Related papers: Non-Adaptive Adversarial Face Generation

Non-Adaptive Adversarial Face Generation

URL: http://arxiv.org/abs/2507.12107v1
Date: Wed, 16 Jul 2025 10:24:54 GMT
Title: Non-Adaptive Adversarial Face Generation
Authors: Sunpill Kim, Seunghun Paik, Chanwoo Hwang, Minsu Kim, Jae Hong Seo,
Abstract summary: Adversarial attacks on face recognition systems pose serious security and privacy threats.<n>We propose a novel method for generating adversarial faces-synthetic facial images.<n>Our method achieves a high success rate of over 93% against AWS's CompareFaces API.
Score: 18.28396766186067
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Adversarial attacks on face recognition systems (FRSs) pose serious security and privacy threats, especially when these systems are used for identity verification. In this paper, we propose a novel method for generating adversarial faces-synthetic facial images that are visually distinct yet recognized as a target identity by the FRS. Unlike iterative optimization-based approaches (e.g., gradient descent or other iterative solvers), our method leverages the structural characteristics of the FRS feature space. We figure out that individuals sharing the same attribute (e.g., gender or race) form an attributed subsphere. By utilizing such subspheres, our method achieves both non-adaptiveness and a remarkably small number of queries. This eliminates the need for relying on transferability and open-source surrogate models, which have been a typical strategy when repeated adaptive queries to commercial FRSs are impossible. Despite requiring only a single non-adaptive query consisting of 100 face images, our method achieves a high success rate of over 93% against AWS's CompareFaces API at its default threshold. Furthermore, unlike many existing attacks that perturb a given image, our method can deliberately produce adversarial faces that impersonate the target identity while exhibiting high-level attributes chosen by the adversary.

Related papers

Diffusion-based Adversarial Identity Manipulation for Facial Privacy Protection [14.797807196805607]
Face recognition has led to serious privacy concerns due to potential unauthorized surveillance and user tracking on social networks.<n>Existing methods for enhancing privacy fail to generate natural face images that can protect facial privacy.<n>We propose DiffAIM to generate natural and highly transferable adversarial faces against malicious FR systems.
arXiv Detail & Related papers (2025-04-30T13:49:59Z)
DiffUMI: Training-Free Universal Model Inversion via Unconditional Diffusion for Face Recognition [17.70133779192382]
We introduce DiffUMI, a diffusion-based universal model inversion attack that requires no additional training.<n>It surpasses state-of-the-art attacks by 15.5% and 9.82% in success rate on standard and privacy-preserving face recognition systems, respectively.
arXiv Detail & Related papers (2025-04-25T01:53:27Z)
FaceSwapGuard: Safeguarding Facial Privacy from DeepFake Threats through Identity Obfuscation [42.52406793874506]
FaceSwapGuard (FSG) is a black-box defense mechanism against deepfake face-swapping threats.<n>FSG introduces imperceptible perturbations to a user's facial image, disrupting the features extracted by identity encoders.<n>Extensive experiments demonstrate the effectiveness of FSG against multiple face-swapping techniques.
arXiv Detail & Related papers (2025-02-15T13:45:19Z)
ID$^3$: Identity-Preserving-yet-Diversified Diffusion Models for Synthetic Face Recognition [60.15830516741776]
Synthetic face recognition (SFR) aims to generate datasets that mimic the distribution of real face data. We introduce a diffusion-fueled SFR model termed $textID3$. $textID3$ employs an ID-preserving loss to generate diverse yet identity-consistent facial appearances.
arXiv Detail & Related papers (2024-09-26T06:46:40Z)
Imperceptible Face Forgery Attack via Adversarial Semantic Mask [59.23247545399068]
We propose an Adversarial Semantic Mask Attack framework (ASMA) which can generate adversarial examples with good transferability and invisibility. Specifically, we propose a novel adversarial semantic mask generative model, which can constrain generated perturbations in local semantic regions for good stealthiness.
arXiv Detail & Related papers (2024-06-16T10:38:11Z)
Hierarchical Generative Network for Face Morphing Attacks [7.34597796509503]
Face morphing attacks circumvent face recognition systems (FRSs) by creating a morphed image that contains multiple identities. We propose a novel morphing attack method to improve the quality of morphed images and better preserve the contributing identities.
arXiv Detail & Related papers (2024-03-17T06:09:27Z)
Attribute-Guided Encryption with Facial Texture Masking [64.77548539959501]
We propose Attribute Guided Encryption with Facial Texture Masking to protect users from unauthorized facial recognition systems. Our proposed method produces more natural-looking encrypted images than state-of-the-art methods.
arXiv Detail & Related papers (2023-05-22T23:50:43Z)
Restricted Black-box Adversarial Attack Against DeepFake Face Swapping [70.82017781235535]
We introduce a practical adversarial attack that does not require any queries to the facial image forgery model. Our method is built on a substitute model persuing for face reconstruction and then transfers adversarial examples from the substitute model directly to inaccessible black-box DeepFake models.
arXiv Detail & Related papers (2022-04-26T14:36:06Z)
DVG-Face: Dual Variational Generation for Heterogeneous Face Recognition [85.94331736287765]
We formulate HFR as a dual generation problem, and tackle it via a novel Dual Variational Generation (DVG-Face) framework. We integrate abundant identity information of large-scale visible data into the joint distribution. Massive new diverse paired heterogeneous images with the same identity can be generated from noises.
arXiv Detail & Related papers (2020-09-20T09:48:24Z)
Towards Face Encryption by Generating Adversarial Identity Masks [53.82211571716117]
We propose a targeted identity-protection iterative method (TIP-IM) to generate adversarial identity masks. TIP-IM provides 95%+ protection success rate against various state-of-the-art face recognition models.
arXiv Detail & Related papers (2020-03-15T12:45:10Z)

This list is automatically generated from the titles and abstracts of the papers in this site.