Adversarial Light Projection Attacks on Face Recognition Systems: A Feasibility Study

Nguyen, Duc Dung; Arora, Sunpreet S.; Wu, Yuhang; Yang, Hao

doi:10.1109/cvprw50498.2020.00415

Cited by 56 publications

(32 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…They compute the adversarial illumination pattern on a image of the identity and use the cap to project that pattern on the face in physical world while presenting the face to the vision system. A related concept of 'adversarial light projection' is studied in [252] that projects a rather conspicuous pattern on faces to evade FaceNet model [253] in white-box settings. Other examples of physical world attack on face recognition systems include AdvHat [254] and adversarial patches for faces [255].…”

Section: Face Recognitionmentioning

confidence: 99%

Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey

2018

View full text Add to dashboard Cite

Deep learning is at the heart of the current rise of artificial intelligence. In the field of Computer Vision, it has become the workhorse for applications ranging from self-driving cars to surveillance and security. Whereas deep neural networks have demonstrated phenomenal success (often beyond human capabilities) in solving complex problems, recent studies show that they are vulnerable to adversarial attacks in the form of subtle perturbations to inputs that lead a model to predict incorrect outputs. For images, such perturbations are often too small to be perceptible, yet they completely fool the deep learning models. Adversarial attacks pose a serious threat to the success of deep learning in practice. This fact has recently lead to a large influx of contributions in this direction. This article presents the first comprehensive survey on adversarial attacks on deep learning in Computer Vision. We review the works that design adversarial attacks, analyze the existence of such attacks and propose defenses against them. To emphasize that adversarial attacks are possible in practical conditions, we separately review the contributions that evaluate adversarial attacks in the real-world scenarios. Finally, drawing on the reviewed literature, we provide a broader outlook of this research direction.

show abstract

Section: Face Recognitionmentioning

confidence: 99%

Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey

2018

View full text Add to dashboard Cite

show abstract

“…Nguyen et al [55] evaluated their approach against FaceNet, SphereFace, and one commercial-off-the-shelf FR system and confirmed the models' vulnerability to the light projection attacks. They used a similarity score threshold corresponding to FAR of 0.01% to determine if the attack is successful or not.…”

Section: Comparison Of Different Adversaries On Evaluation Processmentioning

confidence: 88%

“…• Dodging attack occurs when the attacker tries to have a face misidentified as any other arbitrary face. It is also known as obfuscation attack in the literature [55], [56]. • Evasion attack tries to evade the system by altering samples during the testing phase yet not influencing the training data.…”

Section: A Terms and Definitionsmentioning

confidence: 99%

“…Motivated by the differences in image-forming principles between cameras and human eyes, Shen et al [78] proposed the VLA attack against FR models. In a similar study, Nguyen et al [55] studied the feasibility of directing real-time physical attacks on FR systems by adversarial light projections using a web camera and a projector. In this approach, the authors captured the adversary's facial image with a camera and used one or more target images to (1) adjust the camera-projector setup according to the attack environment and (2) create a digital adversarial pattern.…”

Section: ) Physical Attacks-orientedmentioning

confidence: 99%

“…Regarding physical attacks orientation, authors in [78] proposed the VLA against blackbox FR systems. Nguyen et al [55] focused on real-time light projection-based attacks considering both white-and Representative study Adversarial capacity Adversarial Specificity [71] None None [72] Black-box Both [85] Black-box Targeted [89] White-box Non-targeted [81] White-box Targeted [82] White-box Targeted [90] Both Both [76], [91] White-box Both [92] White-box Both [78] Black-box Both [55] Both Both [80] White-box Non-targeted [93] White-box Both [83] White-box Non-targeted [94] White-box Targeted [56] Black-box Both black-box attack settings. In geometry-oriented attacks, Deb et al [56] demonstrated that faces generated by the AdvFaces adversarial face synthesis method could evade several blackbox contemporary face-matching techniques while achieving unprecedented attack SRs.…”

Section: ) the Capacitymentioning

confidence: 99%

See 2 more Smart Citations

Adversarial Attacks Against Face Recognition: A Comprehensive Study

2021

View full text Add to dashboard Cite

Face recognition (FR) systems have demonstrated reliable verification performance, suggesting suitability for real-world applications ranging from photo tagging in social media to automated border control (ABC). In an advanced FR system with deep learning-based architecture, however, promoting the recognition efficiency alone is not sufficient, and the system should also withstand potential kinds of attacks. Recent studies show that (deep) FR systems exhibit an intriguing vulnerability to imperceptible or perceptible but natural-looking adversarial input images that drive the model to incorrect output predictions. In this article, we present a comprehensive survey on adversarial attacks against FR systems and elaborate on the competence of new countermeasures against them. Further, we propose a taxonomy of existing attack and defense methods based on different criteria. We compare attack methods on the orientation, evaluation process, and attributes, and defense approaches on the category. Finally, we discuss the challenges and potential research direction.

show abstract

Adversarial Attacks on Face Recognition

Yang,

Zhu

2023

Handbook of Face Recognition

View full text Add to dashboard Cite

Adversarial Light Projection Attacks on Face Recognition Systems: A Feasibility Study

Cited by 56 publications

References 13 publications

Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey

Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey

Adversarial Attacks Against Face Recognition: A Comprehensive Study

Adversarial Attacks on Face Recognition

Contact Info

Product

Resources

About