Cujo AI and Adversa AI hosted the MLSec face recognition challenge. The goal was to attack a black box face recognition model with targeted attacks. The model returned the confidence of the target class and a stealthiness score. For an attack to be considered successful the target class has to have the highest confidence among all classes and the stealthiness has to be at least 0.5. In our approach we paste the face of a target into a source image. By utilizing position, scaling, rotation and transparency attributes we reached 3rd place. Our approach took approximately 200 queries per attack for the final highest score and about ~7.7 queries minimum for a successful attack. The code is available at https://github.com/bunni90/FacePastingAttack .
翻译:Cujo AI和Adversa AI主持MLSE的面部识别挑战。 目标是用有针对性的攻击攻击黑盒面部识别模型。 该模型恢复了目标阶级的信心和隐形评分。 要被视为攻击成功,目标阶级必须具有最高的信心,而隐形程度必须至少为0.5。 在我们的方法中, 我们把目标的面部粘贴到源图像中。 通过利用位置、 缩放、 轮换和透明性属性,我们达到了第3位。 我们的方法是每次攻击都进行了大约200次查询, 以获得最后最高分, 以及大约~7.7次查询成功攻击。 代码可以在 https://github.com/bunni90/FacePastingAttack上查阅 。
相关内容
微信扫码咨询专知VIP会员