Universal Adversarial Spoofing Attacks against Face Recognition

• URL: http://arxiv.org/abs/2110.00708v1
• Date: Sat, 2 Oct 2021 02:11:22 GMT
• Title: Universal Adversarial Spoofing Attacks against Face Recognition
• Authors: Takuma Amada, Seng Pei Liew, Kazuya Kakizaki, Toshinori Araki
• Abstract summary: We show that one can fool a face verification system into recognizing that the face image belongs to multiple different identities with a high success rate. Our results indicate that a multiple-identity attack is a real threat and should be taken into account when deploying face recognition systems.
• Score: 9.253434204675544
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: We assess the vulnerabilities of deep face recognition systems for images that falsify/spoof multiple identities simultaneously. We demonstrate that, by manipulating the deep feature representation extracted from a face image via imperceptibly small perturbations added at the pixel level using our proposed Universal Adversarial Spoofing Examples (UAXs), one can fool a face verification system into recognizing that the face image belongs to multiple different identities with a high success rate. One characteristic of the UAXs crafted with our method is that they are universal (identity-agnostic); they are successful even against identities not known in advance. For a certain deep neural network, we show that we are able to spoof almost all tested identities (99\%), including those not known beforehand (not included in training). Our results indicate that a multiple-identity attack is a real threat and should be taken into account when deploying face recognition systems.

Related papers

• TetraLoss: Improving the Robustness of Face Recognition against Morphing Attacks [7.092869001331781]
  Face recognition systems are widely deployed in high-security applications. Digital manipulations, such as face morphing, pose a security threat to face recognition systems. We present a novel method for adapting deep learning-based face recognition systems to be more robust against face morphing attacks.
  arXiv  Detail & Related papers  (2024-01-21T21:04:05Z)
• Exploring Decision-based Black-box Attacks on Face Forgery Detection [53.181920529225906]
  Face forgery generation technologies generate vivid faces, which have raised public concerns about security and privacy. Although face forgery detection has successfully distinguished fake faces, recent studies have demonstrated that face forgery detectors are very vulnerable to adversarial examples.
  arXiv  Detail & Related papers  (2023-10-18T14:49:54Z)
• Differential Anomaly Detection for Facial Images [15.54185745912878]
  Identity attacks pose a big security threat as they can be used to gain unauthorised access and spread misinformation. Most algorithms for detecting identity attacks generalise poorly to attack types that are unknown at training time. We introduce a differential anomaly detection framework in which deep face embeddings are first extracted from pairs of images.
  arXiv  Detail & Related papers  (2021-10-07T13:45:13Z)
• End2End Occluded Face Recognition by Masking Corrupted Features [82.27588990277192]
  State-of-the-art general face recognition models do not generalize well to occluded face images. This paper presents a novel face recognition method that is robust to occlusions based on a single end-to-end deep neural network. Our approach, named FROM (Face Recognition with Occlusion Masks), learns to discover the corrupted features from the deep convolutional neural networks, and clean them by the dynamically learned masks.
  arXiv  Detail & Related papers  (2021-08-21T09:08:41Z)
• Generating Master Faces for Dictionary Attacks with a Network-Assisted Latent Space Evolution [68.8204255655161]
  A master face is a face image that passes face-based identity-authentication for a large portion of the population. We optimize these faces, by using an evolutionary algorithm in the latent embedding space of the StyleGAN face generator.
  arXiv  Detail & Related papers  (2021-08-01T12:55:23Z)
• A Systematical Solution for Face De-identification [6.244117712209321]
  In different tasks, people have various requirements for face de-identification (De-ID) We propose a systematical solution compatible for these De-ID operations. Our method can flexibly de-identify the face data in various ways and the processed images have high image quality.
  arXiv  Detail & Related papers  (2021-07-19T02:02:51Z)
• Harnessing Unrecognizable Faces for Face Recognition [87.80037162457427]
  We propose a measure of recognizability of a face image, implemented by a deep neural network trained using mostly recognizable identities. We show that accounting for recognizability reduces error rate of single-image face recognition by 58% at FAR=1e-5.
  arXiv  Detail & Related papers  (2021-06-08T05:25:03Z)
• Towards Face Encryption by Generating Adversarial Identity Masks [53.82211571716117]
  We propose a targeted identity-protection iterative method (TIP-IM) to generate adversarial identity masks. TIP-IM provides 95%+ protection success rate against various state-of-the-art face recognition models.
  arXiv  Detail & Related papers  (2020-03-15T12:45:10Z)
• Investigating the Impact of Inclusion in Face Recognition Training Data on Individual Face Identification [93.5538147928669]
  We audit ArcFace, a state-of-the-art, open source face recognition system, in a large-scale face identification experiment with more than one million distractor images. We find a Rank-1 face identification accuracy of 79.71% for individuals present in the model's training data and an accuracy of 75.73% for those not present.
  arXiv  Detail & Related papers  (2020-01-09T15:50:28Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.