Abstract:In recent years, deep learning techniques have achieved significant success in many computer vision tasks. However, security concerns have increased as adversarial attacks have discovered potential vulnerabilities in deep learning-based systems. Therefore, a large number of adversarial defense strategies have been developed to improve the security and robustness of FR systems. Introducing an auxiliary model for the face recognition model to enhance the system security is a common approach for adversarial defense which the adversarial examples generated using one model are unlikely to pass when another model is chosen. Second, one of the challenges of face recognition (FR) attacks is that currently the targeted face recognition models are black-box in nature, i.e., the attacker does not have access to their internal relevant parameters and gradient information. As a result, the mobility of samples is poor and the attack performance is low, especially for online commercial FR systems. Therefore, this paper proposes a similarity-based shared gradient adversarial attack algorithm to improve the sample mobility. From the perspective of multi-tasking, the algorithm selects the alternative model (AR) as the auxiliary model, develops a multi-task local optimization strategy and a cross-task gradient mapping strategy, and constructs a mapping mechanism between the two models to share the gradient information, which facilitates weighted fusion of the generated perturbations and avoids the oscillations caused by different models due to the differences in gradients and parameters, thus improves the generalization ability, and makes the generated adversarial examples more efficient. Thus, the generated adversarial examples can attack multiple models at the same time, which greatly improves the transferability and robustness of the adversarial samples, and greatly improves the attacking power. A large number of experiments show that the success rate has been greatly improved.

Multi-task Learning-based Black-box Adversarial Attack on Face Recognition Systems

Efficient Decision-Based Black-Box Adversarial Attacks on Face Recognition

Sibling-Attack: Rethinking Transferable Adversarial Attacks against Face Recognition

A Multi-task Adversarial Attack Against Face Authentication

Research of Adversarial Attack Method in Face Recognition System

Black-box Attacks on Face Recognition Via Affine-Invariant Training

Adversarial Attacks on Face Recognition Systems

Adversarial Patch Attacks on Deep-Learning-Based Face Recognition Systems Using Generative Adversarial Networks

Improving the Transferability of Adversarial Attacks on Face Recognition With Beneficial Perturbation Feature Augmentation

Enhancing the Transferability of Adversarial Attacks on Face Recognition with Diverse Parameters Augmentation

Adv-Makeup: A New Imperceptible and Transferable Attack on Face Recognition

Adversarial Attacks Against Face Recognition: A Comprehensive Study

Towards Transferable Adversarial Attack Against Deep Face Recognition

Adversarial Attacks on Convolutional Neural Networks in Facial Recognition Domain

Restricted Black-Box Adversarial Attack Against DeepFake Face Swapping

Delving into the Adversarial Robustness on Face Recognition

Similarity-based Gray-box Adversarial Attack Against Deep Face Recognition

Multi-Strategy Adversarial Learning for Robust Face Forgery Detection under Heterogeneous and Composite Attacks

Effective and Robust Physical-World Attacks on Deep Learning Face Recognition Systems

Robust Attacks on Deep Learning Face Recognition in the Physical World