AdvHat: Real-world adversarial attack on ArcFace Face ID system
This work addresses security vulnerabilities in biometric authentication systems, specifically face recognition, by demonstrating a practical and reproducible attack method.
The authors tackled the problem of real-world adversarial attacks on the ArcFace Face ID system by creating a printable sticker that, when placed on a hat, confuses the model under various shooting conditions, with the attack being transferable to other Face ID models.
In this paper we propose a novel easily reproducible technique to attack the best public Face ID system ArcFace in different shooting conditions. To create an attack, we print the rectangular paper sticker on a common color printer and put it on the hat. The adversarial sticker is prepared with a novel algorithm for off-plane transformations of the image which imitates sticker location on the hat. Such an approach confuses the state-of-the-art public Face ID model LResNet100E-IR, ArcFace@ms1m-refine-v2 and is transferable to other Face ID models.