Invisible Adversarial Attacks on Deep Learning-Based Face Recognition Models

Summary: Recently, it has been discovered that 3D deep learning models are vulnerable to adversarial attacks similar to their 2D counterparts. Existing adversarial attacks on 3D models mostly perform perturbations on 3D point clouds. However, when these attacks are reproduced in physical scenarios, reconstructing the generated adversarial point clouds into meshes significantly reduces their adversarial effects. To address this problem, this paper proposes a strong 3D adversarial attack called Mesh Attack, which directly perturbs the mesh of a 3D object. To maximize the effectiveness of the gradient-based attack, a differentiable sample module that back-propagates the gradient from point cloud to mesh is introduced. Furthermore, three mesh losses are adopted to ensure the generated adversarial mesh examples are free of outliers and 3D printable. Extensive experiments show that the proposed scheme outperforms existing state-of-the-art 3D attacks by a significant margin. SOTA performance is also achieved under various defense mechanisms. The code for this attack is available at: https://github.com/cuge1995/Mesh-Attack.

Summary: The popularity of using deep neural networks (DNNs) in computer vision applications has increased, but they are vulnerable to adversarial attacks. This paper reviews recent adversarial attack methods and defense mechanisms, providing a comprehensive understanding of the mathematical concepts and terminologies. The challenges and future research directions in this field are also discussed.

Summary: The study introduces a novel dual-stream framework for detecting high-fidelity 3D mask attacks. By utilizing multi-classification tasks and data augmentation techniques, the generalizability on unseen attacks is improved.