To address identity residual leakage and stigmatization risks arising from deepfake misuse, this paper proposes an end-to-end transferable adversarial perturbation framework. Methodologically, we introduce the Identity Disruption Module (IDM)—the first of its kind—which formulates multi-model forgery interference as a multi-task learning problem and incorporates dynamic weighted loss to enhance cross-model generalizability. The framework generates visually imperceptible perturbations via a single encoder-decoder forward pass, enabling plug-and-play integration and joint deployment with adversarial training. Extensive experiments demonstrate that our approach significantly reduces identity recognizability in forged images across multiple state-of-the-art face manipulation models, while evading detection by mainstream forensic and identity recognition systems. It thus achieves a favorable trade-off between defense efficacy and stealth.

The misuse of deep learning-based facial manipulation poses a significant threat to civil rights. To prevent this fraud at its source, proactive defense has been proposed to disrupt the manipulation process by adding invisible adversarial perturbations into images, making the forged output unconvincing to observers. However, the non-specific disruption against the output may lead to the retention of identifiable facial features, potentially resulting in the stigmatization of the individual. This paper proposes a universal framework for combating facial manipulation, termed ID-Guard. Specifically, this framework operates with a single forward pass of an encoder-decoder network to produce a cross-model transferable adversarial perturbation. A novel Identity Destruction Module (IDM) is introduced to degrade identifiable features in forged faces. We optimize the perturbation generation by framing the disruption of different facial manipulations as a multi-task learning problem, and a dynamic weight strategy is devised to enhance cross-model performance. Experimental results demonstrate that the proposed ID-Guard exhibits strong efficacy in defending against various facial manipulation models, effectively degrading identifiable regions in manipulated images. It also enables disrupted images to evade facial inpainting and image recognition systems. Additionally, ID-Guard can seamlessly function as a plug-and-play component, integrating with other tasks such as adversarial training.