AdvHat: Real-World Adversarial Attack on ArcFace Face ID System

In this paper we propose a novel easily reproducible technique to attack the best public Face ID system ArcFace in different shooting conditions. To create an attack, we print the rectangular paper sticker on a common color printer and put it on the hat. The adversarial sticker is prepared with a no...

Full description

Saved in:
Bibliographic Details
Published in2020 25th International Conference on Pattern Recognition (ICPR) pp. 819 - 826
Main Authors Komkov, Stepan, Petiushko, Aleksandr
Format Conference Proceeding
LanguageEnglish
Published IEEE 10.01.2021
Subjects
Face recognition
Image color analysis
Printers
Online AccessGet full text

Cover

More Information
Summary:In this paper we propose a novel easily reproducible technique to attack the best public Face ID system ArcFace in different shooting conditions. To create an attack, we print the rectangular paper sticker on a common color printer and put it on the hat. The adversarial sticker is prepared with a novel algorithm for off-plane transformations of the image which imitates sticker location on the hat. Such an approach confuses the state-of-the-art public Face ID model LResNet100E-IR, ArcFace@ms1m-refine-v2 and is transferable to other Face ID models.
DOI:10.1109/ICPR48806.2021.9412236