Detection of Face Recognition Adversarial Attacks

by   Fabio Valerio Massoli, et al.

Deep Learning methods have become state-of-the-art for solving tasks such as Face Recognition (FR). Unfortunately, despite their success, it has been pointed out that these learning models are exposed to adversarial inputs - images to which an imperceptible amount of noise for humans is added to maliciously fool a neural network - thus limiting their adoption in real-world applications. While it is true that an enormous effort has been spent in order to train robust models against this type of threat, adversarial detection techniques have recently started to draw attention within the scientific community. A detection approach has the advantage that it does not require to re-train any model, thus it can be added on top of any system. In this context, we present our work on adversarial samples detection in forensics mainly focused on detecting attacks against FR systems in which the learning model is typically used only as a features extractor. Thus, in these cases, train a more robust classifier might not be enough to defence a FR system. In this frame, the contribution of our work is four-fold: i) we tested our recently proposed adversarial detection approach against classifier attacks, i.e. adversarial samples crafted to fool a FR neural network acting as a classifier; ii) using a k-Nearest Neighbor (kNN) algorithm as a guidance, we generated deep features attacks against a FR system based on a DL model acting as features extractor, followed by a kNN which gives back the query identity based on features similarity; iii) we used the deep features attacks to fool a FR system on the 1:1 Face Verification task and we showed their superior effectiveness with respect to classifier attacks in fooling such type of system; iv) we used the detectors trained on classifier attacks to detect deep features attacks, thus showing that such approach is generalizable to different types of offensives.


On adversarial patches: real-world attack on ArcFace-100 face recognition system

Recent works showed the vulnerability of image classifiers to adversaria...

Unravelling Robustness of Deep Learning based Face Recognition Against Adversarial Attacks

Deep neural network (DNN) architecture based models have high expressive...

Threat of Adversarial Attacks on Face Recognition: A Comprehensive Survey

Face recognition (FR) systems have demonstrated outstanding verification...

Understanding the Security of Deepfake Detection

Deepfakes pose growing challenges to the trust of information on the Int...

Unveiling the Two-Faced Truth: Disentangling Morphed Identities for Face Morphing Detection

Morphing attacks keep threatening biometric systems, especially face rec...

NTD: Non-Transferability Enabled Backdoor Detection

A backdoor deep learning (DL) model behaves normally upon clean inputs b...

Generating Comprehensive Data with Protocol Fuzzing for Applying Deep Learning to Detect Network Attacks

Network attacks have become a major security concern for organizations w...

Please sign up or login with your details

Forgot password? Click here to reset