Improving Adversarial Attacks on Face Recognition Using a Modified Image Translation Model

Abstract

Deep learning models have been widely applied in various computer vision tasks because of their remarkable achievements. However the appearance of adversarial examples reveals vulnerability of these deep neural networks (DNNs) and brings security problems into researchers’ concern. Strategies on generating adversarial examples with unlimited perturbation are extensively explored, but how to acquire a higher success rate with limited perturbation is still unsolved and is comparably challenging. In this paper, to motivate more research on defence against adversarial attacks and mechanisms inside deep neural networks, we propose an application of our BiasGAN scheme to face images in face recognition tasks. BiasGAN can be inserted as a preprocesser prior to conducting adversarial attacks on face recognition models to get better attack performance. Experimental results demonstrate that our method can make improvements at different perturbation levels and achieve even better performance in challenges in a low perturbation range.