Cargando…
Adversarial Patch Attacks on Deep-Learning-Based Face Recognition Systems Using Generative Adversarial Networks
Deep learning technology has developed rapidly in recent years and has been successfully applied in many fields, including face recognition. Face recognition is used in many scenarios nowadays, including security control systems, access control management, health and safety management, employee atte...
Autores principales: | , , , , |
---|---|
Formato: | Online Artículo Texto |
Lenguaje: | English |
Publicado: |
MDPI
2023
|
Materias: | |
Acceso en línea: | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9863200/ https://www.ncbi.nlm.nih.gov/pubmed/36679651 http://dx.doi.org/10.3390/s23020853 |
_version_ | 1784875275989811200 |
---|---|
author | Hwang, Ren-Hung Lin, Jia-You Hsieh, Sun-Ying Lin, Hsuan-Yu Lin, Chia-Liang |
author_facet | Hwang, Ren-Hung Lin, Jia-You Hsieh, Sun-Ying Lin, Hsuan-Yu Lin, Chia-Liang |
author_sort | Hwang, Ren-Hung |
collection | PubMed |
description | Deep learning technology has developed rapidly in recent years and has been successfully applied in many fields, including face recognition. Face recognition is used in many scenarios nowadays, including security control systems, access control management, health and safety management, employee attendance monitoring, automatic border control, and face scan payment. However, deep learning models are vulnerable to adversarial attacks conducted by perturbing probe images to generate adversarial examples, or using adversarial patches to generate well-designed perturbations in specific regions of the image. Most previous studies on adversarial attacks assume that the attacker hacks into the system and knows the architecture and parameters behind the deep learning model. In other words, the attacked model is a white box. However, this scenario is unrepresentative of most real-world adversarial attacks. Consequently, the present study assumes the face recognition system to be a black box, over which the attacker has no control. A Generative Adversarial Network method is proposed for generating adversarial patches to carry out dodging and impersonation attacks on the targeted face recognition system. The experimental results show that the proposed method yields a higher attack success rate than previous works. |
format | Online Article Text |
id | pubmed-9863200 |
institution | National Center for Biotechnology Information |
language | English |
publishDate | 2023 |
publisher | MDPI |
record_format | MEDLINE/PubMed |
spelling | pubmed-98632002023-01-22 Adversarial Patch Attacks on Deep-Learning-Based Face Recognition Systems Using Generative Adversarial Networks Hwang, Ren-Hung Lin, Jia-You Hsieh, Sun-Ying Lin, Hsuan-Yu Lin, Chia-Liang Sensors (Basel) Article Deep learning technology has developed rapidly in recent years and has been successfully applied in many fields, including face recognition. Face recognition is used in many scenarios nowadays, including security control systems, access control management, health and safety management, employee attendance monitoring, automatic border control, and face scan payment. However, deep learning models are vulnerable to adversarial attacks conducted by perturbing probe images to generate adversarial examples, or using adversarial patches to generate well-designed perturbations in specific regions of the image. Most previous studies on adversarial attacks assume that the attacker hacks into the system and knows the architecture and parameters behind the deep learning model. In other words, the attacked model is a white box. However, this scenario is unrepresentative of most real-world adversarial attacks. Consequently, the present study assumes the face recognition system to be a black box, over which the attacker has no control. A Generative Adversarial Network method is proposed for generating adversarial patches to carry out dodging and impersonation attacks on the targeted face recognition system. The experimental results show that the proposed method yields a higher attack success rate than previous works. MDPI 2023-01-11 /pmc/articles/PMC9863200/ /pubmed/36679651 http://dx.doi.org/10.3390/s23020853 Text en © 2023 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/). |
spellingShingle | Article Hwang, Ren-Hung Lin, Jia-You Hsieh, Sun-Ying Lin, Hsuan-Yu Lin, Chia-Liang Adversarial Patch Attacks on Deep-Learning-Based Face Recognition Systems Using Generative Adversarial Networks |
title | Adversarial Patch Attacks on Deep-Learning-Based Face Recognition Systems Using Generative Adversarial Networks |
title_full | Adversarial Patch Attacks on Deep-Learning-Based Face Recognition Systems Using Generative Adversarial Networks |
title_fullStr | Adversarial Patch Attacks on Deep-Learning-Based Face Recognition Systems Using Generative Adversarial Networks |
title_full_unstemmed | Adversarial Patch Attacks on Deep-Learning-Based Face Recognition Systems Using Generative Adversarial Networks |
title_short | Adversarial Patch Attacks on Deep-Learning-Based Face Recognition Systems Using Generative Adversarial Networks |
title_sort | adversarial patch attacks on deep-learning-based face recognition systems using generative adversarial networks |
topic | Article |
url | https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9863200/ https://www.ncbi.nlm.nih.gov/pubmed/36679651 http://dx.doi.org/10.3390/s23020853 |
work_keys_str_mv | AT hwangrenhung adversarialpatchattacksondeeplearningbasedfacerecognitionsystemsusinggenerativeadversarialnetworks AT linjiayou adversarialpatchattacksondeeplearningbasedfacerecognitionsystemsusinggenerativeadversarialnetworks AT hsiehsunying adversarialpatchattacksondeeplearningbasedfacerecognitionsystemsusinggenerativeadversarialnetworks AT linhsuanyu adversarialpatchattacksondeeplearningbasedfacerecognitionsystemsusinggenerativeadversarialnetworks AT linchialiang adversarialpatchattacksondeeplearningbasedfacerecognitionsystemsusinggenerativeadversarialnetworks |