Controllable Evaluation and Generation of Physical Adversarial Patch on
Face Recognition
- URL: http://arxiv.org/abs/2203.04623v2
- Date: Thu, 10 Mar 2022 03:14:03 GMT
- Title: Controllable Evaluation and Generation of Physical Adversarial Patch on
Face Recognition
- Authors: Xiao Yang, Yinpeng Dong, Tianyu Pang, Zihao Xiao, Hang Su, Jun Zhu
- Abstract summary: Recent studies have revealed the vulnerability of face recognition models against physical adversarial patches.
We propose to simulate the complex transformations of faces in the physical world via 3D-face modeling.
We further propose a Face3DAdv method considering the 3D face transformations and realistic physical variations.
- Score: 49.42127182149948
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Recent studies have revealed the vulnerability of face recognition models
against physical adversarial patches, which raises security concerns about the
deployed face recognition systems. However, it is still challenging to ensure
the reproducibility for most attack algorithms under complex physical
conditions, which leads to the lack of a systematic evaluation of the existing
methods. It is therefore imperative to develop a framework that can enable a
comprehensive evaluation of the vulnerability of face recognition in the
physical world. To this end, we propose to simulate the complex transformations
of faces in the physical world via 3D-face modeling, which serves as a digital
counterpart of physical faces. The generic framework allows us to control
different face variations and physical conditions to conduct reproducible
evaluations comprehensively. With this digital simulator, we further propose a
Face3DAdv method considering the 3D face transformations and realistic physical
variations. Extensive experiments validate that Face3DAdv can significantly
improve the effectiveness of diverse physically realizable adversarial patches
in both simulated and physical environments, against various white-box and
black-box face recognition models.
Related papers
- Towards Effective Adversarial Textured 3D Meshes on Physical Face
Recognition [42.60954035488262]
The goal of this work is to develop a more reliable technique that can carry out an end-to-end evaluation of adversarial robustness for commercial systems.
We design adversarial textured 3D meshes (AT3D) with an elaborate topology on a human face, which can be 3D-printed and pasted on the attacker's face to evade the defenses.
To deviate from the mesh-based space, we propose to perturb the low-dimensional coefficient space based on 3D Morphable Model.
arXiv Detail & Related papers (2023-03-28T08:42:54Z) - Evaluation of Human and Machine Face Detection using a Novel Distinctive
Human Appearance Dataset [0.76146285961466]
We evaluate current state-of-the-art face-detection models in their ability to detect faces in images.
The evaluation results show that face-detection algorithms do not generalize well to diverse appearances.
arXiv Detail & Related papers (2021-11-01T02:20:40Z) - Robust Physical-World Attacks on Face Recognition [52.403564953848544]
Face recognition has been greatly facilitated by the development of deep neural networks (DNNs)
Recent studies have shown that DNNs are very vulnerable to adversarial examples, raising serious concerns on the security of real-world face recognition.
We study sticker-based physical attacks on face recognition for better understanding its adversarial robustness.
arXiv Detail & Related papers (2021-09-20T06:49:52Z) - Dodging Attack Using Carefully Crafted Natural Makeup [42.65417043860506]
We present a novel black-box adversarial machine learning (AML) attack which crafts natural makeup on a human participant.
We evaluate our proposed attack against the ArcFace face recognition model, with 20 participants in a real-world setup.
In the digital domain, the face recognition system was unable to identify all of the participants, while in the physical domain, the face recognition system was able to identify the participants in only 1.22% of the frames.
arXiv Detail & Related papers (2021-09-14T06:27:14Z) - Joint Face Image Restoration and Frontalization for Recognition [79.78729632975744]
In real-world scenarios, many factors may harm face recognition performance, e.g., large pose, bad illumination,low resolution, blur and noise.
Previous efforts usually first restore the low-quality faces to high-quality ones and then perform face recognition.
We propose an Multi-Degradation Face Restoration model to restore frontalized high-quality faces from the given low-quality ones.
arXiv Detail & Related papers (2021-05-12T03:52:41Z) - Robust Face-Swap Detection Based on 3D Facial Shape Information [59.32489266682952]
Face-swap images and videos have attracted more and more malicious attackers to discredit some key figures.
Previous pixel-level artifacts based detection techniques always focus on some unclear patterns but ignore some available semantic clues.
We propose a biometric information based method to fully exploit the appearance and shape feature for face-swap detection of key figures.
arXiv Detail & Related papers (2021-04-28T09:35:48Z) - Facial Expressions as a Vulnerability in Face Recognition [73.85525896663371]
This work explores facial expression bias as a security vulnerability of face recognition systems.
We present a comprehensive analysis of how facial expression bias impacts the performance of face recognition technologies.
arXiv Detail & Related papers (2020-11-17T18:12:41Z) - On the Robustness of Face Recognition Algorithms Against Attacks and
Bias [78.68458616687634]
Face recognition algorithms have demonstrated very high recognition performance, suggesting suitability for real world applications.
Despite the enhanced accuracies, robustness of these algorithms against attacks and bias has been challenged.
This paper summarizes different ways in which the robustness of a face recognition algorithm is challenged.
arXiv Detail & Related papers (2020-02-07T18:21:59Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.