We assess the vulnerabilities of deep face recognition systems for images that falsify/spoof multiple identities simultaneously. We demonstrate that, by manipulating the deep feature representation extracted from a face image via imperceptibly small perturbations added at the pixel level using our proposed Universal Adversarial Spoofing Examples (UAXs), one can fool a face verification system into recognizing that the face image belongs to multiple different identities with a high success rate. One characteristic of the UAXs crafted with our method is that they are universal (identity-agnostic); they are successful even against identities not known in advance. For a certain deep neural network, we show that we are able to spoof almost all tested identities (99\%), including those not known beforehand (not included in training). Our results indicate that a multiple-identity attack is a real threat and should be taken into account when deploying face recognition systems.
@article{arxiv.2110.00708,
title = {Universal Adversarial Spoofing Attacks against Face Recognition},
author = {Takuma Amada and Seng Pei Liew and Kazuya Kakizaki and Toshinori Araki},
journal= {arXiv preprint arXiv:2110.00708},
year = {2021}
}
Comments
Accepted to International Joint Conference on Biometrics (IJCB 2021)