Cargando…

Adversarial Patch Attacks on Deep-Learning-Based Face Recognition Systems Using Generative Adversarial Networks

Deep learning technology has developed rapidly in recent years and has been successfully applied in many fields, including face recognition. Face recognition is used in many scenarios nowadays, including security control systems, access control management, health and safety management, employee atte...

Descripción completa

Detalles Bibliográficos
Autores principales: Hwang, Ren-Hung, Lin, Jia-You, Hsieh, Sun-Ying, Lin, Hsuan-Yu, Lin, Chia-Liang
Formato: Online Artículo Texto
Lenguaje:English
Publicado: MDPI 2023
Materias:
Acceso en línea:https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9863200/
https://www.ncbi.nlm.nih.gov/pubmed/36679651
http://dx.doi.org/10.3390/s23020853
_version_ 1784875275989811200
author Hwang, Ren-Hung
Lin, Jia-You
Hsieh, Sun-Ying
Lin, Hsuan-Yu
Lin, Chia-Liang
author_facet Hwang, Ren-Hung
Lin, Jia-You
Hsieh, Sun-Ying
Lin, Hsuan-Yu
Lin, Chia-Liang
author_sort Hwang, Ren-Hung
collection PubMed
description Deep learning technology has developed rapidly in recent years and has been successfully applied in many fields, including face recognition. Face recognition is used in many scenarios nowadays, including security control systems, access control management, health and safety management, employee attendance monitoring, automatic border control, and face scan payment. However, deep learning models are vulnerable to adversarial attacks conducted by perturbing probe images to generate adversarial examples, or using adversarial patches to generate well-designed perturbations in specific regions of the image. Most previous studies on adversarial attacks assume that the attacker hacks into the system and knows the architecture and parameters behind the deep learning model. In other words, the attacked model is a white box. However, this scenario is unrepresentative of most real-world adversarial attacks. Consequently, the present study assumes the face recognition system to be a black box, over which the attacker has no control. A Generative Adversarial Network method is proposed for generating adversarial patches to carry out dodging and impersonation attacks on the targeted face recognition system. The experimental results show that the proposed method yields a higher attack success rate than previous works.
format Online
Article
Text
id pubmed-9863200
institution National Center for Biotechnology Information
language English
publishDate 2023
publisher MDPI
record_format MEDLINE/PubMed
spelling pubmed-98632002023-01-22 Adversarial Patch Attacks on Deep-Learning-Based Face Recognition Systems Using Generative Adversarial Networks Hwang, Ren-Hung Lin, Jia-You Hsieh, Sun-Ying Lin, Hsuan-Yu Lin, Chia-Liang Sensors (Basel) Article Deep learning technology has developed rapidly in recent years and has been successfully applied in many fields, including face recognition. Face recognition is used in many scenarios nowadays, including security control systems, access control management, health and safety management, employee attendance monitoring, automatic border control, and face scan payment. However, deep learning models are vulnerable to adversarial attacks conducted by perturbing probe images to generate adversarial examples, or using adversarial patches to generate well-designed perturbations in specific regions of the image. Most previous studies on adversarial attacks assume that the attacker hacks into the system and knows the architecture and parameters behind the deep learning model. In other words, the attacked model is a white box. However, this scenario is unrepresentative of most real-world adversarial attacks. Consequently, the present study assumes the face recognition system to be a black box, over which the attacker has no control. A Generative Adversarial Network method is proposed for generating adversarial patches to carry out dodging and impersonation attacks on the targeted face recognition system. The experimental results show that the proposed method yields a higher attack success rate than previous works. MDPI 2023-01-11 /pmc/articles/PMC9863200/ /pubmed/36679651 http://dx.doi.org/10.3390/s23020853 Text en © 2023 by the authors. https://creativecommons.org/licenses/by/4.0/Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
spellingShingle Article
Hwang, Ren-Hung
Lin, Jia-You
Hsieh, Sun-Ying
Lin, Hsuan-Yu
Lin, Chia-Liang
Adversarial Patch Attacks on Deep-Learning-Based Face Recognition Systems Using Generative Adversarial Networks
title Adversarial Patch Attacks on Deep-Learning-Based Face Recognition Systems Using Generative Adversarial Networks
title_full Adversarial Patch Attacks on Deep-Learning-Based Face Recognition Systems Using Generative Adversarial Networks
title_fullStr Adversarial Patch Attacks on Deep-Learning-Based Face Recognition Systems Using Generative Adversarial Networks
title_full_unstemmed Adversarial Patch Attacks on Deep-Learning-Based Face Recognition Systems Using Generative Adversarial Networks
title_short Adversarial Patch Attacks on Deep-Learning-Based Face Recognition Systems Using Generative Adversarial Networks
title_sort adversarial patch attacks on deep-learning-based face recognition systems using generative adversarial networks
topic Article
url https://www.ncbi.nlm.nih.gov/pmc/articles/PMC9863200/
https://www.ncbi.nlm.nih.gov/pubmed/36679651
http://dx.doi.org/10.3390/s23020853
work_keys_str_mv AT hwangrenhung adversarialpatchattacksondeeplearningbasedfacerecognitionsystemsusinggenerativeadversarialnetworks
AT linjiayou adversarialpatchattacksondeeplearningbasedfacerecognitionsystemsusinggenerativeadversarialnetworks
AT hsiehsunying adversarialpatchattacksondeeplearningbasedfacerecognitionsystemsusinggenerativeadversarialnetworks
AT linhsuanyu adversarialpatchattacksondeeplearningbasedfacerecognitionsystemsusinggenerativeadversarialnetworks
AT linchialiang adversarialpatchattacksondeeplearningbasedfacerecognitionsystemsusinggenerativeadversarialnetworks