Variance Dichotomy in Feature Spaces of Facial Recognition Systems Is a Weak Defense Against Simple Weight Manipulation Attacks
Abstract
We show that several leading pretrained facial recognition systems exhibit a variance dichotomy in their feature space. In other words, the feature vectors approximately lie in a lower dimensional linear subspace. We demonstrate that this variance dichotomy degrades the performance of an otherwise powerful scheme for anonymity/unlinkability and confusion attacks on facial recognition system devised by Zehavi et al. (2024), which is based on simple weight manipulations in only the last hidden layer. Lastly, we propose a method for the attacker to overcome this intrinsic defense of these pretrained facial recognition systems.
Cite
Text
Bowditch et al. "Variance Dichotomy in Feature Spaces of Facial Recognition Systems Is a Weak Defense Against Simple Weight Manipulation Attacks." Transactions on Machine Learning Research, 2025.Markdown
[Bowditch et al. "Variance Dichotomy in Feature Spaces of Facial Recognition Systems Is a Weak Defense Against Simple Weight Manipulation Attacks." Transactions on Machine Learning Research, 2025.](https://mlanthology.org/tmlr/2025/bowditch2025tmlr-variance/)BibTeX
@article{bowditch2025tmlr-variance,
title = {{Variance Dichotomy in Feature Spaces of Facial Recognition Systems Is a Weak Defense Against Simple Weight Manipulation Attacks}},
author = {Bowditch, Matthew and Paterson, Mike and Englert, Matthias and Lazic, Ranko},
journal = {Transactions on Machine Learning Research},
year = {2025},
url = {https://mlanthology.org/tmlr/2025/bowditch2025tmlr-variance/}
}