Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
167 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
42 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Improving the JPEG-resistance of Adversarial Attacks on Face Recognition by Interpolation Smoothing (2402.16586v1)

Published 26 Feb 2024 in cs.CV

Abstract: JPEG compression can significantly impair the performance of adversarial face examples, which previous adversarial attacks on face recognition (FR) have not adequately addressed. Considering this challenge, we propose a novel adversarial attack on FR that aims to improve the resistance of adversarial examples against JPEG compression. Specifically, during the iterative process of generating adversarial face examples, we interpolate the adversarial face examples into a smaller size. Then we utilize these interpolated adversarial face examples to create the adversarial examples in the next iteration. Subsequently, we restore the adversarial face examples to their original size by interpolating. Throughout the entire process, our proposed method can smooth the adversarial perturbations, effectively mitigating the presence of high-frequency signals in the crafted adversarial face examples that are typically eliminated by JPEG compression. Our experimental results demonstrate the effectiveness of our proposed method in improving the JPEG-resistance of adversarial face examples.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (19)
  1. “AdvHat: Real-world adversarial attack on ArcFace face ID system,” in 2020 25th International Conference on Pattern Recognition (ICPR). jan 2021, IEEE.
  2. “Protecting facial privacy: Generating adversarial identity masks via style-robust makeup transfer,” 2022.
  3. “Explaining and harnessing adversarial examples,” 2015.
  4. “Adversarial examples in the physical world,” 2017.
  5. “Boosting adversarial attacks with momentum,” 2018.
  6. “A study of the effect of jpg compression on adversarial images,” 2016.
  7. “Countering adversarial images using input transformations,” 2018.
  8. “Feature distillation: Dnn-oriented jpeg compression against adversarial examples,” 2019.
  9. “Comdefend: An efficient image compression model to defend adversarial examples,” 2019.
  10. “Nesterov accelerated gradient and scale invariance for adversarial attacks,” 2020.
  11. “Improving transferability of adversarial examples with input diversity,” 2019.
  12. “Towards transferable adversarial attack against deep face recognition,” IEEE Transactions on Information Forensics and Security, vol. 16, pp. 1452–1466, 2021.
  13. “Frequency domain model augmentation for adversarial attack,” 2022.
  14. Richard Shin, “Jpeg-resistant adversarial images,” 2017.
  15. “Progressive growing of gans for improved quality, stability, and variation,” 2018.
  16. “Cross-age lfw: A database for studying cross-age face recognition in unconstrained environments,” 2017.
  17. “Improving transferability of adversarial patches on face recognition with generative models,” 2021.
  18. “Improving the transferability of adversarial attacks on face recognition with beneficial perturbation feature augmentation,” IEEE Transactions on Computational Social Systems, pp. 1–13, 2023.
  19. “Adversarial learning with margin-based triplet embedding regularization,” 2019.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now