Articolo in rivista, 2020, ENG, 10.1016/j.patrec.2020.10.008
Massoli F.V.; Falchi F.; Amato G.
CNR-ISTI, Pisa, Italy; CNR-ISTI, Pisa, Italy; CNR-ISTI, Pisa, Italy
Face Recognition is among the best examples of computer vision problems where the supremacy of deep learning techniques compared to standard ones is undeniable. Unfortunately, it has been shown that they are vulnerable to adversarial examples - input images to which a human imperceptible perturbation is added to lead a learning model to output a wrong prediction. Moreover, in applications such as biometric systems and forensics, cross-resolution scenarios are easily met with a non-negligible impact on the recognition performance and adversary's success. Despite the existence of such vulnerabilities set a harsh limit to the spread of deep learning-based face recognition systems to real-world applications, a comprehensive analysis of their behavior when threatened in a cross-resolution setting is missing in the literature. In this context, we posit our study, where we harness several of the strongest adversarial attacks against deep learning-based face recognition systems considering the cross-resolution domain. To craft adversarial instances, we exploit attacks based on three different metrics, i.e., L, L, and L, and we study the resilience of the models across resolutions. We then evaluate the performance of the systems against the face identification protocol, open- and close-set. In our study, we find that the deep representation attacks represents a much dangerous menace to a face recognition system than the ones based on the classification output independently from the used metric. Furthermore, we notice that the input image's resolution has a non-negligible impact on an adversary's success in deceiving a learning model. Finally, by comparing the performance of the threatened networks under analysis, we show how they can benefit from a cross-resolution training approach in terms of resilience to adversarial attacks.
Pattern recognition letters 140 , pp. 222–229
face recognition, cross-resolution, adversarial examples, deep learning, adversarial machine learning, pattern recognition, recognition
Massoli Fabio Valerio, Amato Giuseppe, Falchi Fabrizio
ISTI – Istituto di scienza e tecnologie dell'informazione "Alessandro Faedo"
ID: 435198
Year: 2020
Type: Articolo in rivista
Creation: 2020-11-03 09:28:53.000
Last update: 2023-06-27 11:45:24.000
External links
OAI-PMH: Dublin Core
OAI-PMH: Mods
OAI-PMH: RDF
DOI: 10.1016/j.patrec.2020.10.008
URL: https://www.sciencedirect.com/science/article/abs/pii/S0167865520303950?via%3Dihub
External IDs
CNR OAI-PMH: oai:it.cnr:prodotti:435198
DOI: 10.1016/j.patrec.2020.10.008
Scopus: 2-s2.0-85093961105
ISI Web of Science (WOS): 000595366500031