Face Pasting Attack
This addresses security vulnerabilities in face recognition systems, but it is incremental as it builds on existing attack methods for a specific challenge.
The paper tackled the problem of attacking a black-box face recognition model in a competition setting by pasting a target face into a source image, achieving third place with approximately 200 queries per attack for the highest score and about 7.7 queries minimum for a successful attack.
Cujo AI and Adversa AI hosted the MLSec face recognition challenge. The goal was to attack a black box face recognition model with targeted attacks. The model returned the confidence of the target class and a stealthiness score. For an attack to be considered successful the target class has to have the highest confidence among all classes and the stealthiness has to be at least 0.5. In our approach we paste the face of a target into a source image. By utilizing position, scaling, rotation and transparency attributes we reached 3rd place. Our approach took approximately 200 queries per attack for the final highest score and about ~7.7 queries minimum for a successful attack. The code is available at https://github.com/bunni90/FacePastingAttack .