English

Face Pasting Attack

Computer Vision and Pattern Recognition 2022-10-20 v2 Machine Learning
Authors: Niklas Bunzel , Lukas Graner
View on arXiv PDF

Abstract

Cujo AI and Adversa AI hosted the MLSec face recognition challenge. The goal was to attack a black box face recognition model with targeted attacks. The model returned the confidence of the target class and a stealthiness score. For an attack to be considered successful the target class has to have the highest confidence among all classes and the stealthiness has to be at least 0.5. In our approach we paste the face of a target into a source image. By utilizing position, scaling, rotation and transparency attributes we reached 3rd place. Our approach took approximately 200 queries per attack for the final highest score and about ~7.7 queries minimum for a successful attack. The code is available at https://github.com/bunni90/FacePastingAttack .

Cite

@article{arxiv.2210.09153,
  title  = {Face Pasting Attack},
  author = {Niklas Bunzel and Lukas Graner},
  journal= {arXiv preprint arXiv:2210.09153},
  year   = {2022}
}

Related papers

View all related →
Computer Vision and Pattern Recognition · Computer Science
An Attack on Facial Soft-biometric Privacy Enhancement
Dailé Osorio-Roig, Christian Rathgeb, Pawel Drozdowski, Philipp Terhörst +2
2022-05-18
Computer Vision and Pattern Recognition · Computer Science
Adversarial Camouflage
Paweł Borsukiewicz, Daniele Lunghi, Melissa Tessa, Jacques Klein +1
2026-03-24
Computer Vision and Pattern Recognition · Computer Science
Backdoor Attacks on Deep Learning Face Detection
Quentin Le Roux, Yannick Teglia, Teddy Furon, Philippe Loubet-Moundi
2025-08-04
Computer Vision and Pattern Recognition · Computer Science
FaceSpoof Buster: a Presentation Attack Detector Based on Intrinsic Image Properties and Deep Learning
Rodrigo Bresan, Allan Pinto, Anderson Rocha, Carlos Beluzo +1
2019-02-11
Cryptography and Security · Computer Science
Invisible Mask: Practical Attacks on Face Recognition with Infrared
Zhe Zhou, Di Tang, Xiaofeng Wang, Weili Han +2
2018-03-14
Computer Vision and Pattern Recognition · Computer Science
High Resolution Face Completion with Multiple Controllable Attributes via Fully End-to-End Progressive Generative Adversarial Networks
Zeyuan Chen, Shaoliang Nie, Tianfu Wu, Christopher G. Healey
2018-01-24
Machine Learning · Computer Science
Fast Geometrically-Perturbed Adversarial Faces
Ali Dabouei, Sobhan Soleymani, Jeremy Dawson, Nasser M. Nasrabadi
2018-10-01
Machine Learning · Statistics
Guessing Smart: Biased Sampling for Efficient Black-Box Adversarial Attacks
Thomas Brunner, Frederik Diehl, Michael Truong Le, Alois Knoll
2021-04-30
Computer Vision and Pattern Recognition · Computer Science
Privacy Attacks Against Biometric Models with Fewer Samples: Incorporating the Output of Multiple Models
Sohaib Ahmad, Benjamin Fuller, Kaleel Mahmood
2022-09-23
Computer Vision and Pattern Recognition · Computer Science
Adversarial Attacks on Face Detectors using Neural Net based Constrained Optimization
Avishek Joey Bose, Parham Aarabi
2018-06-01
Computer Vision and Pattern Recognition · Computer Science
Efficient Decision-based Black-box Adversarial Attacks on Face Recognition
Yinpeng Dong, Hang Su, Baoyuan Wu, Zhifeng Li +3
2019-04-10
Computer Vision and Pattern Recognition · Computer Science
Distortion-Aware Adversarial Attacks on Bounding Boxes of Object Detectors
Pham Phuc, Son Vuong, Khang Nguyen, Tuan Dang
2024-12-30
Software Engineering · Computer Science
Towards Black-box Attacks on Deep Learning Apps
Hongchen Cao, Shuai Li, Yuming Zhou, Ming Fan +2
2021-07-28
Computer Vision and Pattern Recognition · Computer Science
Query Efficient Cross-Dataset Transferable Black-Box Attack on Action Recognition
Rohit Gupta, Naveed Akhtar, Gaurav Kumar Nayak, Ajmal Mian +1
2022-11-24
Computer Vision and Pattern Recognition · Computer Science
Copy and Paste: A Simple But Effective Initialization Method for Black-Box Adversarial Attacks
Thomas Brunner, Frederik Diehl, Alois Knoll
2020-01-01
Computer Vision and Pattern Recognition · Computer Science
Exploring the Adversarial Robustness of Face Forgery Detection with Decision-based Black-box Attacks
Zhaoyu Chen, Bo Li, Kaixun Jiang, Shuang Wu +2
2025-11-13
Computer Vision and Pattern Recognition · Computer Science
Robust Face Tracking using Multiple Appearance Models and Graph Relational Learning
Tanushri Chakravorty, Guillaume-Alexandre Bilodeau, Eric Granger
2018-08-31
Computer Vision and Pattern Recognition · Computer Science
AdvGen: Physical Adversarial Attack on Face Presentation Attack Detection Systems
Sai Amrit Patnaik, Shivali Chansoriya, Anil K. Jain, Anoop M. Namboodiri
2023-11-21
Computer Vision and Pattern Recognition · Computer Science
Is Face Recognition Safe from Realizable Attacks?
Sanjay Saha, Terence Sim
2023-05-12
Computer Vision and Pattern Recognition · Computer Science
Point Adversarial Self Mining: A Simple Method for Facial Expression Recognition
Ping Liu, Yuewei Lin, Zibo Meng, Lu Lu +3
2021-05-11
Computer Vision and Pattern Recognition · Computer Science
Non-Adaptive Adversarial Face Generation
Sunpill Kim, Seunghun Paik, Chanwoo Hwang, Minsu Kim +1
2025-07-17
Computer Vision and Pattern Recognition · Computer Science
On the (Limited) Generalization of MasterFace Attacks and Its Relation to the Capacity of Face Representations
Philipp Terhörst, Florian Bierbaum, Marco Huber, Naser Damer +3
2022-04-04
Cryptography and Security · Computer Science
On Feasibility of Intent Obfuscating Attacks
Zhaobin Li, Patrick Shafto
2024-08-30
Computer Vision and Pattern Recognition · Computer Science
Learning Meta Model for Zero- and Few-shot Face Anti-spoofing
Yunxiao Qin, Chenxu Zhao, Xiangyu Zhu, Zezheng Wang +5
2021-09-08
Computer Vision and Pattern Recognition · Computer Science
Approximating Optimal Morphing Attacks using Template Inversion
Laurent Colbois, Hatef Otroshi Shahreza, Sébastien Marcel
2024-10-23
R2 v1 2026-06-28T03:49:42.687Z