Deep neural networks,especially face recognition models,have been shown to be vulnerable to adversarial examples.However,existing attack methods for face recognition systems either cannot attack black-box models,are n...Deep neural networks,especially face recognition models,have been shown to be vulnerable to adversarial examples.However,existing attack methods for face recognition systems either cannot attack black-box models,are not universal,have cumbersome deployment processes,or lack camouflage and are easily detected by the human eye.In this paper,we propose an adversarial pattern generation method for face recognition and achieve universal black-box attacks by pasting the pattern on the frame of goggles.To achieve visual camouflage,we use a generative adversarial network(GAN).The scale of the generative network of GAN is increased to balance the performance conflict between concealment and adversarial behavior,the perceptual loss function based on VGG19 is used to constrain the color style and enhance GAN’s learning ability,and the fine-grained meta-learning adversarial attack strategy is used to carry out black-box attacks.Sufficient visualization results demonstrate that compared with existing methods,the proposed method can generate samples with camouflage and adversarial characteristics.Meanwhile,extensive quantitative experiments show that the generated samples have a high attack success rate against black-box models.展开更多
基金the National Key Research and Development Program of China(No.2022ZD0210500)the National Natural Science Foundation of China(Nos.61972067,U21A20491,and 62103437)the Dalian Outstanding Youth Science Foundation(No.2022RJ01)。
文摘Deep neural networks,especially face recognition models,have been shown to be vulnerable to adversarial examples.However,existing attack methods for face recognition systems either cannot attack black-box models,are not universal,have cumbersome deployment processes,or lack camouflage and are easily detected by the human eye.In this paper,we propose an adversarial pattern generation method for face recognition and achieve universal black-box attacks by pasting the pattern on the frame of goggles.To achieve visual camouflage,we use a generative adversarial network(GAN).The scale of the generative network of GAN is increased to balance the performance conflict between concealment and adversarial behavior,the perceptual loss function based on VGG19 is used to constrain the color style and enhance GAN’s learning ability,and the fine-grained meta-learning adversarial attack strategy is used to carry out black-box attacks.Sufficient visualization results demonstrate that compared with existing methods,the proposed method can generate samples with camouflage and adversarial characteristics.Meanwhile,extensive quantitative experiments show that the generated samples have a high attack success rate against black-box models.
