DeepAI AI Chat
Log In Sign Up

Efficient Decision-based Black-box Adversarial Attacks on Face Recognition

by   Yinpeng Dong, et al.
Tsinghua University
Columbia University

Face recognition has obtained remarkable progress in recent years due to the great improvement of deep convolutional neural networks (CNNs). However, deep CNNs are vulnerable to adversarial examples, which can cause fateful consequences in real-world face recognition applications with security-sensitive purposes. Adversarial attacks are widely studied as they can identify the vulnerability of the models before they are deployed. In this paper, we evaluate the robustness of state-of-the-art face recognition models in the decision-based black-box attack setting, where the attackers have no access to the model parameters and gradients, but can only acquire hard-label predictions by sending queries to the target model. This attack setting is more practical in real-world face recognition systems. To improve the efficiency of previous methods, we propose an evolutionary attack algorithm, which can model the local geometries of the search directions and reduce the dimension of the search space. Extensive experiments demonstrate the effectiveness of the proposed method that induces a minimum perturbation to an input face image with fewer queries. We also apply the proposed method to attack a real-world face recognition system successfully.


page 1

page 7

page 8


RAF: Recursive Adversarial Attacks on Face Recognition Using Extremely Limited Queries

Recent successful adversarial attacks on face recognition show that, des...

Geometrically Adaptive Dictionary Attack on Face Recognition

CNN-based face recognition models have brought remarkable performance im...

Improving Transferability of Adversarial Patches on Face Recognition with Generative Models

Face recognition is greatly improved by deep convolutional neural networ...

Meaningful Adversarial Stickers for Face Recognition in Physical World

Face recognition (FR) systems have been widely applied in safety-critica...

On adversarial patches: real-world attack on ArcFace-100 face recognition system

Recent works showed the vulnerability of image classifiers to adversaria...

Towards Transferable Adversarial Attack against Deep Face Recognition

Face recognition has achieved great success in the last five years due t...

Examining the Human Perceptibility of Black-Box Adversarial Attacks on Face Recognition

The modern open internet contains billions of public images of human fac...