Adversarial Attacks against Face Recognition: A Comprehensive Study

Fatemeh Vakhshiteh, Ahmad Nickabadi, Raghavendra Ramachandra
2021 IEEE Access  
Face recognition (FR) systems have demonstrated reliable verification performance, suggesting suitability for real-world applications ranging from photo tagging in social media to automated border control (ABC). In an advanced FR system with deep learning-based architecture, however, promoting the recognition efficiency alone is not sufficient, and the system should also withstand potential kinds of attacks. Recent studies show that (deep) FR systems exhibit an intriguing vulnerability to
more » ... eptible or perceptible but natural-looking adversarial input images that drive the model to incorrect output predictions. In this article, we present a comprehensive survey on adversarial attacks against FR systems and elaborate on the competence of new countermeasures against them. Further, we propose a taxonomy of existing attack and defense methods based on different criteria. We compare attack methods on the orientation, evaluation process, and attributes, and defense approaches on the category. Finally, we discuss the challenges and potential research direction. This work is licensed under a Creative Commons Attribution 4.0 License. For more information, see https://creativecommons.org/licenses/by/4.0/ This article has been accepted for publication in a future issue of this journal, but has not been fully edited. Content may change prior to final publication. Citation information: DOI 10.1109/ACCESS.2021.3092646, IEEE Access 3 of robustness against complicated nonlinear facial appearance variations. These traditional methods attempted to recognize faces by one-or two-layer representations and improved FR accuracy The goal is to explore each aspect of unconstrained facial variations, including illumination, pose, expression, or occlusion, separately. The advent of deep learning methods resolved the limitations of traditional methods. In deeplearning-based FR approaches, multiple layers of processing units learn multiple representations that correspond to different levels of abstraction. Interestingly, the higher-level abstract representations have demonstrated a strong invariance against face illumination, pose, expression, and occlusion changes, and represented facial identity with extraordinary stability. In 2014, DeepFace [3] attained stateof-the-art accuracy on the Labeled Faces in the Wild (LFW) dataset [40] . In an unconstrained condition, it competed successfully with the human performance for the first time and approached the desired accuracy by training a 9-layer network on 4 million facial images. Deep learning techniques have reformed the research horizon of FR in almost all aspects, from algorithm designs and training/test datasets to application setups and evaluation protocols.
doi:10.1109/access.2021.3092646 fatcat:7cj5z57wxvcbvjmckifkobraoq