What problem does this paper attempt to address?

### Problems Addressed by the Paper This paper primarily explores the issue of applying decision-based black-box attacks in facial forgery detection. Specifically: 1. **Background and Motivation**: - With the development of deep neural networks and generative models, facial forgery technology has been able to generate highly realistic fake faces, raising public concerns about security and privacy. - Many intelligent systems (such as electronic payments and identity verification) rely on facial forgery detection technology. Although existing facial forgery detection technologies have succeeded in distinguishing between real and fake faces, recent studies have shown that these detectors are highly susceptible to adversarial examples. - Existing attack methods usually rely on network architecture or training datasets rather than prediction labels, leading to a gap in practical application scenarios. 2. **Problem Definition**: - To bridge this gap, the paper explores for the first time the application of decision-based attacks in facial forgery detection. However, directly applying existing decision-based attacks to facial forgery detection encounters two main issues: - **Initialization Failure**: Existing decision-based attacks typically use random noise as attack initialization. However, since adding noise itself is a form of manipulation, faces with random noise are usually recognized as fake faces by facial forgery detection. - **Low Image Quality**: For example, the RayS method introduces noticeable rectangular perturbations, and using real faces as initialization leads to image artifacts, affecting subsequent applications (such as face recognition). 3. **Solution**: - To address the above issues, the authors propose an efficient decision-based adversarial attack framework specifically for facial forgery detection. It mainly includes the following two key components: - **Cross-Task Perturbation Initialization**: Utilizing the high correlation of facial features across different tasks, cross-task adversarial perturbations are generated through a face recognition model to address the initialization failure issue. - **Frequency Decision-Based Attack**: Given the high discriminative power of facial forgery detection in the frequency domain, a method is proposed to add perturbations in the frequency domain while constraining visual quality in the spatial domain. 4. **Experimental Results**: - Experiments show that this method achieves state-of-the-art attack performance on FaceForensics++, CelebDF, and industrial APIs, with high query efficiency and guaranteed image quality. Additionally, the fake faces generated by this method can not only pass facial forgery detection but also face recognition, revealing the adversarial vulnerability of current face-related systems. In summary, this paper aims to expose and improve the security of facial forgery detection systems by proposing a new decision-based attack method.