Deep neural networks (DNNs) have been increasingly used in face recognition (FR) systems. Recent studies, however, show that DNNs are vulnerable to adversarial examples, which can potentially mislead the FR systems using DNNs in the physical world. Existing attacks on these systems either generate perturbations working merely in the digital world, or rely on customized equipments to generate perturbations and are not robust in varying physical environments. In this paper, we propose FaceAdv, a physical-world attack that crafts adversarial stickers to deceive FR systems. It mainly consists of a sticker generator and a transformer, where the former can craft several stickers with different shapes and the latter transformer aims to digitally attach stickers to human faces and provide feedbacks to the generator to improve the effectiveness of stickers. We conduct extensive experiments to evaluate the effectiveness of FaceAdv on attacking 3 typical FR systems (i.e., ArcFace, CosFace and FaceNet). The results show that compared with a state-of-the-art attack, FaceAdv can significantly improve success rate of both dodging and impersonating attacks. We also conduct comprehensive evaluations to demonstrate the robustness of FaceAdv.
翻译:深心神经网络(DNN)越来越多地被用于面对面识别系统(FR)。然而,最近的研究表明,DNN很容易成为对抗性例子,这有可能误导物理界使用DNN的FR系统。目前对这些系统的袭击或者只造成在数字世界中工作的扰动,或者依靠定制设备造成扰动,在不同物理环境中并不强大。在本文中,我们提议FaceAdv(FaceAdv)是一个有形世界攻击,手工艺的对立标签粘贴者可以欺骗FR系统。它主要由一个粘贴器和变压器组成,前者可以制造几个形状不同的粘贴剂,后者变压器的目的是用数字方式将粘贴贴在人类脸上,并向生成者提供反馈,以提高粘贴剂的效能。我们进行了广泛的实验,以评估FaceAdv(FaceAdv)攻击三种典型的FR系统(即ArcFace、Cosface和FaceNet)的有效性。结果显示,与州式攻击相比,FaceAdv(faceAdv)可以显著地提高面部和面部攻击的成功率。我们还进行了广泛的评价。
相关内容
微信扫码咨询专知VIP会员