Articolo in rivista, 2020, ENG, 10.1016/j.patrec.2020.10.008

Cross-resolution face recognition adversarial attacks

Massoli F.V.; Falchi F.; Amato G.

CNR-ISTI, Pisa, Italy; CNR-ISTI, Pisa, Italy; CNR-ISTI, Pisa, Italy

Face Recognition is among the best examples of computer vision problems where the supremacy of deep learning techniques compared to standard ones is undeniable. Unfortunately, it has been shown that they are vulnerable to adversarial examples - input images to which a human imperceptible perturbation is added to lead a learning model to output a wrong prediction. Moreover, in applications such as biometric systems and forensics, cross-resolution scenarios are easily met with a non-negligible impact on the recognition performance and adversary's success. Despite the existence of such vulnerabilities set a harsh limit to the spread of deep learning-based face recognition systems to real-world applications, a comprehensive analysis of their behavior when threatened in a cross-resolution setting is missing in the literature. In this context, we posit our study, where we harness several of the strongest adversarial attacks against deep learning-based face recognition systems considering the cross-resolution domain. To craft adversarial instances, we exploit attacks based on three different metrics, i.e., L, L, and L, and we study the resilience of the models across resolutions. We then evaluate the performance of the systems against the face identification protocol, open- and close-set. In our study, we find that the deep representation attacks represents a much dangerous menace to a face recognition system than the ones based on the classification output independently from the used metric. Furthermore, we notice that the input image's resolution has a non-negligible impact on an adversary's success in deceiving a learning model. Finally, by comparing the performance of the threatened networks under analysis, we show how they can benefit from a cross-resolution training approach in terms of resilience to adversarial attacks.

Pattern recognition letters 140 , pp. 222–229

Keywords

face recognition, cross-resolution, adversarial examples, deep learning, adversarial machine learning, pattern recognition, recognition

CNR authors

Massoli Fabio Valerio, Amato Giuseppe, Falchi Fabrizio

CNR institutes

ISTI – Istituto di scienza e tecnologie dell'informazione "Alessandro Faedo"

ID: 435198

Year: 2020

Type: Articolo in rivista

Creation: 2020-11-03 09:28:53.000

Last update: 2023-06-27 11:45:24.000

External IDs

CNR OAI-PMH: oai:it.cnr:prodotti:435198

DOI: 10.1016/j.patrec.2020.10.008

Scopus: 2-s2.0-85093961105

ISI Web of Science (WOS): 000595366500031