TL;DR
This paper introduces AdvHat, a practical adversarial attack method that uses printed stickers on hats to deceive state-of-the-art Face ID systems like ArcFace under various conditions, highlighting vulnerabilities in facial recognition security.
Contribution
The paper presents a novel, reproducible attack technique using off-plane transformations of printed stickers on hats to fool advanced Face ID models, demonstrating real-world applicability.
Findings
Successfully fools ArcFace and similar models in different conditions
The attack is easily reproducible with common printing tools
Transferability of attack to other Face ID systems
Abstract
In this paper we propose a novel easily reproducible technique to attack the best public Face ID system ArcFace in different shooting conditions. To create an attack, we print the rectangular paper sticker on a common color printer and put it on the hat. The adversarial sticker is prepared with a novel algorithm for off-plane transformations of the image which imitates sticker location on the hat. Such an approach confuses the state-of-the-art public Face ID model LResNet100E-IR, ArcFace@ms1m-refine-v2 and is transferable to other Face ID models.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
MethodsAdditive Angular Margin Loss
