Fast Geometrically-Perturbed Adversarial Faces
Abstract
The state-of-the-art performance of deep learning algorithms has led to a considerable increase in the utilization of machine learning in security-sensitive and critical applications. However, it has recently been shown that a small and carefully crafted perturbation in the input space can completely fool a deep model. In this study, we explore the extent to which face recognition systems are vulnerable to geometrically-perturbed adversarial faces. We propose a fast landmark manipulation method for generating adversarial faces, which is approximately 200 times faster than the previous geometric attacks and obtains 99.86% success rate on the state-of-the-art face recognition models. To further force the generated samples to be natural, we introduce a second attack constrained on the semantic structure of the face which has the half speed of the first attack with the success rate of 99.96%. Both attacks are extremely robust against the state-of-the-art defense methods with the success rate of equal or greater than 53.59%. Code is available at https://github.com/alldbi/FLM
Cite
Text
Dabouei et al. "Fast Geometrically-Perturbed Adversarial Faces." IEEE/CVF Winter Conference on Applications of Computer Vision, 2019. doi:10.1109/WACV.2019.00215Markdown
[Dabouei et al. "Fast Geometrically-Perturbed Adversarial Faces." IEEE/CVF Winter Conference on Applications of Computer Vision, 2019.](https://mlanthology.org/wacv/2019/dabouei2019wacv-fast/) doi:10.1109/WACV.2019.00215BibTeX
@inproceedings{dabouei2019wacv-fast,
title = {{Fast Geometrically-Perturbed Adversarial Faces}},
author = {Dabouei, Ali and Soleymani, Sobhan and Dawson, Jeremy M. and Nasrabadi, Nasser M.},
booktitle = {IEEE/CVF Winter Conference on Applications of Computer Vision},
year = {2019},
pages = {1979-1988},
doi = {10.1109/WACV.2019.00215},
url = {https://mlanthology.org/wacv/2019/dabouei2019wacv-fast/}
}