Universal Adversarial Spoofing Attacks against Face Recognition
This work highlights a critical security threat for face recognition systems, showing that universal adversarial attacks can spoof multiple identities, which is incremental but important for deployment considerations.
The paper tackles the vulnerability of deep face recognition systems to spoofing attacks that can falsify multiple identities simultaneously, achieving a 99% success rate in fooling face verification systems, including against identities not known in advance.
We assess the vulnerabilities of deep face recognition systems for images that falsify/spoof multiple identities simultaneously. We demonstrate that, by manipulating the deep feature representation extracted from a face image via imperceptibly small perturbations added at the pixel level using our proposed Universal Adversarial Spoofing Examples (UAXs), one can fool a face verification system into recognizing that the face image belongs to multiple different identities with a high success rate. One characteristic of the UAXs crafted with our method is that they are universal (identity-agnostic); they are successful even against identities not known in advance. For a certain deep neural network, we show that we are able to spoof almost all tested identities (99\%), including those not known beforehand (not included in training). Our results indicate that a multiple-identity attack is a real threat and should be taken into account when deploying face recognition systems.