Loading...
The Invisible Polyjuice Potion: an Effective Physical Adversarial Attack against Face Recognition
Wang, Ye
Wang, Ye
Citations
Altmetric:
Abstract
Face recognition systems have been targeted by recent physical adversarial machine learning attacks, which attach or project visible patterns on adversaries' faces to trick backend FR models. While these attacks have demonstrated effectiveness in the literature, they often rely on visibly suspicious patterns, are susceptible to environmental noise, or exhibit limited success rates in practice. In this paper, we propose a novel physical adversarial attack against deep face recognition systems, namely Agile (Adversarial Glasses with Infrared LasEr). It generates adjustable, invisible laser perturbations and emits them into the camera CMOS to launch dodging and impersonation attacks against facial biometrics systems. To do so, we first theoretically model physical adversarial perturbations and convert them to the digital domain. The generated synthesized attack signals are utilized to guide real-world laser settings. Our experiments with real-world attackers and a benchmark face database show that Agile is highly effective in DoS, dodging, and impersonation attacks. More importantly, the candidate impersonation target and optimal attack settings identified by Agile's attack synthesis approach are highly consistent with real-world physical attack results. The grey-box and black-box evaluation against commercial FR models also confirms the effectiveness of the Agile attack.
Description
These are the slides from a presentation given at CCS '24: Proceedings of the 2024 on ACM SIGSAC Conference on Computer and Communications Security on 10/17/2024.
Date
2024-10-17
Journal Title
Journal ISSN
Volume Title
Publisher
University of Kansas
Files
Loading...
YeWang_2024.pdf
Adobe PDF, 1.75 MB
Research Projects
Organizational Units
Journal Issue
Keywords
Physical Adversarial Attacks, Face Recognition, Infrared Laser