English

Face Pasting Attack

Computer Vision and Pattern Recognition 2022-10-20 v2 Machine Learning

Abstract

Cujo AI and Adversa AI hosted the MLSec face recognition challenge. The goal was to attack a black box face recognition model with targeted attacks. The model returned the confidence of the target class and a stealthiness score. For an attack to be considered successful the target class has to have the highest confidence among all classes and the stealthiness has to be at least 0.5. In our approach we paste the face of a target into a source image. By utilizing position, scaling, rotation and transparency attributes we reached 3rd place. Our approach took approximately 200 queries per attack for the final highest score and about ~7.7 queries minimum for a successful attack. The code is available at https://github.com/bunni90/FacePastingAttack .

Cite

@article{arxiv.2210.09153,
  title  = {Face Pasting Attack},
  author = {Niklas Bunzel and Lukas Graner},
  journal= {arXiv preprint arXiv:2210.09153},
  year   = {2022}
}
R2 v1 2026-06-28T03:49:42.687Z