Adversarial Mask: Real-World Adversarial Attack Against Face Recognition Models

• URL: http://arxiv.org/abs/2111.10759v1
• Date: Sun, 21 Nov 2021 08:13:21 GMT
• Title: Adversarial Mask: Real-World Adversarial Attack Against Face Recognition Models
• Authors: Alon Zolfi and Shai Avidan and Yuval Elovici and Asaf Shabtai
• Abstract summary: We propose a physical adversarial universal perturbation (UAP) against state-of-the-art deep learning-based facial recognition models. In our experiments, we examined the transferability of our adversarial mask to a wide range of deep learning models and datasets. We validated our adversarial mask effectiveness in real-world experiments by printing the adversarial pattern on a fabric medical face mask.
• Score: 66.07662074148142
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Deep learning-based facial recognition (FR) models have demonstrated state-of-the-art performance in the past few years, even when wearing protective medical face masks became commonplace during the COVID-19 pandemic. Given the outstanding performance of these models, the machine learning research community has shown increasing interest in challenging their robustness. Initially, researchers presented adversarial attacks in the digital domain, and later the attacks were transferred to the physical domain. However, in many cases, attacks in the physical domain are conspicuous, requiring, for example, the placement of a sticker on the face, and thus may raise suspicion in real-world environments (e.g., airports). In this paper, we propose Adversarial Mask, a physical adversarial universal perturbation (UAP) against state-of-the-art FR models that is applied on face masks in the form of a carefully crafted pattern. In our experiments, we examined the transferability of our adversarial mask to a wide range of FR model architectures and datasets. In addition, we validated our adversarial mask effectiveness in real-world experiments by printing the adversarial pattern on a fabric medical face mask, causing the FR system to identify only 3.34% of the participants wearing the mask (compared to a minimum of 83.34% with other evaluated masks).

Related papers

• Attribute-Guided Encryption with Facial Texture Masking [64.77548539959501]
  We propose Attribute Guided Encryption with Facial Texture Masking to protect users from unauthorized facial recognition systems. Our proposed method produces more natural-looking encrypted images than state-of-the-art methods.
  arXiv  Detail & Related papers  (2023-05-22T23:50:43Z)
• Mask-invariant Face Recognition through Template-level Knowledge Distillation [3.727773051465455]
  Masks affect the performance of previous face recognition systems. We propose a mask-invariant face recognition solution (MaskInv) In addition to the distilled knowledge, the student network benefits from additional guidance by margin-based identity classification loss.
  arXiv  Detail & Related papers  (2021-12-10T16:19:28Z)
• Partial Attack Supervision and Regional Weighted Inference for Masked Face Presentation Attack Detection [5.71864964818217]
  Wearing a mask has proven to be one of the most effective ways to prevent the transmission of SARS-CoV-2 coronavirus. The main issues facing the mask face PAD are the wrongly classified bona fide masked faces and the wrongly classified partial attacks. This work proposes a method that considers partial attack labels to supervise the PAD model training, as well as regional weighted inference to further improve the PAD performance.
  arXiv  Detail & Related papers  (2021-11-08T08:53:46Z)
• Robust Physical-World Attacks on Face Recognition [52.403564953848544]
  Face recognition has been greatly facilitated by the development of deep neural networks (DNNs) Recent studies have shown that DNNs are very vulnerable to adversarial examples, raising serious concerns on the security of real-world face recognition. We study sticker-based physical attacks on face recognition for better understanding its adversarial robustness.
  arXiv  Detail & Related papers  (2021-09-20T06:49:52Z)
• MLFW: A Database for Face Recognition on Masked Faces [56.441078419992046]
  Masked LFW (MLFW) is a tool to generate masked faces from unmasked faces automatically. The recognition accuracy of SOTA models declines 5%-16% on MLFW database compared with the accuracy on the original images.
  arXiv  Detail & Related papers  (2021-09-13T09:30:10Z)
• Masked Face Recognition Challenge: The WebFace260M Track Report [81.57455766506197]
  Face Bio-metrics under COVID Workshop and Masked Face Recognition Challenge in ICCV 2021. WebFace260M Track aims to push the frontiers of practical MFR. In the first phase of WebFace260M Track, 69 teams (total 833 solutions) participate in the challenge. There are second phase of the challenge till October 1, 2021 and on-going leaderboard.
  arXiv  Detail & Related papers  (2021-08-16T15:51:51Z)
• My Eyes Are Up Here: Promoting Focus on Uncovered Regions in Masked Face Recognition [4.171626860914305]
  We address the challenge of masked face recognition (MFR) and focus on evaluating the verification performance in FRS. We propose a methodology that combines the traditional triplet loss and the mean squared error (MSE) intending to improve the robustness of an MFR system in the masked-unmasked comparison mode.
  arXiv  Detail & Related papers  (2021-08-02T15:51:15Z)
• Contrastive Context-Aware Learning for 3D High-Fidelity Mask Face Presentation Attack Detection [103.7264459186552]
  Face presentation attack detection (PAD) is essential to secure face recognition systems. Most existing 3D mask PAD benchmarks suffer from several drawbacks. We introduce a largescale High-Fidelity Mask dataset to bridge the gap to real-world applications.
  arXiv  Detail & Related papers  (2021-04-13T12:48:38Z)
• Unmasking Face Embeddings by Self-restrained Triplet Loss for Accurate Masked Face Recognition [6.865656740940772]
  We present a solution to improve the masked face recognition performance. Specifically, we propose the Embedding Unmasking Model (EUM) operated on top of existing face recognition models. We also propose a novel loss function, the Self-restrained Triplet (SRT), which enabled the EUM to produce embeddings similar to these of unmasked faces of the same identities.
  arXiv  Detail & Related papers  (2021-03-02T13:43:11Z)
• Real Masks and Fake Faces: On the Masked Face Presentation Attack Detection [7.324459578044212]
  Face recognition (FR) is a challenging task as several discriminative features are hidden. Face presentation attack detection (PAD) is crucial to ensure the security of FR systems. We present novel attacks with real masks placed on presentations and attacks with subjects wearing masks to reflect the current real-world situation.
  arXiv  Detail & Related papers  (2021-03-02T08:05:50Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.