面向人脸验证的可迁移对抗样本生成方法

在人脸识别模型的人脸验证任务中，传统的对抗攻击方法无法快速生成真实自然的对抗样本，且对单模型的白盒攻击迁移到其他人脸识别模型上时攻击效果欠佳。该文提出一种基于生成对抗网络的可迁移对抗样本生成方法TAdvFace。TAdvFace采用注意力生成器提高面部特征的提取能力，利用高斯滤波操作提高对抗样本的平滑度，并用自动调整策略调节身份判别损失权重，能够根据不同的人脸图像快速地生成高质量可迁移的对抗样本。实验结果表明，TAdvFace通过单模型的白盒训练，生成的对抗样本能够在多种人脸识别模型和商业API模型上都取得较好的攻击效果，拥有较好的迁移性。

Transferable Adversarial Example Generation Method For Face Verification

In the face verification task of the face recognition model, traditional adversarial attack methods can not quickly generate real and natural adversarial examples, and the adversarial examples generated for one model under the white-box setting perform worse when transferred to other models. A GAN-based method TAdvFace is proposed for transferable adversarial example generation. TAdvFace uses an attention generator to improve the extraction of facial features. A Gaussian filtering operation is used to improve the smoothness of the adversarial samples. An automatic adjustment strategy is used to adjust the loss weight of identity discrimination, which can quickly generate high-quality migratable adversarial samples based on different face images. Experimental results show that through the white box training of a single model, the adversarial examples generated by the TAdvFace can achieve great attack results and transferability in a variety of face recognition models and commercial API models.