摘要
在人脸识别模型的人脸验证任务中,传统的对抗攻击方法无法快速生成真实自然的对抗样本,且对单模型的白盒攻击迁移到其他人脸识别模型上时攻击效果欠佳。该文提出一种基于生成对抗网络的可迁移对抗样本生成方法TAdvFace。TAdvFace采用注意力生成器提高面部特征的提取能力,利用高斯滤波操作提高对抗样本的平滑度,并用自动调整策略调节身份判别损失权重,能够根据不同的人脸图像快速地生成高质量可迁移的对抗样本。实验结果表明,TAdvFace通过单模型的白盒训练,生成的对抗样本能够在多种人脸识别模型和商业API模型上都取得较好的攻击效果,拥有较好的迁移性。
In the face verification task of the face recognition model,traditional adversarial attack methods can not quickly generate real and natural adversarial examples,and the adversarial examples generated for one model under the white-box setting perform worse when transferred to other models.A GAN-based method TAdvFace is proposed for transferable adversarial example generation.TAdvFace uses an attention generator to improve the extraction of facial features.A Gaussian filtering operation is used to improve the smoothness of the adversarial samples.An automatic adjustment strategy is used to adjust the loss weight of identity discrimination,which can quickly generate high-quality migratable adversarial samples based on different face images.Experimental results show that through the white box training of a single model,the adversarial examples generated by the TAdvFace can achieve great attack results and transferability in a variety of face recognition models and commercial API models.
作者
孙军梅
潘振雄
李秀梅
袁珑
张鑫
SUN Junmei;PAN Zhenxiong;LI Xiumei;YUAN Long;ZHANG Xin(School of Information Science and Technology,Hangzhou Normal University,Hangzhou 311121,China)
出处
《电子与信息学报》
EI
CSCD
北大核心
2023年第5期1842-1851,共10页
Journal of Electronics & Information Technology
基金
国家自然科学基金(61801159,61571174)
杭州市科技计划项目(20201203B124)。
关键词
人脸验证
对抗样本
生成对抗网络
迁移性
Face verification
Adversarial example
Generate adversarial networks
Transferability
