Adversarial Examples: Generation Proposal in the Context of Facial Recognition Systems
This work addresses security concerns for facial recognition systems, though it is incremental as it builds on existing adversarial example research.
The paper investigated the vulnerability of facial recognition systems to adversarial examples by proposing a new attacker methodology using autoencoder latent space organized with PCA, but the results did not strongly support the initial hypothesis of separating identity and expression features.
In this paper we investigate the vulnerability that facial recognition systems present to adversarial examples by introducing a new methodology from the attacker perspective. The technique is based on the use of the autoencoder latent space, organized with principal component analysis. We intend to analyze the potential to craft adversarial examples suitable for both dodging and impersonation attacks, against state-of-the-art systems. Our initial hypothesis, which was not strongly favoured by the results, stated that it would be possible to separate between the "identity" and "facial expression" features to produce high-quality examples. Despite the findings not supporting it, the results sparked insights into adversarial examples generation and opened new research avenues in the area.