper, we propose a framework that leverages explainability to assess the adversarial robustness of deepfake detectors. Specifically, we apply feature attribution methods to identify image regions where the model is focusing to make its prediction. Then we use the generated heatmaps to perform an explainability-driven attack, perturbing the most relevant and irrelevant regions with gradient-based adversarial techniques. We feed the model with the resulting adversarial images and measure the accuracy drop and the attack success rate. We tested our methodology on state-of-the-art models with strong generalization abilities, providing a comprehensive and explainability-driven evaluation of their robustness. Experimental results show the explainability analysis serves as a tool to reveal vulnerabilities of generalized deepfake detectors to adversarial attacks.\u003c/p\u003e","manuscriptTitle":"Explainability-Driven Adversarial Robustness Assessment for Generalized Deepfake Detectors","msid":"","msnumber":"","nonDraftVersions":[{"code":1,"date":"2025-04-30 01:39:41","doi":"10.21203/rs.3.rs-6473433/v1","editorialEvents":[{"type":"communityComments","content":0},{"type":"decision","content":"Revision requested","date":"2025-06-06T08:40:49+00:00","index":"","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2025-05-30T14:54:44+00:00","index":"hide","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2025-05-12T07:05:06+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"257305717957591791486810088896143834426","date":"2025-05-05T08:24:42+00:00","index":"hide","fulltext":""},{"type":"editorInvitedReview","content":"","date":"2025-05-02T03:44:40+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"223528917599992146089483519764730189205","date":"2025-05-02T03:12:00+00:00","index":"hide","fulltext":""},{"type":"reviewerAgreed","content":"121018617948787453921447320239507288373","date":"2025-04-29T06:55:04+00:00","index":"hide","fulltext":""},{"type":"reviewersInvited","content":"","date":"2025-04-28T16:45:06+00:00","index":"","fulltext":""},{"type":"editorAssigned","content":"","date":"2025-04-28T14:19:39+00:00","index":"","fulltext":""},{"type":"checksComplete","content":"","date":"2025-04-21T12:28:56+00:00","index":"","fulltext":""},{"type":"submitted","content":"EURASIP Journal on Information Security","date":"2025-04-17T16:11:09+00:00","index":"","fulltext":""}],"status":"published","journal":{"display":true,"email":"
[email protected]","identity":"eurasip-journal-on-information-security","isNatureJournal":false,"hasQc":true,"allowDirectSubmit":false,"externalIdentity":"jins","sideBox":"Learn more about [EURASIP Journal on Information Security](https://jis-eurasipjournals.springeropen.com/)","snPcode":"13635","submissionUrl":"https://submission.nature.com/new-submission/13635/3","title":"EURASIP Journal on Information Security","twitterHandle":"@SpringerEng","acdcEnabled":true,"dfaEnabled":true,"editorialSystem":"stoa","reportingPortfolio":"BMC/SO AJ","inReviewEnabled":true,"inReviewRevisionsEnabled":true}}],"origin":"","ownerIdentity":"9ce339d4-33d4-4de5-ae27-48093674db11","owner":[],"postedDate":"April 30th, 2025","published":true,"recentEditorialEvents":[],"rejectedJournal":[],"revision":"","amendment":"","status":"published-in-journal","subjectAreas":[],"tags":[],"updatedAt":"2025-08-11T16:04:03+00:00","versionOfRecord":{"articleIdentity":"rs-6473433","link":"https://doi.org/10.1186/s13635-025-00211-9","journal":{"identity":"eurasip-journal-on-information-security","isVorOnly":false,"title":"EURASIP Journal on Information Security"},"publishedOn":"2025-08-05 15:58:03","publishedOnDateReadable":"August 5th, 2025"},"versionCreatedAt":"2025-04-30 01:39:41","video":"","vorDoi":"10.1186/s13635-025-00211-9","vorDoiUrl":"https://doi.org/10.1186/s13635-025-00211-9","workflowStages":[]},"version":"v1","identity":"rs-6473433","journalConfig":"researchsquare"},"__N_SSP":true},"page":"/article/[identity]/[[...version]]","query":{"redirect":"/article/rs-6473433","identity":"rs-6473433","version":["v1"]},"buildId":"8U1c8b4HqxoKbykW_rLl7","isFallback":false,"isExperimentalCompile":false,"dynamicIds":[84888],"gssp":true,"scriptLoader":[]}
Text is read by the "Ask this paper" AI Q&A widget below.
Extraction quality varies by source — PMC NXML preserves structure
cleanly, OA-HTML may include some navigation residue, and OA-PDF can
have broken hyphenation. The publisher copy
(via DOI)
is the canonical version.