Unpaired Image-to-Image Translation Network for Semantic-based Face Adversarial Examples Generation

Abstract

Recent studies have shown that neural networks are vulnerable to adversarial example (AE) attacks. However, the existing AE generation techniques restrict the pixel perturbation to improve imperceptibility, resulting in low attack success rates. Although increasing perturbations can improve the attack success rate, the imperceptibility of AEs will be reduced. In order to mitigate this contradiction, we propose a new attack method, named AttAdvGAN, which uses adversarial-consistency loss for unpaired image-to-image translation to generate semantic-based AEs for faces, encouraging the generated image contains important features of the original image and hiding adversarial perturbations into shared feature in the target domain. Experiment results show that the proposed approach can generate imperceptible face AEs on the CelebA dataset with high attack success rate in fooling the state-of-the-art face recognition model. In addition, our proposed method can also be used for facial privacy protection.