Evaluation of Momentum Diverse Input Iterative Fast Gradient Sign Method (M-DI2-FGSM) Based Attack Method on MCS 2018 Adversarial Attacks on Black Box Face Recognition System
share
The convolutional neural network is the crucial tool for the recent success of deep learning based methods on various computer vision tasks like classification, segmentation, and detection. Convolutional neural networks achieved state-of-the-art performance in these tasks and every day pushing the limit of computer vision and AI. However, adversarial attack on computer vision systems is threatening their application in the real life and in safety-critical applications. Necessarily, Finding adversarial examples are important to detect susceptible models to attack and take safeguard measures to overcome the adversarial attacks. In this regard, MCS 2018 Adversarial Attacks on Black Box Face Recognition challenge aims to facilitate the research of finding new adversarial attack techniques and their effectiveness in generating adversarial examples. In this challenge, the attack"s nature is targeted-attack on the black-box neural network where we have no knowledge about black-block"s inner structure. The attacker must modify a set of five images of a single person so that the neural network miss-classify them as target image which is a set of five images of another person. In this competition, we applied Momentum Diverse Input Iterative Fast Gradient Sign Method (M-DI2-FGSM) to make an adversarial attack on black-box face recognition system. We tested our method on MCS 2018 Adversarial Attacks on Black Box Face Recognition challenge and found competitive result. Our solution got validation score 1.404 which better than baseline score 1.407 and stood 14 place among 132 teams in the leader-board. Further improvement can be achieved by finding improved feature extraction from source image, carefully chosen hyper-parameters, finding improved substitute model of the black-box and better optimization method.
READ FULL TEXT
