What problem does this paper attempt to address?

The main problem that this paper attempts to solve is the **security threat of Physical Adversarial Attacks to Face Recognition Systems (FR)**. Specifically, the paper aims to provide a comprehensive review to fill the gap in the systematic research on physical adversarial attacks in FR systems in the existing literature. The following are the specific objectives and problems of the paper: ### 1. Research Background and Motivation With the wide application of face recognition technology in finance, military, public security, and daily life, its security issues are receiving increasing attention. In particular, physical adversarial attacks have attracted a great deal of research interest due to their practical feasibility and serious threats. However, at present, there is a lack of a systematic overview of physical adversarial attacks, which hinders in - depth exploration in this field. ### 2. Main Research Questions The paper systematically explores the unique challenges of physical adversarial attacks, existing attack methods and their solutions, current defense mechanisms, and future research directions by answering the following four research questions (RQ): - **RQ1**: What are the unique challenges of physical adversarial attacks to face recognition systems? - **RQ2**: How do existing attack methods operate and deal with these inherent challenges? - **RQ3**: How are current defense mechanisms carried out? - **RQ4**: What are the potential future research directions in this field? ### 3. Research Contributions The main contributions of the paper include: - Providing a comprehensive review of existing physical adversarial attack methods, highlighting their great threats in real - life scenarios. - Exploring the differences between physical and digital adversarial attacks and identifying the unique challenges brought by the key properties of physical attacks. - Classifying existing attack methods according to physical media, analyzing how they deal with the identified challenges, and summarizing the advantages, limitations, and practical significance of each type of method. - Conducting a thorough review of current defense mechanisms and discussing promising directions for future research. ### 4. Research Methods In order to collect extensive and representative research, the author adopted a systematic search strategy, using keywords such as "physical attack", "physical adversarial example" or "face recognition" to search on Google Scholar. In addition, the references of the selected papers were manually reviewed to ensure that relevant literature was covered. Finally, the author collected 40 relevant papers from authoritative conferences and journals between 2016 and 2024, specifically focusing on physical adversarial attacks in face recognition systems. ### 5. Structure Arrangement The structure of the paper is as follows: - **Section 2**: Introduces the background knowledge and benchmarks of physical adversarial attacks. - **Section 3**: Outlines the key differences between physical and digital adversarial attacks and reveals the unique challenges of physical adversarial attacks. - **Section 4**: Classifies existing physical adversarial attacks according to physical media and summarizes their solutions to relevant challenges. - **Section 5**: Reviews current defense mechanisms against these attacks. - **Section 6**: Discusses potential future research directions in this field. - **Section 7**: Conclusion. ### Summary This paper aims to provide a systematic and in - depth understanding for the academic and industrial communities, helping researchers better understand the threats of physical adversarial attacks to face recognition systems and providing guidance for future protection measures.