Transferable Adversarial Face Attack with Text Controlled Attribute
This addresses security vulnerabilities in face recognition systems by enabling more controlled and transferable adversarial attacks, though it is incremental as it builds on existing unrestricted adversarial example techniques.
The paper tackles the problem of generating photorealistic adversarial impersonation faces with limited control and low transferability by proposing a Text Controlled Attribute Attack (TCA^2) method, which achieves high transferability on unknown models and real-world systems like Face++ and Aliyun.
Traditional adversarial attacks typically produce adversarial examples under norm-constrained conditions, whereas unrestricted adversarial examples are free-form with semantically meaningful perturbations. Current unrestricted adversarial impersonation attacks exhibit limited control over adversarial face attributes and often suffer from low transferability. In this paper, we propose a novel Text Controlled Attribute Attack (TCA$^2$) to generate photorealistic adversarial impersonation faces guided by natural language. Specifically, the category-level personal softmax vector is employed to precisely guide the impersonation attacks. Additionally, we propose both data and model augmentation strategies to achieve transferable attacks on unknown target models. Finally, a generative model, \textit{i.e}, Style-GAN, is utilized to synthesize impersonated faces with desired attributes. Extensive experiments on two high-resolution face recognition datasets validate that our TCA$^2$ method can generate natural text-guided adversarial impersonation faces with high transferability. We also evaluate our method on real-world face recognition systems, \textit{i.e}, Face++ and Aliyun, further demonstrating the practical potential of our approach.