RAF: Recursive Adversarial Attacks on Face Recognition Using Extremely Limited Queries
This addresses security vulnerabilities in face recognition systems, which are critical for applications like secure authentication, by providing a more efficient attack method that requires fewer queries, though it is incremental as it builds on existing adversarial attack techniques.
The paper tackles the problem of adversarial attacks on face recognition models by proposing a recursive attack method using automatic face warping, which fools the target model with an extremely limited number of queries, achieving high success rates in black-box settings.
Recent successful adversarial attacks on face recognition show that, despite the remarkable progress of face recognition models, they are still far behind the human intelligence for perception and recognition. It reveals the vulnerability of deep convolutional neural networks (CNNs) as state-of-the-art building block for face recognition models against adversarial examples, which can cause certain consequences for secure systems. Gradient-based adversarial attacks are widely studied before and proved to be successful against face recognition models. However, finding the optimized perturbation per each face needs to submitting the significant number of queries to the target model. In this paper, we propose recursive adversarial attack on face recognition using automatic face warping which needs extremely limited number of queries to fool the target model. Instead of a random face warping procedure, the warping functions are applied on specific detected regions of face like eyebrows, nose, lips, etc. We evaluate the robustness of proposed method in the decision-based black-box attack setting, where the attackers have no access to the model parameters and gradients, but hard-label predictions and confidence scores are provided by the target model.