Adversarial Relighting against Face Recognition
- URL: http://arxiv.org/abs/2108.07920v1
- Date: Wed, 18 Aug 2021 01:05:53 GMT
- Title: Adversarial Relighting against Face Recognition
- Authors: Ruijun Gao, Qing Gao, Qian Zhang, Felix Juefei-Xu, Hongkai Yu, Wei
Feng
- Abstract summary: We study the threat of lighting against deep face recognition from a new angle, i.e., adversarial relighting.
Given a face image, adversarial relighting aims to produce a naturally relighted counterpart while fooling the state-of-the-art deep FR methods.
We validate our methods on three state-of-the-art deep FR methods, i.e., FaceNet, ArcFace, and CosFace, on two public datasets.
- Score: 18.813967095498697
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Deep face recognition (FR) has achieved significantly high accuracy on
several challenging datasets and fosters successful real-world applications,
even showing high robustness to the illumination variation that is usually
regarded as a main threat to the FR system. However, in the real world,
illumination variation caused by diverse lighting conditions cannot be fully
covered by the limited face dataset. In this paper, we study the threat of
lighting against FR from a new angle, i.e., adversarial attack, and identify a
new task, i.e., adversarial relighting. Given a face image, adversarial
relighting aims to produce a naturally relighted counterpart while fooling the
state-of-the-art deep FR methods. To this end, we first propose the physical
model-based adversarial relighting attack (ARA) denoted as
albedo-quotient-based adversarial relighting attack (AQ-ARA). It generates
natural adversarial light under the physical lighting model and guidance of FR
systems and synthesizes adversarially relighted face images. Moreover, we
propose the auto-predictive adversarial relighting attack (AP-ARA) by training
an adversarial relighting network (ARNet) to automatically predict the
adversarial light in a one-step manner according to different input faces,
allowing efficiency-sensitive applications. More importantly, we propose to
transfer the above digital attacks to physical ARA (Phy-ARA) through a precise
relighting device, making the estimated adversarial lighting condition
reproducible in the real world. We validate our methods on three
state-of-the-art deep FR methods, i.e., FaceNet, ArcFace, and CosFace, on two
public datasets. The extensive and insightful results demonstrate our work can
generate realistic adversarial relighted face images fooling FR easily,
revealing the threat of specific light directions and strengths.
Related papers
- DiffAM: Diffusion-based Adversarial Makeup Transfer for Facial Privacy Protection [60.73609509756533]
DiffAM is a novel approach to generate high-quality protected face images with adversarial makeup transferred from reference images.
Experiments demonstrate that DiffAM achieves higher visual quality and attack success rates with a gain of 12.98% under black-box setting.
arXiv Detail & Related papers (2024-05-16T08:05:36Z) - NeRFTAP: Enhancing Transferability of Adversarial Patches on Face
Recognition using Neural Radiance Fields [15.823538329365348]
We propose a novel adversarial attack method that considers both the transferability to the FR model and the victim's face image.
We generate new view face images for the source and target subjects to enhance transferability of adversarial patches.
Our work provides valuable insights for enhancing the robustness of FR systems in practical adversarial settings.
arXiv Detail & Related papers (2023-11-29T03:17:14Z) - Imperceptible Physical Attack against Face Recognition Systems via LED
Illumination Modulation [3.6939170447261835]
We present a denial-of-service (DoS) attack for face detection and a dodging attack for face verification.
The success rates of DoS attacks against face detection models reach 97.67%, 100%, and 100%, respectively, and the success rates of dodging attacks against all face verification models reach 100%.
arXiv Detail & Related papers (2023-07-25T07:20:21Z) - Attribute-Guided Encryption with Facial Texture Masking [64.77548539959501]
We propose Attribute Guided Encryption with Facial Texture Masking to protect users from unauthorized facial recognition systems.
Our proposed method produces more natural-looking encrypted images than state-of-the-art methods.
arXiv Detail & Related papers (2023-05-22T23:50:43Z) - Restricted Black-box Adversarial Attack Against DeepFake Face Swapping [70.82017781235535]
We introduce a practical adversarial attack that does not require any queries to the facial image forgery model.
Our method is built on a substitute model persuing for face reconstruction and then transfers adversarial examples from the substitute model directly to inaccessible black-box DeepFake models.
arXiv Detail & Related papers (2022-04-26T14:36:06Z) - Shadows can be Dangerous: Stealthy and Effective Physical-world
Adversarial Attack by Natural Phenomenon [79.33449311057088]
We study a new type of optical adversarial examples, in which the perturbations are generated by a very common natural phenomenon, shadow.
We extensively evaluate the effectiveness of this new attack on both simulated and real-world environments.
arXiv Detail & Related papers (2022-03-08T02:40:18Z) - Asymmetric Modality Translation For Face Presentation Attack Detection [55.09300842243827]
Face presentation attack detection (PAD) is an essential measure to protect face recognition systems from being spoofed by malicious users.
We propose a novel framework based on asymmetric modality translation forPAD in bi-modality scenarios.
Our method achieves state-of-the-art performance under different evaluation protocols.
arXiv Detail & Related papers (2021-10-18T08:59:09Z) - Face Anti-Spoofing by Learning Polarization Cues in a Real-World
Scenario [50.36920272392624]
Face anti-spoofing is the key to preventing security breaches in biometric recognition applications.
Deep learning method using RGB and infrared images demands a large amount of training data for new attacks.
We present a face anti-spoofing method in a real-world scenario by automatic learning the physical characteristics in polarization images of a real face.
arXiv Detail & Related papers (2020-03-18T03:04:03Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.