The majority of adversarial attack techniques perform well against deep face recognition when the full knowledge of the system is revealed (\emph{white-box}). However, such techniques act unsuccessfully in the gray-box setting where the face templates are unknown to the attackers. In this work, we propose a similarity-based gray-box adversarial attack (SGADV) technique with a newly developed objective function. SGADV utilizes the dissimilarity score to produce the optimized adversarial example, i.e., similarity-based adversarial attack. This technique applies to both white-box and gray-box attacks against authentication systems that determine genuine or imposter users using the dissimilarity score. To validate the effectiveness of SGADV, we conduct extensive experiments on face datasets of LFW, CelebA, and CelebA-HQ against deep face recognition models of FaceNet and InsightFace in both white-box and gray-box settings. The results suggest that the proposed method significantly outperforms the existing adversarial attack techniques in the gray-box setting. We hence summarize that the similarity-base approaches to develop the adversarial example could satisfactorily cater to the gray-box attack scenarios for de-authentication.
翻译:多数对抗性攻击技术在暴露对系统的全部知识时,都与深刻的面部认知(emph{white-box})相比,对抗性攻击技术的多数效果都很好。然而,在灰箱环境中,攻击者对面板不熟悉的灰箱环境中,这种技术没有成功。在这项工作中,我们建议采用类似基于灰箱的对抗性攻击(SGADV)法(SGADV),其功能是新开发的客观功能。SGADV利用差异分来生成最佳的对抗性攻击范例,即类似性对抗性攻击。这一技术适用于白箱和灰箱袭击,这些攻击针对使用不同等级分确定真实用户或假冒用户的认证系统。为了验证SGADV的效力,我们针对FaceNet和InsightFace的深刻面部识别模型和InsightFace,在白箱和灰箱环境中都使用。结果显示,拟议的方法大大超越了灰箱设置中现有的对抗性攻击技术。因此我们总结了灰箱式攻击的类似性攻击情景,以便令人满意地研究。
相关内容
微信扫码咨询专知VIP会员