arxiv: 2605.08709 · v1 · submitted 2026-05-09 · 💻 cs.CV

Recognition: 2 theorem links

· Lean Theorem

UniShield: Unified Face Attack Detection via KG-Informed Multimodal Reasoning

Hongrui Li , Yichen Shi , Hongyang Wang , Yuhao Gao , Hui Ma , Jun Feng , Zitong Yu

Authors on Pith no claims yet

Pith reviewed 2026-05-12 01:04 UTC · model grok-4.3

classification 💻 cs.CV

keywords unified face attack detectionknowledge graphmultimodal reasoningspoof detectiondigital forgeryinstruction tuningconsistency optimization

0 comments

The pith

A face attack knowledge graph enables unified detection of physical spoofs and digital forgeries through consistent multimodal reasoning.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper aims to show that building a Face Attack Knowledge Graph to connect attack categories with diagnostic visual cues and relations can ground multimodal reasoning and improve unified face attack detection. It generates over 52,000 question-answer examples from the graph for instruction tuning and adds a consistency reward during optimization to keep generated rationales aligned with the graph's supported cues. A sympathetic reader would care because this targets the gap where current methods depend mainly on appearance correlations and offer limited evidence for decisions. The approach is tested on a multimodal benchmark covering binary, coarse-grained, and fine-grained protocols, with reported gains in accuracy and reductions in error rates over standard baselines and general multimodal models.

Core claim

UniShield constructs a Face Attack Knowledge Graph that links attack categories to diagnostic visual cues and attack-conditioned relations. It synthesizes 52,025 FAKG-QA examples for Attack-Graph Instruction Tuning and applies Graph-Consistent Reasoning Optimization with a KG-consistency reward to encourage rationales that match graph-supported cues while penalizing incompatible claims. Experiments on the multimodal UAD benchmark show strong performance with high accuracy and low half-total error rates across binary, coarse-grained, and fine-grained protocols, indicating that structured attack knowledge improves both detection accuracy and reasoning reliability over discriminative baselines.

What carries the argument

The Face Attack Knowledge Graph (FAKG), which encodes links between attack categories, diagnostic visual cues, and relations, used to create tuning data and supply the consistency reward that aligns model rationales with supported evidence.

If this is right

Structured knowledge from the graph supports higher accuracy and lower error rates across binary, coarse-grained, and fine-grained evaluation protocols.
The KG-consistency reward reduces generation of rationales that contradict the encoded visual cues and relations.
Detection moves from pure appearance correlations toward evidence-grounded reasoning that can cite specific cues.
The method outperforms both standard discriminative approaches and general-purpose multimodal models on the shared benchmark.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

If the graph captures generalizable cues, the same structure could be adapted to unify detection across additional attack surfaces such as video or audio streams.
Consistent rationales tied to an explicit graph might support human review processes by making the basis for each decision traceable to specific visual features.
Performance gains would likely disappear in an ablation that removes the graph component, confirming the knowledge structure as the main driver rather than generic tuning.

Load-bearing premise

The Face Attack Knowledge Graph accurately encodes diagnostic visual cues and relations for all attack categories, and the consistency reward produces genuine generalization rather than fitting synthetic patterns.

What would settle it

A controlled ablation that trains the same multimodal model without the knowledge graph or consistency reward and checks whether accuracy falls and error rates rise significantly on the multimodal UAD benchmark.

Figures

Figures reproduced from arXiv: 2605.08709 by Hongrui Li, Hongyang Wang, Hui Ma, Jun Feng, Yichen Shi, Yuhao Gao, Zitong Yu.

**Figure 2.** Figure 2: Overview of the UniShield framework, including FAKG-guided QA dataset construction, [PITH_FULL_IMAGE:figures/full_fig_p004_2.png] view at source ↗

**Figure 3.** Figure 3: FAKG-QA dataset composition. Inner/middle/outer rings indicate binary, coarse, and fine-grained labels [PITH_FULL_IMAGE:figures/full_fig_p007_3.png] view at source ↗

**Figure 4.** Figure 4: Example images in our dataset. on three NVIDIA A100 GPUs with 80GB memory. Our training pipeline consists of two stages: Attack-Graph Instruction Tuning (AGIT) and Graph-Consistent Reasoning Optimization (GCRO). In the AGIT stage, we perform full-parameter fine-tuning by updating the vision encoder, multimodal projector, and language model. In the GCRO stage, implemented with GRPO, we freeze the vision enc… view at source ↗

**Figure 5.** Figure 5: Comparison of multimodal models on the UAD task [PITH_FULL_IMAGE:figures/full_fig_p009_5.png] view at source ↗

**Figure 6.** Figure 6: Performance comparison between GRPO and GCRO. 5 Conclusion In this paper, we presented UniShield, a knowledge-grounded multimodal reasoning framework for unified face attack detection. By introducing the FAKG, we organize attack categories and diagnostic cues into a structured semantic space across heterogeneous physical and digital attack modalities. Our approach leverages AGIT and GCRO to encourage rati… view at source ↗

**Figure 7.** Figure 7: Multi-Hop Reasoning Q&A Generation Prompt [PITH_FULL_IMAGE:figures/full_fig_p015_7.png] view at source ↗

**Figure 8.** Figure 8: Image caption prompt Prompt: Please integrate the provided image description with the following question skeleton and generate a detailed, logical answer. Based on the image features, indicate why the image belongs to the mentioned attack type. Analyze factors such as facial expression, lighting, edge transitions, material, and more to provide an in-depth analysis of the attack type. Example Question Skele… view at source ↗

**Figure 9.** Figure 9: Fusion prompt process occurs after the generation of the QA reasoning framework but before the final multimodal fusion, acting as a rigorous quality gate. Semantic Consistency Verification via FAKG. Upon obtaining the QA reasoning framework from GraphGen, we first perform a structural validation. By parsing the entity-relation triplets (a, f, ϕ) within the framework, we match them against the canonical top… view at source ↗

**Figure 10.** Figure 10: Prompt for Logical Flow Verification. A.3.1 Multi-Stage Pruning for Hallucination Mitigation. We further leverage the MLLM’s semantic understanding to perform heuristic pruning. An example prompt template is shown in [PITH_FULL_IMAGE:figures/full_fig_p017_10.png] view at source ↗

**Figure 11.** Figure 11: Prompt for Heuristic Pruning 17 [PITH_FULL_IMAGE:figures/full_fig_p017_11.png] view at source ↗

read the original abstract

Unified face attack detection (UAD) requires recognizing physical spoofing and digital forgery within a shared decision space, yet existing discriminative or prompt-based methods largely rely on appearance correlations and provide limited evidence-grounded reasoning. We propose UniShield, a knowledge-grounded multimodal reasoning framework for unified face attack defense. UniShield constructs a Face Attack Knowledge Graph (FAKG) that links attack categories to diagnostic visual cues and attack-conditioned relations, and uses it to synthesize 52,025 FAKG-QA examples for Attack-Graph Instruction Tuning (AGIT). To improve rationale consistency, we further introduce Graph-Consistent Reasoning Optimization (GCRO), a GRPO-based objective with a KG-consistency reward that encourages generated rationales to match graph-supported cues while penalizing incompatible claims. Experiments on our multimodal UAD benchmark show that UniShield achieves strong performance across binary, coarse-grained, and fine-grained protocols, with consistently high ACC and low HTER. These results suggest that structured attack knowledge can improve both detection accuracy and reasoning reliability over discriminative baselines and general-purpose MLLMs. Our code will be released at https://anonymous.4open.science/r/Unishield-A6A3/.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Desk Editor's Note private letter to a colleague

UniShield adds a knowledge graph and consistency optimization to multimodal face attack detection, but the shared source for training data and benchmark creates a circularity concern that needs checking.

read the letter

The main takeaway is that this paper builds a Face Attack Knowledge Graph to generate 52k synthetic QA examples, tunes a multimodal model on them via AGIT, and adds a GRPO-based GCRO reward that pushes rationales to stay consistent with the graph. It then reports high accuracy and low HTER on their UAD benchmark across binary, coarse, and fine-grained settings. That pipeline is the concrete new piece: structured domain knowledge injected into an MLLM for a security task where pure visual correlation often falls short on explainability.

Referee Report

2 major / 1 minor

Summary. The paper proposes UniShield, a knowledge-grounded multimodal reasoning framework for unified face attack detection (UAD). It constructs a Face Attack Knowledge Graph (FAKG) linking attack categories to diagnostic visual cues, synthesizes 52,025 FAKG-QA examples for Attack-Graph Instruction Tuning (AGIT), and applies Graph-Consistent Reasoning Optimization (GCRO) with a KG-consistency reward to align rationales with the graph. Experiments on the authors' multimodal UAD benchmark report strong performance across binary, coarse-grained, and fine-grained protocols with high ACC and low HTER, suggesting improvements over discriminative baselines and general MLLMs.

Significance. If the performance gains hold under external validation, the integration of structured attack knowledge with multimodal LLMs could meaningfully advance UAD by enabling evidence-grounded reasoning rather than pure appearance correlations. The explicit code release commitment is a strength for reproducibility.

major comments (2)

[Experiments] Experiments section: The multimodal UAD benchmark and the 52,025 training QA examples are both derived from the same FAKG. This creates a closed loop where reported high ACC/low HTER may measure fidelity to the authors' curated relations rather than generalization to real physical/digital attacks; no external benchmarks or held-out real-world attack sets are described.
[Method] GCRO objective (method section): The KG-consistency reward penalizes incompatible claims relative to the authors' graph. While this enforces internal consistency, it does not guarantee that learned cues are diagnostic on distributions outside the synthetic FAKG data, undermining claims that GCRO improves robustness over standard GRPO or prompt-based methods.

minor comments (1)

[Abstract] Abstract lacks any numerical results, baseline names, or statistical details, which makes the headline performance claim difficult to evaluate at first reading.

Simulated Author's Rebuttal

2 responses · 0 unresolved

We thank the referee for the detailed and constructive review of our work on UniShield. We address each of the major comments point by point below, providing clarifications and indicating the revisions we will incorporate in the updated manuscript.

read point-by-point responses

Referee: [Experiments] Experiments section: The multimodal UAD benchmark and the 52,025 training QA examples are both derived from the same FAKG. This creates a closed loop where reported high ACC/low HTER may measure fidelity to the authors' curated relations rather than generalization to real physical/digital attacks; no external benchmarks or held-out real-world attack sets are described.

Authors: We appreciate the referee pointing out this potential limitation in our experimental design. The FAKG is indeed used to generate both the instruction-tuning data and the evaluation benchmark to ensure that the model is tested on its ability to perform knowledge-informed reasoning across binary, coarse-grained, and fine-grained detection tasks. While this setup allows for controlled evaluation of the proposed AGIT and GCRO components, we acknowledge that it does not include held-out real-world attack datasets independent of the graph. In the revised version, we will expand the Experiments section to include a discussion of the data sources, explicitly note the synthetic nature of the benchmark, and add a limitations paragraph outlining future directions for validation on external datasets. We believe this will provide a more transparent assessment of the framework's strengths and scope. revision: yes
Referee: [Method] GCRO objective (method section): The KG-consistency reward penalizes incompatible claims relative to the authors' graph. While this enforces internal consistency, it does not guarantee that learned cues are diagnostic on distributions outside the synthetic FAKG data, undermining claims that GCRO improves robustness over standard GRPO or prompt-based methods.

Authors: We concur that the KG-consistency reward in GCRO is specifically formulated to enforce alignment with the Face Attack Knowledge Graph, which is central to our goal of moving beyond appearance correlations toward evidence-grounded reasoning. This does prioritize internal consistency with the curated knowledge rather than broad generalization guarantees. Our experiments demonstrate relative improvements in accuracy and rationale quality over GRPO and prompt-based approaches on the benchmark, but we do not assert universal robustness. We will revise the Method section to better articulate the objectives and assumptions of GCRO, including caveats about its behavior on data distributions beyond the FAKG. This revision will help temper the claims and highlight the intended benefits of the approach. revision: partial

Circularity Check

1 steps flagged

GCRO reward defines reasoning reliability as fidelity to self-constructed FAKG

specific steps

self definitional [Abstract]
"To improve rationale consistency, we further introduce Graph-Consistent Reasoning Optimization (GCRO), a GRPO-based objective with a KG-consistency reward that encourages generated rationales to match graph-supported cues while penalizing incompatible claims."

The paper claims GCRO improves rationale consistency and reasoning reliability, yet the reward is defined precisely to reward matches to the authors' input FAKG and penalize deviations; therefore the consistency is enforced by construction rather than derived from the model or data.

full rationale

The paper constructs FAKG, synthesizes training QA pairs from it, and applies GCRO whose explicit reward term forces rationales to match the same graph. This makes the claimed improvement in 'reasoning reliability' a direct consequence of the optimization definition rather than an independent discovery. However, the reported detection metrics (ACC/HTER) on the multimodal UAD benchmark remain an empirical comparison against baselines and are not reduced to the inputs by construction, so the overall derivation retains independent content and does not reach higher circularity.

Axiom & Free-Parameter Ledger

0 free parameters · 1 axioms · 3 invented entities

The central claim rests on the authors' construction of the Face Attack Knowledge Graph and the effectiveness of the new AGIT and GCRO procedures; these are introduced without external validation or prior independent evidence.

axioms (1)

domain assumption Multimodal large language models can be tuned via instruction data and consistency rewards to produce reliable visual reasoning.
Implicit foundation for AGIT and GCRO.

invented entities (3)

Face Attack Knowledge Graph (FAKG) no independent evidence
purpose: Links attack categories to diagnostic visual cues and relations for QA synthesis.
Newly constructed by the authors; no independent evidence provided.
Attack-Graph Instruction Tuning (AGIT) no independent evidence
purpose: Trains the model on 52,025 synthetic QA examples derived from the graph.
New training procedure introduced in the work.
Graph-Consistent Reasoning Optimization (GCRO) no independent evidence
purpose: GRPO-based objective that rewards KG-consistent rationales.
New optimization method proposed here.

pith-pipeline@v0.9.0 · 5524 in / 1354 out tokens · 42775 ms · 2026-05-12T01:04:47.421431+00:00 · methodology

discussion (0)

Lean theorems connected to this paper

Citations machine-checked in the Pith Canon. Every link opens the source theorem in the public Lean library.

IndisputableMonolith/Foundation/Cost/FunctionalEquation.lean washburn_uniqueness_aczel unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

UniShield constructs a Face Attack Knowledge Graph (FAKG) that links attack categories to diagnostic visual cues... Graph-Consistent Reasoning Optimization (GCRO), a GRPO-based objective with a KG-consistency reward
IndisputableMonolith/Foundation/AlexanderDuality.lean alexander_duality_circle_linking unclear

?

unclear
Relation between the paper passage and the cited Recognition theorem.

Experiments on our multimodal UAD benchmark... high ACC and low HTER

What do these tags mean?

matches: The paper's claim is directly supported by a theorem in the formal canon.
supports: The theorem supports part of the paper's argument, but the paper may add assumptions or extra steps.
extends: The paper goes beyond the formal theorem; the theorem is a base layer rather than the whole result.
uses: The paper appears to rely on the theorem as machinery.
contradicts: The paper's claim conflicts with a theorem or certificate in the canon.
unclear: Pith found a possible connection, but the passage is too broad, indirect, or ambiguous to say the theorem truly supports the claim.

Reference graph

Works this paper leans on

42 extracted references · 42 canonical work pages · 6 internal anchors

[1]

Face anti-spoofing using patch and depth-based cnns

Yousef Atoum, Yaojie Liu, Amin Jourabloo, and Xiaoming Liu. Face anti-spoofing using patch and depth-based cnns. In2017 IEEE international joint conference on biometrics (IJCB), pages 319–328. IEEE, 2017

work page 2017
[2]

Qwen-VL: A Versatile Vision-Language Model for Understanding, Localization, Text Reading, and Beyond

Jinze Bai, Shuai Bai, Shusheng Yang, Shijie Wang, Sinan Tan, Peng Wang, Junyang Lin, Chang Zhou, and Jingren Zhou. Qwen-vl: A versatile vision-language model for understanding, localization, text reading, and beyond, 2023. URLhttps://arxiv.org/abs/2308.12966

work page internal anchor Pith review Pith/arXiv arXiv 2023
[3]

Deepfakeclip: Semantic-opposite prompt learning for general- izable deepfake detection.Knowledge-Based Systems, page 114681, 2025

Xueying Chen, Tianqiang Huang, Wenyu Liu, Zhenghong Wang, Wentong Li, Wei Huang, Riqing Chen, and Haifeng Luo. Deepfakeclip: Semantic-opposite prompt learning for general- izable deepfake detection.Knowledge-Based Systems, page 114681, 2025

work page 2025
[4]

Graphgen: Enhancing supervised fine-tuning for llms with knowledge-driven synthetic data generation, 2025

Zihong Chen, Wanli Jiang, Jinzhe Li, Zhonghang Yuan, Huanjun Kong, Wanli Ouyang, and Nanqing Dong. Graphgen: Enhancing supervised fine-tuning for llms with knowledge-driven synthetic data generation, 2025. URLhttps://arxiv.org/abs/2505.20416

work page arXiv 2025
[5]

Unified physical-digital face attack detection, 2024

Hao Fang, Ajian Liu, Haocheng Yuan, Junze Zheng, Dingheng Zeng, Yanhong Liu, Jiankang Deng, Sergio Escalera, Xiaoming Liu, Jun Wan, and Zhen Lei. Unified physical-digital face attack detection, 2024. URLhttps://arxiv.org/abs/2401.17699

work page arXiv 2024
[6]

Gemini models: Gemini 3 pro

Google. Gemini models: Gemini 3 pro. https://ai.google.dev/gemini-api/docs/ models, 2025. Accessed: 2026-02-12

work page 2025
[7]

Deepfake detection by analyzing convolutional traces

Luca Guarnera, Oliver Giudice, and Sebastiano Battiato. Deepfake detection by analyzing convolutional traces. InProceedings of the IEEE/CVF conference on computer vision and pattern recognition workshops, pages 666–667, 2020

work page 2020
[8]

Daya Guo, Dejian Yang, Haowei Zhang, Junxiao Song, Peiyi Wang, Qihao Zhu, Runxin Xu, Ruoyu Zhang, Shirong Ma, Xiao Bi, Xiaokang Zhang, Xingkai Yu, Yu Wu, Z. F. Wu, Zhibin Gou, Zhihong Shao, Zhuoshu Li, Ziyi Gao, Aixin Liu, Bing Xue, Bingxuan Wang, Bochao Wu, Bei Feng, Chengda Lu, Chenggang Zhao, Chengqi Deng, Chong Ruan, Damai Dai, Deli Chen, Dongjie Ji, ...

work page doi:10.1038/s41586-025-09422-z 2025
[9]

Vlforgery face triad: Detection, localization and attribution via multimodal large language models, 2025

Xinan He, Yue Zhou, Bing Fan, Bin Li, Guopu Zhu, and Feng Ding. Vlforgery face triad: Detection, localization and attribution via multimodal large language models, 2025. URL https://arxiv.org/abs/2503.06142. 10

work page arXiv 2025
[10]

Fine-grained prompt learning for face anti-spoofing

Xueli Hu, Huan Liu, Haocheng Yuan, Zhiyang Fu, Yizhi Luo, Ning Zhang, Hang Zou, Jianwen Gan, and Yuan Zhang. Fine-grained prompt learning for face anti-spoofing. InProceedings of the 32nd ACM International Conference on Multimedia, pages 7619–7628, 2024

work page 2024
[11]

BLIP-2: Bootstrapping Language-Image Pre-training with Frozen Image Encoders and Large Language Models

Junnan Li, Dongxu Li, Silvio Savarese, and Steven Hoi. Blip-2: Bootstrapping language- image pre-training with frozen image encoders and large language models, 2023. URL https: //arxiv.org/abs/2301.12597

work page internal anchor Pith review Pith/arXiv arXiv 2023
[12]

Face x-ray for more general face forgery detection, 2020

Lingzhi Li, Jianmin Bao, Ting Zhang, Hao Yang, Dong Chen, Fang Wen, and Baining Guo. Face x-ray for more general face forgery detection, 2020. URL https://arxiv.org/abs/ 1912.13458

work page arXiv 2020
[13]

Casia-surf cefa: A benchmark for multi-modal cross-ethnicity face anti-spoofing

Ajian Liu, Zichang Tan, Jun Wan, Sergio Escalera, Guodong Guo, and Stan Z Li. Casia-surf cefa: A benchmark for multi-modal cross-ethnicity face anti-spoofing. InProceedings of the IEEE/CVF winter conference on applications of computer vision, pages 1179–1187, 2021

work page 2021
[14]

Cfpl-fas: Class free prompt learning for generalizable face anti-spoofing, 2024

Ajian Liu, Shuai Xue, Jianwen Gan, Jun Wan, Yanyan Liang, Jiankang Deng, Sergio Escalera, and Zhen Lei. Cfpl-fas: Class free prompt learning for generalizable face anti-spoofing, 2024. URLhttps://arxiv.org/abs/2403.14333

work page arXiv 2024
[15]

Benchmarking unified face attack detection via hierarchical prompt tuning, 2025

Ajian Liu, Haocheng Yuan, Xiao Guo, Hui Ma, Wanyi Zhuang, Changtao Miao, Yan Hong, Chuanbiao Song, Jun Lan, Qi Chu, Tao Gong, Yanyan Liang, Weiqiang Wang, Jun Wan, Xiaoming Liu, and Zhen Lei. Benchmarking unified face attack detection via hierarchical prompt tuning, 2025. URLhttps://arxiv.org/abs/2505.13327

work page arXiv 2025
[16]

Y . Liu, A. Jourabloo, and X. Liu. Learning deep models for face anti-spoofing: Binary or auxiliary supervision. InCVPR, 2018

work page 2018
[17]

Nguyen, Junichi Yamagishi, and Isao Echizen

Huy H. Nguyen, Junichi Yamagishi, and Isao Echizen. Capsule-forensics: Using capsule networks to detect forged images and videos, 2018. URL https://arxiv.org/abs/1810. 11215

work page 2018
[18]

Learning Transferable Visual Models From Natural Language Supervision

Alec Radford, Jong Wook Kim, Chris Hallacy, Aditya Ramesh, Gabriel Goh, Sandhini Agar- wal, Girish Sastry, Amanda Askell, Pamela Mishkin, Jack Clark, Gretchen Krueger, and Ilya Sutskever. Learning transferable visual models from natural language supervision, 2021. URL https://arxiv.org/abs/2103.00020

work page internal anchor Pith review Pith/arXiv arXiv 2021
[19]

Faceforensics++: Learning to detect manipulated facial images

Andreas Rossler, Davide Cozzolino, Luisa Verdoliva, Christian Riess, Justus Thies, and Matthias Nießner. Faceforensics++: Learning to detect manipulated facial images. InProceedings of the IEEE/CVF international conference on computer vision, pages 1–11, 2019

work page 2019
[20]

Shield : An evaluation benchmark for face spoofing and forgery detection with multimodal large language models, 2025

Yichen Shi, Yuhao Gao, Yingxin Lai, Hongyang Wang, Jun Feng, Lei He, Jun Wan, Changsheng Chen, Zitong Yu, and Xiaochun Cao. Shield : An evaluation benchmark for face spoofing and forgery detection with multimodal large language models, 2025. URL https://arxiv.org/ abs/2402.04178

work page arXiv 2025
[21]

OpenAI GPT-5 System Card

Aaditya Singh, Adam Fry, Adam Perelman, Adam Tart, Adi Ganesh, Ahmed El-Kishky, Aidan McLaughlin, Aiden Low, AJ Ostrow, Akhila Ananthram, Akshay Nathan, Alan Luo, Alec Helyar, Aleksander Madry, Aleksandr Efremov, Aleksandra Spyra, Alex Baker-Whitcomb, Alex Beutel, Alex Karpenko, Alex Makelov, Alex Neitz, Alex Wei, Alexandra Barr, Alexandre Kirchmeyer, Ale...

work page internal anchor Pith review Pith/arXiv arXiv 2025
[22]

C2p-clip: Injecting category common prompt in clip to enhance generalization in deepfake detection

Chuangchuang Tan, Renshuai Tao, Huan Liu, Guanghua Gu, Baoyuan Wu, Yao Zhao, and Yunchao Wei. C2p-clip: Injecting category common prompt in clip to enhance generalization in deepfake detection. InProceedings of the AAAI Conference on Artificial Intelligence, volume 39, pages 7184–7192, 2025

work page 2025
[23]

GLM-4.5V and GLM-4.1V-Thinking: Towards Versatile Multimodal Reasoning with Scalable Reinforcement Learning

V Team, Wenyi Hong, Wenmeng Yu, Xiaotao Gu, Guo Wang, Guobing Gan, Haomiao Tang, Jiale Cheng, Ji Qi, Junhui Ji, Lihang Pan, Shuaiqi Duan, Weihan Wang, Yan Wang, Yean Cheng, Zehai He, Zhe Su, Zhen Yang, Ziyang Pan, Aohan Zeng, Baoxu Wang, Bin Chen, Boyan Shi, Changyu Pang, Chenhui Zhang, Da Yin, Fan Yang, Guoqing Chen, Jiazheng Xu, Jiale Zhu, Jiali Chen, J...

work page internal anchor Pith review Pith/arXiv arXiv 2025
[24]

Knowledge-guided prompt learning for deepfake facial image detection, 2025

Hao Wang, Cheng Deng, and Zhidong Zhao. Knowledge-guided prompt learning for deepfake facial image detection, 2025. URLhttps://arxiv.org/abs/2501.00700

work page arXiv 2025
[25]

Faceshield: Explainable face anti-spoofing with multimodal large language models, 2025

Hongyang Wang, Yichen Shi, Zhuofu Tao, Yuhao Gao, Liepiao Zhang, Xun Lin, Jun Feng, Xiaochen Yuan, Zitong Yu, and Xiaochun Cao. Faceshield: Explainable face anti-spoofing with multimodal large language models, 2025. URLhttps://arxiv.org/abs/2505.09415

work page arXiv 2025
[26]

Jianwei Yang, Zhen Lei, and Stan Z. Li. Learn convolutional neural network for face anti- spoofing, 2014. URLhttps://arxiv.org/abs/1408.5601

work page arXiv 2014
[27]

Unlocking the capabilities of large vision-language models for generalizable and explainable deepfake detection, 2025

Peipeng Yu, Jianwei Fei, Hui Gao, Xuan Feng, Zhihua Xia, and Chip Hong Chang. Unlocking the capabilities of large vision-language models for generalizable and explainable deepfake detection, 2025. URLhttps://arxiv.org/abs/2503.14853

work page arXiv 2025
[28]

Searching central difference convolutional networks for face anti-spoofing,

Zitong Yu, Chenxu Zhao, Zezheng Wang, Yunxiao Qin, Zhuo Su, Xiaobai Li, Feng Zhou, and Guoying Zhao. Searching central difference convolutional networks for face anti-spoofing,

work page
[29]

URLhttps://arxiv.org/abs/2003.04092

work page arXiv 2003
[30]

Zitong Yu, Rizhao Cai, Zhi Li, Wenhan Yang, Jingang Shi, and Alex C. Kot. Benchmarking joint face spoofing and forgery detection with visual and physiological cues, 2024. URL https://arxiv.org/abs/2208.05401

work page arXiv 2024
[31]

Harnessing chain-of-thought reasoning in multimodal large language models for face anti- spoofing, 2026

Honglu Zhang, Zhiqin Fang, Ningning Zhao, Saihui Hou, Long Ma, Renwang Pei, and Zhaofeng He. Harnessing chain-of-thought reasoning in multimodal large language models for face anti- spoofing, 2026. URLhttps://arxiv.org/abs/2506.01783

work page arXiv 2026
[32]

Learning to prompt for vision-language models.International journal of computer vision, 130(9):2337–2348, 2022

Kaiyang Zhou, Jingkang Yang, Chen Change Loy, and Ziwei Liu. Learning to prompt for vision-language models.International journal of computer vision, 130(9):2337–2348, 2022

work page 2022
[33]

MiniGPT-4: Enhancing Vision-Language Understanding with Advanced Large Language Models

Deyao Zhu, Jun Chen, Xiaoqian Shen, Xiang Li, and Mohamed Elhoseiny. Minigpt-4: En- hancing vision-language understanding with advanced large language models, 2023. URL https://arxiv.org/abs/2304.10592

work page internal anchor Pith review Pith/arXiv arXiv 2023
[34]

La-softmoe clip for unified physical-digital face attack detection, 2024

Hang Zou, Chenxi Du, Hui Zhang, Yuan Zhang, Ajian Liu, Jun Wan, and Zhen Lei. La-softmoe clip for unified physical-digital face attack detection, 2024. URL https://arxiv.org/abs/ 2408.12793. 13 A FAKG-QA Construction and Detailed Prompting A.1 FAKG Knowledge Graph Construction To construct the Face Attack Knowledge Graph (FAKG), we leverage the UniAttackD...

work page arXiv 2024
[35]

Unnatural lighting --Relations--

work page
[36]

2D-Print: Print is a type of 2D attack

work page
[37]

Print-Paper edge: Print attacks are often accompanied by paper edges

work page
[38]

paper edge

Print-Unnatural lighting: Print attacks often cause lighting inconsistencies Question: What type of face attack is present in the given image, and why? Answer: It is a Print attack, which belongs to the 2D attack category. This is because the lighting is inconsistent and lacks natural shadows. In addition, paper edges can be observed around the image, whi...

work page
[39]

Image Caption: {caption}

work page
[40]

clinical-style

Proposed QA Rationale: {rationale} Task: Determine whether the reasoning is logically consistent with the visual evidence described in the caption. Output one of the following labels: - Consistent - Fact-Conflict A conflict occurs if the reasoning assumes artifacts or evidence that contradict the visual description. Figure 10: Prompt for Logical Flow Veri...

work page
[41]

Logical Complexity: Does the reasoning involve multi-step analysis or merely a simple statement?

work page
[42]

Samples with low complexity or low information gain should be discarded

Information Gain: Does the dialogue contain meaningful forensic cues that help distinguish different attack types? Output a score from 1-5 for each dimension. Samples with low complexity or low information gain should be discarded. Heuristic Pruning Prompt Figure 11: Prompt for Heuristic Pruning 17

work page