AdvHat: Real-World Adversarial Attack on ArcFace Face ID System

Stepan Komkov, Aleksandr Petiushko Александр Петюшко
January, 2021
PDF Cite Code Poster Slides Video Source Document DOI arXiv Demo

Abstract

In this paper we propose a novel easily reproducible technique to attack the best public Face ID system ArcFace in different shooting conditions. To create an attack, we print the rectangular paper sticker on a common color printer and put it on the hat. The adversarial sticker is prepared with a novel algorithm for off-plane transformations of the image which imitates sticker location on the hat. Such an approach confuses the state-of-the-art public Face ID model LResNet100E-IR, ArcFace@ms1m-refine-v2 and is transferable to other Face ID models.

Type
Conference paper
Publication
In 25th International Conference on Pattern Recognition (ICPR 2020)

Mentioned in video.

Embeddings Similarity Image Embedding Face Embedding Robustness Adversarial Attack Real-world Face Recognition FaceID Image Transformations Arcface Computer Vision Deep Learning
Aleksandr Petiushko Александр Петюшко
Aleksandr Petiushko Александр Петюшко
Sr. Director, Head of AI Research / Adjunct Professor / PhD

Principal R&D Researcher (15+ years of experience), R&D Technical Leader (10+ years of experience), and R&D Manager (8+ years of experience). Running and managing industrial research and academic collaboration (35+ publications, 30+ patents). Hiring and transforming AI/ML teams. Inspired by theoretical computer science and how it changes the world.