Device-aware Optical Adversarial Attack for a Portable Projector-camera System
This addresses security vulnerabilities in deployed face recognition systems, but it is incremental as it builds on existing projector-camera-based adversarial light attacks.
The paper tackled the problem of adversarial attacks on face recognition systems using a projector-camera setup by incorporating device-aware adaptations like resolution and color adjustments to reduce degradation from digital to physical domains. The result was a high physical similarity with only a 14% reduction in scores from digital to physical attacks and a high attack success rate in white- and black-box scenarios.
Deep-learning-based face recognition (FR) systems are susceptible to adversarial examples in both digital and physical domains. Physical attacks present a greater threat to deployed systems as adversaries can easily access the input channel, allowing them to provide malicious inputs to impersonate a victim. This paper addresses the limitations of existing projector-camera-based adversarial light attacks in practical FR setups. By incorporating device-aware adaptations into the digital attack algorithm, such as resolution-aware and color-aware adjustments, we mitigate the degradation from digital to physical domains. Experimental validation showcases the efficacy of our proposed algorithm against real and spoof adversaries, achieving high physical similarity scores in FR models and state-of-the-art commercial systems. On average, there is only a 14% reduction in scores from digital to physical attacks, with high attack success rate in both white- and black-box scenarios.