We introduce a new attack against face verification systems based on Deep Neural Networks (DNN). The attack relies on the introduction into the network of a hidden backdoor, whose activation at test time induces a verification error allowing the attacker to impersonate any user. The new attack, named Master Key backdoor attack, operates by interfering with the training phase, so to instruct the DNN to always output a positive verification answer when the face of the attacker is presented at its input. With respect to existing attacks, the new backdoor attack offers much more flexibility, since the attacker does not need to know the identity of the victim beforehand. In this way, he can deploy a Universal Impersonation attack in an open-set framework, allowing him to impersonate any enrolled users, even those that were not yet enrolled in the system when the attack was conceived. We present a practical implementation of the attack targeting a Siamese-DNN face verification system, and show its effectiveness when the system is trained on VGGFace2 dataset and tested on LFW and YTF datasets. According to our experiments, the Master Key backdoor attack provides a high attack success rate even when the ratio of poisoned training data is as small as 0.01, thus raising a new alarm regarding the use of DNN-based face verification systems in security-critical applications.
翻译:我们引入了基于深神经网络(DNN)的面部核查系统(DNN)的新攻击。攻击依赖于将隐蔽的后门网络引入网络,而后门在测试时的启动导致一个核查错误,使攻击者能够假冒任何用户。新的攻击,即叫“钥匙大师”的后门攻击,通过干扰培训阶段而运作,从而指示DNN在攻击者输入输入时总是提供积极的核查答案。关于现有的攻击,新的后门攻击提供了更大的灵活性,因为攻击者不需要事先知道受害者的身份。通过这种方式,他可以在一个开放的框架中部署一个通用冒名攻击,使攻击者能够冒充任何注册用户,甚至那些在设计攻击时尚未在系统注册的用户。我们介绍了对Siamee-DNNN脸核查系统进行攻击的实际实施情况,并在对系统进行VGGFace2数据集的培训时展示其有效性,并在LFW和YTF数据集上测试。根据我们的实验, Key Master幕后攻击应用系统提供了一种高比率,当安全度的D-D级测试时,因此,当安全性攻击系统使用新的安全性测试时,作为新的安全性测试的成功率是高比率。
相关内容
微信扫码咨询专知VIP会员