Improving the JPEG-resistance of Adversarial Attacks on Face Recognition by Interpolation Smoothing
This addresses a specific vulnerability in adversarial attacks on face recognition systems, but it is incremental as it builds on existing attack methods.
The paper tackles the problem of adversarial face examples being impaired by JPEG compression by proposing a method that smooths perturbations through interpolation during generation, resulting in improved resistance to JPEG compression.
JPEG compression can significantly impair the performance of adversarial face examples, which previous adversarial attacks on face recognition (FR) have not adequately addressed. Considering this challenge, we propose a novel adversarial attack on FR that aims to improve the resistance of adversarial examples against JPEG compression. Specifically, during the iterative process of generating adversarial face examples, we interpolate the adversarial face examples into a smaller size. Then we utilize these interpolated adversarial face examples to create the adversarial examples in the next iteration. Subsequently, we restore the adversarial face examples to their original size by interpolating. Throughout the entire process, our proposed method can smooth the adversarial perturbations, effectively mitigating the presence of high-frequency signals in the crafted adversarial face examples that are typically eliminated by JPEG compression. Our experimental results demonstrate the effectiveness of our proposed method in improving the JPEG-resistance of adversarial face examples.