University of Queensland · School of EECS

Detection you can defend. Explanations you can act on.

Research across deepfake detection, multimodal misinformation, audio forensics, and AI security.

Explore research Get in touch
About

Applied forensic AI for high-stakes digital evidence

Led by Dr Priyanka Singh, Senior Lecturer in Cyber Security at The University of Queensland, the group works across cyber security, digital forensics, privacy and security, homomorphic encryption, cloud computing and AI-enabled content authentication.

Our core problem is urgent: synthetic and manipulated media is becoming easier to generate, harder to detect and more persuasive when paired with misleading captions or narratives. The lab studies the full chain from manipulation and propagation to detection, explanation, provenance and trustworthy user-facing verification.

We focus on systems that can survive real deployment: robust models, auditable evidence, privacy-aware workflows and outputs that people outside a benchmark setting can understand.

News

Recent news and public updates

Recent public commentary, cyber security engagement and lab updates.

ICC 2026

UQ Cyber and AUSCERT to host the International Cybersecurity Challenge

The 2026 International Cybersecurity Challenge will be held on the Gold Coast from 18–21 May, bringing global cyber talent to Australia.

UQ Cyber · 18–21 May 2026

Event page →
Media commentary

ABC News Hour commentary on the Canvas data breach

Dr Singh discussed the global Canvas breach affecting education institutions and the importance of calm, evidence-based public cyber security communication.

ABC News Hour · May 2026

ABC News

Expert commentary on AI-generated fake digital IDs

ABC News quoted Dr Singh on the rise of AI-generated fake digital IDs and the risks created when synthetic identity documents become easy to produce.

ABC News · 2025

Read ABC story →
Public guide

How to spot a deepfake video

UQ Contact asked Dr Singh to explain deepfake risks and practical verification cues for public audiences in the Sora 2 era.

UQ Contact

Read guide →
Public guide

What even are internet cookies?

UQ Contact featured Dr Singh in a plain-language explainer on cookies, tracking, login persistence and online privacy.

UQ Contact

Read story →
Research

Research areas

Six active research directions across multimedia forensics, network security, audio deepfake detection and AI safety. Select a card to view figures and context from the underlying papers.

Multimodal manipulation & misinformation detection

Manipulation is increasingly a communication problem, not just a pixel-level artefact problem. Persuasive posts can pair a real image with a misleading caption, a generated image with a true caption, or a coordinated package of image, text and external context. Our work treats detection as a region-aware and evidence-aware reasoning task.

  • SGS (Segmentation-Guided Scoring) extends HAMMER to handle global scene inconsistencies, such as a politician giving a speech in front of an erupting volcano, by separating foreground and background regions and comparing their semantic descriptions.
  • D-SECURE combines a content-based manipulation detector (HAMMER) with a retrieval-based fact-checker (DEFAME) so the same pipeline can catch both subtle local edits and globally fabricated claims.
SGS pipeline: foreground and background crops are captioned by BLIP, embedded, and compared to produce a coherence score
SGS pipeline. Foreground and background crops are captioned independently (BLIP), embedded into a shared semantic space (MiniLM), and compared. A low similarity flags FG–BG inconsistency. Singh et al., SGS: Segmentation-Guided Scoring for Global Scene Inconsistencies, 2025.
D-SECURE rule-based scheme combining DEFAME and HAMMER outputs
D-SECURE rule-based fusion. DEFAME provides the global factual verdict and HAMMER supplies local manipulation grounding; rule cases distinguish refuted, locally-but-globally-supported, manipulated-but-unverifiable, and NEI. Singh, Amarasinghe and Singh, D-SECURE: Dual-Source Evidence Combination, 2026.

Explainable deepfake detection

DF-P2E reframes deepfake detection as an explanation pipeline. Instead of stopping at a confidence score, it combines a classifier, Grad-CAM-style visual evidence, image-to-text captioning and LLM-based narrative refinement so users can inspect the reasons behind a verdict and ask follow-up questions about it.

  • The classifier produces the initial real/fake decision and confidence.
  • A captioning module describes manipulated regions in forensic-aware language.
  • An LLM refinement layer adapts the explanation to non-expert audiences (journalists, investigators, legal users).
Comparison of conventional deepfake detectors with DF-P2E
Comparison with existing pipelines. Conventional detectors output class + confidence; DF-P2E adds Grad-CAM, image-to-text and LLM narrative refinement. Tariq et al., DF-P2E, ACM Multimedia 2025.
DF-P2E overall workflow
Overall workflow. From dataset and preprocessing through detector and XAI methods to enriched and refined natural-language explanation.
DF-P2E deployed user interface
User interface. Upload image, detection verdict, GradCAM analysis and a chat-style explanation refinement for non-technical users.

Cross-domain audio deepfake detection

Audio deepfake detectors trained on one dataset routinely fail on another because of differences in recording conditions, codecs and synthesis methods. We study lightweight, interpretable pipelines that adapt detectors across domains without target-domain labels.

  • Pre-trained Wav2Vec 2.0 embeddings provide a strong self-supervised front end.
  • A modular sequence (power transform, ANOVA-based feature selection, joint PCA, and CORAL alignment) narrows the gap between source and target distributions.
  • The pipeline is transparent and ablatable, making each step's contribution easy to audit before deployment.
Cross-domain audio deepfake detection pipeline
Cross-domain pipeline. Wav2Vec2 embeddings → Yeo-Johnson power transform → ANOVA feature selection → Joint PCA → CORAL → logistic regression. Thani, Singh and Singh, Unsupervised Domain Adaptation for Audio Deepfake Detection, 2026.
CORAL domain alignment effect, before and after
CORAL alignment effect. Source (ASVspoof) and target (FoR) covariance structures are matched, reducing the inter-domain gap and improving cross-domain accuracy.

Explainable network intrusion detection

Network intrusion detection systems often deliver near-perfect benchmark numbers but offer little for the analyst on the other end of an alert. eX-NIDS adds an LLM-based explanation layer that turns flagged NetFlows into human-readable justifications, augmented with cyber threat intelligence and protocol context.

  • The Prompt Augmenter extracts IP threat intelligence, geo-localisation, IP history and protocol IDs for each malicious flow.
  • This context is fused with a base prompt, then sent to an LLM (Llama 3 / GPT-4) to generate explanations.
  • A novel evaluation framework checks the explanations for correctness, factual consistency and feature consistency.
High-level overview of the eX-NIDS hybrid framework
eX-NIDS framework. Malicious flows from the NIDS are augmented with context-specific information before being passed to an LLM, which produces explanations for the network operator. Houssel, Layeghy, Singh and Portmann, eX-NIDS, 2025.
The Prompt Augmenter module structure
Prompt Augmenter. Per-flow extractors for IP intelligence, geo-localisation, IP history, and L4/L7 protocol identification produce structured context-specific information for the LLM prompt.

LLM safety & adversarial misuse

Two complementary directions: controlling LLM behaviour at the activation level for trustworthy generation, and studying how non-experts can already turn off-the-shelf chatbots into phishing tools. Both inform how cyber teams should reason about LLMs as both a defence surface and an attack surface.

  • PIXEL performs adaptive, position-wise activation steering with a property-aligned subspace, providing a tuning-free way to align attributes such as truthfulness.
  • Chatbot phishing study shows how participants without prior security or coding knowledge can prompt-engineer ChatGPT, Copilot and Gemini to produce phishing emails that consistently outperform manually-written ones.
Overview of PIXEL: dual-view property-aligned subspace, adaptive intervention strength, orthogonal residual calibration
PIXEL overview. Dual-view property-aligned subspace (tail-averaged + end-token), closed-form adaptive intervention strength, and sample-level orthogonal residual calibration. Yu, Li, Singh, Li, Wang and Hu, PIXEL, WWW 2026.
Study framework for chatbot-assisted phishing email generation
Chatbot-assisted phishing study. Email Creator Participants (no prior security expertise) generate phishing emails manually and via chatbots; Email Receiver Participants then rate effectiveness. Rafael, Singh and Mohanty, 2025.

Benchmarks & dataset foundations

Detectors are only as honest as the benchmarks they're trained and evaluated on. We build dataset extensions and evaluation suites that expose blind spots in current state-of-the-art models, particularly global scene plausibility and end-to-end factuality, which mainstream multimodal manipulation datasets do not cover.

  • DGM4+ extends the DGM⁴ benchmark with 5,000 high-quality samples introducing foreground–background mismatches and hybrids with text manipulation (FG-BG, FG-BG+TA, FG-BG+TS).
  • ClaimReview2024+ alongside DGM⁴ in D-SECURE supplies factuality labels (supported / refuted / NEI) so detection and fact-checking can be evaluated jointly.
  • Failure-case curation drives method design: an illustrative example (e.g., a politician in front of a volcano) motivates the entire region-aware reasoning direction.
Distribution of DGM4+ extended dataset across pristine and manipulation categories
DGM⁴+ distribution. Class types and updated dataset balance after adding FG-BG, FG-BG+TA and FG-BG+TS categories. Singh, Amarsinghe, Singh and Li, DGM4+, 2025.
Sample images from DGM4 and ClaimReview2024+ benchmarks
Joint evaluation samples. DGM⁴ (pristine, FS, FA, TS, TA) and ClaimReview2024+ (supported, refuted, NEI) cover both local manipulation and global factuality. D-SECURE, 2026.
Illustrative failure case: subject and caption locally aligned but globally implausible
Motivating failure case. Subject and caption align locally, but the scene is globally implausible. This is the failure mode targeted by FG–BG reasoning. SGS, 2025.
Privacy-preserving forensicsEncrypted-domain analysis, homomorphic image hashing and secure matching for sensitive institutional media.
Cyber threat intelligence sharingSecure collaborative CTI workflows that reduce privacy leakage while improving incident response.
Knowledge distillation for LLMsCompressing and adapting massive language models for embedded, industrial and domain-specific deployment.
Publications

Publications and technical themes

Research profiles

Selected themes across the group's work

The group's public research profiles span digital forensics, multimedia forensics, encrypted-domain processing, cloud security, privacy-preserving AI and deepfake detection.

Digital forensics Multimedia forensics Encrypted-domain processing Deepfake detection Privacy-preserving AI AI safety Network intrusion detection Knowledge distillation
UQ Experts profile →
Workshops

Workshops

Selected workshops organised or co-organised across multimedia forensics, digital forensics, AI security and digital public infrastructure.

CVPR 2026

PP-MisDet: From Perception to Persuasion

From Perception to Persuasion: Challenges and Advances in Misinformation Detection in Society. A CVPR 2026 workshop on multimodal misinformation, falsified visual evidence, trustworthy evaluation and high-stakes societal impact.

CVPR 2026 · Denver, USA

Workshop page →
ACM MM 2026

IMPACT: Impact-aware Multimodal Persuasive Analysis and Contextual Trust

An ACM Multimedia 2026 workshop on multimedia-native, persuasion-optimised misinformation, contextual trust, provenance, robustness and human-centred verification.

ACM Multimedia 2026 · Rio de Janeiro, Brazil · 10–14 November 2026

Workshop page →
DFRWS APAC 2024

Understanding and Analysing Executable and Linkable Format (ELF) Files

A DFRWS APAC 2024 workshop by Parag Rughani and Priyanka Singh on Linux binary internals, ELF file structure and malicious ELF analysis for digital forensics.

DFRWS APAC 2024 · Brisbane, Australia

Workshop page →
DFRWS USA 2026

Chain of Infection Detection: Cross-Domain Forensic Artefact Correlation

A hands-on DFRWS USA 2026 workshop on reconstructing infection chains by correlating artefacts across volatile memory, persistent storage and network captures.

DFRWS USA 2026 · Monday, 27 July · Onsite workshop

Workshop page →
UQ–Exeter

Workshop on AI Integration in Businesses: A Perspective on Efficiency VS Security Risks

A UQ–University of Exeter collaboration examining how AI adoption improves automation, decision-making and productivity while creating new cyber security, privacy and model-risk challenges.

UQ Cyber Research Centre · 24 November 2025

Workshop page →
UQ–ICRIER · AICCTP

Digital Public Infrastructure and Public Service Delivery: Inclusion, Efficiency, and Security

A UQ–Indian Council for Research on International Economic Relations collaboration under the Australia–India Cyber and Critical Technology Partnership, funded by DFAT, focused on DPI-enabled public service delivery.

ICRIER · New Delhi · 8 May 2026

Workshop page →
UQ–ICRIER · AICCTP

Transformation of Health Systems through Digital Public Infrastructure

A UQ–Indian Council for Research on International Economic Relations collaboration under the Australia–India Cyber and Critical Technology Partnership, funded by DFAT, focused on digital public infrastructure for health systems.

ICRIER · New Delhi · 9 January 2026

Workshop outcome document →
Team

People and mentoring

Leadership and student team across multimodal misinformation, audio deepfake detection and cyber forensics.

Dr Priyanka Singh
Dr Priyanka Singh
Senior Lecturer in Cyber Security · School of EECS · Affiliate, UQ Cyber Research Centre
Multimedia forensics Deepfake detection Privacy-preserving AI

Lab lead. Research spans cyber security, digital forensics, privacy-preserving AI, homomorphic encryption and AI-enabled content authentication, with public commentary on deepfakes, synthetic identity and online verification.

UQ Experts profile →
Gagandeep Singh
Gagandeep Singh
Research student · School of EECS · T-IMPACT initiative
Multimodal misinformation Scene plausibility Benchmarks

I'm a research student in the School of Electrical Engineering and Computer Science at the University of Queensland. My work focuses on multimodal misinformation detection and extending state-of-the-art detectors. I also build benchmarks and pipelines that combine content-based manipulation detection with retrieval-based fact-checking.

LinkedIn →
Samudi Amarasinghe
Samudi Amarasinghe
Master's student · School of EECS
Misinformation Cybersecurity Machine learning

I am a Master's student studying computer science and cybersecurity in the School of Electrical Engineering and Computer Science at the University of Queensland. My area of interest is misinformation, with a focus on evidence combination for detection. I also strive to improve the explainability of detection, to make systems accessible to all users.

LinkedIn →
Urawee Thani
Urawee Thani
Software Engineering thesis student · School of EECS
Machine learning Audio deepfake detection Cross-domain generalisation

I'm a software engineering student currently undertaking a thesis in machine learning, speech processing, and audio deepfake detection. My recent work focuses on cross-domain generalisation and improving the robustness of AI models across diverse datasets and real-world conditions.

LinkedIn →
Contact

Contact and collaboration

Affiliation

The University of Queensland
School of Electrical Engineering and Computer Science
Brisbane, Australia