Journal
SENSORS
Volume 23, Issue 2, Pages -Publisher
MDPI
DOI: 10.3390/s23020853
Keywords
deep learning; face recognition; adversarial attack; perturbation; adversarial examples; adversarial patches; Generative Adversarial Network
Ask authors/readers for more resources
Deep learning technology has developed rapidly and has been successfully applied in various fields, including face recognition. However, most previous studies on adversarial attacks assume the attacker knows the architecture and parameters of the attacked deep learning model, which is not representative of real-world scenarios. This study proposes a Generative Adversarial Network method for generating adversarial patches to carry out dodging and impersonation attacks on a black-box face recognition system, achieving a higher attack success rate than previous works.
Deep learning technology has developed rapidly in recent years and has been successfully applied in many fields, including face recognition. Face recognition is used in many scenarios nowadays, including security control systems, access control management, health and safety management, employee attendance monitoring, automatic border control, and face scan payment. However, deep learning models are vulnerable to adversarial attacks conducted by perturbing probe images to generate adversarial examples, or using adversarial patches to generate well-designed perturbations in specific regions of the image. Most previous studies on adversarial attacks assume that the attacker hacks into the system and knows the architecture and parameters behind the deep learning model. In other words, the attacked model is a white box. However, this scenario is unrepresentative of most real-world adversarial attacks. Consequently, the present study assumes the face recognition system to be a black box, over which the attacker has no control. A Generative Adversarial Network method is proposed for generating adversarial patches to carry out dodging and impersonation attacks on the targeted face recognition system. The experimental results show that the proposed method yields a higher attack success rate than previous works.
Authors
I am an author on this paper
Click your name to claim this paper and add it to your profile.
Reviews
Recommended
No Data Available