Rushirajsinh Parmar, M. Kuribayashi, Hiroto Takiwaki, M. Raval
{"title":"利用对抗性补丁欺骗面部识别系统","authors":"Rushirajsinh Parmar, M. Kuribayashi, Hiroto Takiwaki, M. Raval","doi":"10.1109/IJCNN55064.2022.9892071","DOIUrl":null,"url":null,"abstract":"Researchers are increasingly interested to study novel attacks on machine learning models. The classifiers are fooled by making small perturbation to the input or by learning patches that can be applied to objects. In this paper we present an iterative approach to generate a patch that when digitally placed on the face can successfully fool the facial recognition system. We focus on dodging attack where a target face is misidentified as any other face. The proof of concept is show-cased using FGSM and FaceNet face recognition system under the white-box attack. The framework is generic and it can be extended to other noise model and recognition system. It has been evaluated for different - patch size, noise strength, patch location, number of patches and dataset. The experiments shows that the proposed approach can significantly lower the recognition accuracy. Compared to state of the art digital-world attacks, the proposed approach is simpler and can generate inconspicuous natural looking patch with comparable fool rate and smallest patch size.","PeriodicalId":106974,"journal":{"name":"2022 International Joint Conference on Neural Networks (IJCNN)","volume":"47 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-07-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"1","resultStr":"{\"title\":\"On Fooling Facial Recognition Systems using Adversarial Patches\",\"authors\":\"Rushirajsinh Parmar, M. Kuribayashi, Hiroto Takiwaki, M. Raval\",\"doi\":\"10.1109/IJCNN55064.2022.9892071\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Researchers are increasingly interested to study novel attacks on machine learning models. The classifiers are fooled by making small perturbation to the input or by learning patches that can be applied to objects. In this paper we present an iterative approach to generate a patch that when digitally placed on the face can successfully fool the facial recognition system. We focus on dodging attack where a target face is misidentified as any other face. The proof of concept is show-cased using FGSM and FaceNet face recognition system under the white-box attack. The framework is generic and it can be extended to other noise model and recognition system. It has been evaluated for different - patch size, noise strength, patch location, number of patches and dataset. The experiments shows that the proposed approach can significantly lower the recognition accuracy. Compared to state of the art digital-world attacks, the proposed approach is simpler and can generate inconspicuous natural looking patch with comparable fool rate and smallest patch size.\",\"PeriodicalId\":106974,\"journal\":{\"name\":\"2022 International Joint Conference on Neural Networks (IJCNN)\",\"volume\":\"47 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-07-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"1\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 International Joint Conference on Neural Networks (IJCNN)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IJCNN55064.2022.9892071\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 International Joint Conference on Neural Networks (IJCNN)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IJCNN55064.2022.9892071","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
On Fooling Facial Recognition Systems using Adversarial Patches
Researchers are increasingly interested to study novel attacks on machine learning models. The classifiers are fooled by making small perturbation to the input or by learning patches that can be applied to objects. In this paper we present an iterative approach to generate a patch that when digitally placed on the face can successfully fool the facial recognition system. We focus on dodging attack where a target face is misidentified as any other face. The proof of concept is show-cased using FGSM and FaceNet face recognition system under the white-box attack. The framework is generic and it can be extended to other noise model and recognition system. It has been evaluated for different - patch size, noise strength, patch location, number of patches and dataset. The experiments shows that the proposed approach can significantly lower the recognition accuracy. Compared to state of the art digital-world attacks, the proposed approach is simpler and can generate inconspicuous natural looking patch with comparable fool rate and smallest patch size.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
