Device-aware Optical Adversarial Attack for a Portable Projector-camera System

• URL: http://arxiv.org/abs/2501.14005v1
• Date: Thu, 23 Jan 2025 13:55:23 GMT
• Title: Device-aware Optical Adversarial Attack for a Portable Projector-camera System
• Authors: Ning Jiang, Yanhong Liu, Dingheng Zeng, Yue Feng, Weihong Deng, Ying Li,
• Abstract summary: Deep-learning-based face recognition systems are susceptible to adversarial examples in both digital and physical domains. This paper addresses the limitations of existing projector-camera-based adversarial light attacks in practical FR setups. By incorporating device-aware adaptations into the digital attack algorithm, we mitigate the degradation from digital to physical domains.
• Score: 45.58483539606022
• License:
• Abstract: Deep-learning-based face recognition (FR) systems are susceptible to adversarial examples in both digital and physical domains. Physical attacks present a greater threat to deployed systems as adversaries can easily access the input channel, allowing them to provide malicious inputs to impersonate a victim. This paper addresses the limitations of existing projector-camera-based adversarial light attacks in practical FR setups. By incorporating device-aware adaptations into the digital attack algorithm, such as resolution-aware and color-aware adjustments, we mitigate the degradation from digital to physical domains. Experimental validation showcases the efficacy of our proposed algorithm against real and spoof adversaries, achieving high physical similarity scores in FR models and state-of-the-art commercial systems. On average, there is only a 14% reduction in scores from digital to physical attacks, with high attack success rate in both white- and black-box scenarios.

Related papers

• Principles of Designing Robust Remote Face Anti-Spoofing Systems [60.05766968805833]
  This paper sheds light on the vulnerabilities of state-of-the-art face anti-spoofing methods against digital attacks. It presents a comprehensive taxonomy of common threats encountered in face anti-spoofing systems.
  arXiv  Detail & Related papers  (2024-06-06T02:05:35Z)
• AdvGen: Physical Adversarial Attack on Face Presentation Attack Detection Systems [17.03646903905082]
  Adversarial attacks have gained attraction, which try to digitally deceive the learning strategy of a recognition system. This paper demonstrates the vulnerability of face authentication systems to adversarial images in physical world scenarios. We propose AdvGen, an automated Generative Adversarial Network, to simulate print and replay attacks and generate adversarial images that can fool state-of-the-art PADs.
  arXiv  Detail & Related papers  (2023-11-20T13:28:42Z)
• Why Don't You Clean Your Glasses? Perception Attacks with Dynamic Optical Perturbations [17.761200546223442]
  Adapting adversarial attacks to the physical world is desirable for the attacker, as this removes the need to compromise digital systems. We present EvilEye, a man-in-the-middle perception attack that leverages transparent displays to generate dynamic physical adversarial examples.
  arXiv  Detail & Related papers  (2023-07-24T21:16:38Z)
• Towards Effective Adversarial Textured 3D Meshes on Physical Face Recognition [42.60954035488262]
  The goal of this work is to develop a more reliable technique that can carry out an end-to-end evaluation of adversarial robustness for commercial systems. We design adversarial textured 3D meshes (AT3D) with an elaborate topology on a human face, which can be 3D-printed and pasted on the attacker's face to evade the defenses. To deviate from the mesh-based space, we propose to perturb the low-dimensional coefficient space based on 3D Morphable Model.
  arXiv  Detail & Related papers  (2023-03-28T08:42:54Z)
• State-of-the-art optical-based physical adversarial attacks for deep learning computer vision systems [3.3470481105928216]
  Adversarial attacks can mislead deep learning models to make false predictions by implanting small perturbations to the original input that are imperceptible to the human eye. Physical adversarial attacks, which is more realistic, as the perturbation is introduced to the input before it is being captured and converted to a binary image. This paper focuses on optical-based physical adversarial attack techniques for computer vision systems.
  arXiv  Detail & Related papers  (2023-03-22T01:14:52Z)
• Face Presentation Attack Detection [59.05779913403134]
  Face recognition technology has been widely used in daily interactive applications such as checking-in and mobile payment. However, its vulnerability to presentation attacks (PAs) limits its reliable use in ultra-secure applicational scenarios.
  arXiv  Detail & Related papers  (2022-12-07T14:51:17Z)
• Shadows can be Dangerous: Stealthy and Effective Physical-world Adversarial Attack by Natural Phenomenon [79.33449311057088]
  We study a new type of optical adversarial examples, in which the perturbations are generated by a very common natural phenomenon, shadow. We extensively evaluate the effectiveness of this new attack on both simulated and real-world environments.
  arXiv  Detail & Related papers  (2022-03-08T02:40:18Z)
• Exploring Adversarial Robustness of Multi-Sensor Perception Systems in Self Driving [87.3492357041748]
  In this paper, we showcase practical susceptibilities of multi-sensor detection by placing an adversarial object on top of a host vehicle. Our experiments demonstrate that successful attacks are primarily caused by easily corrupted image features. Towards more robust multi-modal perception systems, we show that adversarial training with feature denoising can boost robustness to such attacks significantly.
  arXiv  Detail & Related papers  (2021-01-17T21:15:34Z)
• Robust Attacks on Deep Learning Face Recognition in the Physical World [48.909604306342544]
  FaceAdv is a physical-world attack that crafts adversarial stickers to deceive FR systems. It mainly consists of a sticker generator and a transformer, where the former can craft several stickers with different shapes. We conduct extensive experiments to evaluate the effectiveness of FaceAdv on attacking 3 typical FR systems.
  arXiv  Detail & Related papers  (2020-11-27T02:24:43Z)
• Adversarial Light Projection Attacks on Face Recognition Systems: A Feasibility Study [21.42041262836322]
  We investigate the feasibility of conducting real-time physical attacks on face recognition systems using adversarial light projections. The adversary generates a digital adversarial pattern using one or more images of the target available to the adversary. The digital adversarial pattern is then projected onto the adversary's face in the physical domain to either impersonate a target (impersonation) or evade recognition (obfuscation)
  arXiv  Detail & Related papers  (2020-03-24T23:06:25Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.