Stealthy Physical Masked Face Recognition Attack via Adversarial Style
Optimization
- URL: http://arxiv.org/abs/2309.09480v1
- Date: Mon, 18 Sep 2023 04:36:56 GMT
- Title: Stealthy Physical Masked Face Recognition Attack via Adversarial Style
Optimization
- Authors: Huihui Gong, Minjing Dong, Siqi Ma, Seyit Camtepe, Surya Nepal, Chang
Xu
- Abstract summary: In the COVID-19 pandemic era, wearing face masks is one of the most effective ways to defend against the novel coronavirus.
Deep neural networks (DNNs) have achieved state-of-the-art performance on face recognition (FR) tasks in the last decade.
We propose a new stealthy physical masked FR attack via adversarial style optimization.
- Score: 47.21491911505409
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: Deep neural networks (DNNs) have achieved state-of-the-art performance on
face recognition (FR) tasks in the last decade. In real scenarios, the
deployment of DNNs requires taking various face accessories into consideration,
like glasses, hats, and masks. In the COVID-19 pandemic era, wearing face masks
is one of the most effective ways to defend against the novel coronavirus.
However, DNNs are known to be vulnerable to adversarial examples with a small
but elaborated perturbation. Thus, a facial mask with adversarial perturbations
may pose a great threat to the widely used deep learning-based FR models. In
this paper, we consider a challenging adversarial setting: targeted attack
against FR models. We propose a new stealthy physical masked FR attack via
adversarial style optimization. Specifically, we train an adversarial style
mask generator that hides adversarial perturbations inside style masks.
Moreover, to ameliorate the phenomenon of sub-optimization with one fixed
style, we propose to discover the optimal style given a target through style
optimization in a continuous relaxation manner. We simultaneously optimize the
generator and the style selection for generating strong and stealthy
adversarial style masks. We evaluated the effectiveness and transferability of
our proposed method via extensive white-box and black-box digital experiments.
Furthermore, we also conducted physical attack experiments against local FR
models and online platforms.
Related papers
- Imperceptible Face Forgery Attack via Adversarial Semantic Mask [59.23247545399068]
We propose an Adversarial Semantic Mask Attack framework (ASMA) which can generate adversarial examples with good transferability and invisibility.
Specifically, we propose a novel adversarial semantic mask generative model, which can constrain generated perturbations in local semantic regions for good stealthiness.
arXiv Detail & Related papers (2024-06-16T10:38:11Z) - Attribute-Guided Encryption with Facial Texture Masking [64.77548539959501]
We propose Attribute Guided Encryption with Facial Texture Masking to protect users from unauthorized facial recognition systems.
Our proposed method produces more natural-looking encrypted images than state-of-the-art methods.
arXiv Detail & Related papers (2023-05-22T23:50:43Z) - RSTAM: An Effective Black-Box Impersonation Attack on Face Recognition
using a Mobile and Compact Printer [10.245536402327096]
We propose a new method to attack face recognition models or systems called RSTAM.
RSTAM enables an effective black-box impersonation attack using an adversarial mask printed by a mobile and compact printer.
The performance of the attacks is also evaluated on state-of-the-art commercial face recognition systems: Face++, Baidu, Aliyun, Tencent, and Microsoft.
arXiv Detail & Related papers (2022-06-25T08:16:55Z) - Restricted Black-box Adversarial Attack Against DeepFake Face Swapping [70.82017781235535]
We introduce a practical adversarial attack that does not require any queries to the facial image forgery model.
Our method is built on a substitute model persuing for face reconstruction and then transfers adversarial examples from the substitute model directly to inaccessible black-box DeepFake models.
arXiv Detail & Related papers (2022-04-26T14:36:06Z) - Initiative Defense against Facial Manipulation [82.96864888025797]
We propose a novel framework of initiative defense to degrade the performance of facial manipulation models controlled by malicious users.
We first imitate the target manipulation model with a surrogate model, and then devise a poison perturbation generator to obtain the desired venom.
arXiv Detail & Related papers (2021-12-19T09:42:28Z) - Adversarial Mask: Real-World Adversarial Attack Against Face Recognition
Models [66.07662074148142]
We propose a physical adversarial universal perturbation (UAP) against state-of-the-art deep learning-based facial recognition models.
In our experiments, we examined the transferability of our adversarial mask to a wide range of deep learning models and datasets.
We validated our adversarial mask effectiveness in real-world experiments by printing the adversarial pattern on a fabric medical face mask.
arXiv Detail & Related papers (2021-11-21T08:13:21Z) - Partial Attack Supervision and Regional Weighted Inference for Masked
Face Presentation Attack Detection [5.71864964818217]
Wearing a mask has proven to be one of the most effective ways to prevent the transmission of SARS-CoV-2 coronavirus.
The main issues facing the mask face PAD are the wrongly classified bona fide masked faces and the wrongly classified partial attacks.
This work proposes a method that considers partial attack labels to supervise the PAD model training, as well as regional weighted inference to further improve the PAD performance.
arXiv Detail & Related papers (2021-11-08T08:53:46Z) - Real Masks and Fake Faces: On the Masked Face Presentation Attack
Detection [7.324459578044212]
Face recognition (FR) is a challenging task as several discriminative features are hidden.
Face presentation attack detection (PAD) is crucial to ensure the security of FR systems.
We present novel attacks with real masks placed on presentations and attacks with subjects wearing masks to reflect the current real-world situation.
arXiv Detail & Related papers (2021-03-02T08:05:50Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.