-
On adversarial patches: real-world attack on ArcFace-100 face recognition system
Recent works showed the vulnerability of image classifiers to adversaria...
read it
-
Unravelling Robustness of Deep Learning based Face Recognition Against Adversarial Attacks
Deep neural network (DNN) architecture based models have high expressive...
read it
-
Threat of Adversarial Attacks on Face Recognition: A Comprehensive Survey
Face recognition (FR) systems have demonstrated outstanding verification...
read it
-
Detecting Adversarial Samples Using Influence Functions and Nearest Neighbors
Deep neural networks (DNNs) are notorious for their vulnerability to adv...
read it
-
On the Robustness of Face Recognition Algorithms Against Attacks and Bias
Face recognition algorithms have demonstrated very high recognition perf...
read it
-
Fast Geometrically-Perturbed Adversarial Faces
The state-of-the-art performance of deep learning algorithms has led to ...
read it
-
Attacks Meet Interpretability: Attribute-steered Detection of Adversarial Samples
Adversarial sample attacks perturb benign inputs to induce DNN misbehavi...
read it
Detection of Face Recognition Adversarial Attacks
Deep Learning methods have become state-of-the-art for solving tasks such as Face Recognition (FR). Unfortunately, despite their success, it has been pointed out that these learning models are exposed to adversarial inputs - images to which an imperceptible amount of noise for humans is added to maliciously fool a neural network - thus limiting their adoption in real-world applications. While it is true that an enormous effort has been spent in order to train robust models against this type of threat, adversarial detection techniques have recently started to draw attention within the scientific community. A detection approach has the advantage that it does not require to re-train any model, thus it can be added on top of any system. In this context, we present our work on adversarial samples detection in forensics mainly focused on detecting attacks against FR systems in which the learning model is typically used only as a features extractor. Thus, in these cases, train a more robust classifier might not be enough to defence a FR system. In this frame, the contribution of our work is four-fold: i) we tested our recently proposed adversarial detection approach against classifier attacks, i.e. adversarial samples crafted to fool a FR neural network acting as a classifier; ii) using a k-Nearest Neighbor (kNN) algorithm as a guidance, we generated deep features attacks against a FR system based on a DL model acting as features extractor, followed by a kNN which gives back the query identity based on features similarity; iii) we used the deep features attacks to fool a FR system on the 1:1 Face Verification task and we showed their superior effectiveness with respect to classifier attacks in fooling such type of system; iv) we used the detectors trained on classifier attacks to detect deep features attacks, thus showing that such approach is generalizable to different types of offensives.
READ FULL TEXT
Comments
There are no comments yet.