Fast Geometrically-Perturbed Adversarial Faces
This addresses security risks in critical applications like face recognition, but it is incremental as it builds on existing adversarial attack research.
The study tackled the vulnerability of face recognition systems to adversarial attacks by proposing fast geometrically-perturbed adversarial faces, achieving a 99.86% success rate on state-of-the-art models and being approximately 200 times faster than previous methods.
The state-of-the-art performance of deep learning algorithms has led to a considerable increase in the utilization of machine learning in security-sensitive and critical applications. However, it has recently been shown that a small and carefully crafted perturbation in the input space can completely fool a deep model. In this study, we explore the extent to which face recognition systems are vulnerable to geometrically-perturbed adversarial faces. We propose a fast landmark manipulation method for generating adversarial faces, which is approximately 200 times faster than the previous geometric attacks and obtains 99.86% success rate on the state-of-the-art face recognition models. To further force the generated samples to be natural, we introduce a second attack constrained on the semantic structure of the face which has the half speed of the first attack with the success rate of 99.96%. Both attacks are extremely robust against the state-of-the-art defense methods with the success rate of equal or greater than 53.59%. Code is available at https://github.com/alldbi/FLM