Adversarial Attacks against Face Recognition: A Comprehensive Study

TL;DR

This paper provides a comprehensive survey of adversarial attacks on face recognition systems, analyzing attack and defense methods, and discussing challenges and future research directions.

Contribution

It offers a detailed taxonomy of attack and defense techniques against face recognition, including comparative analysis and insights into future research challenges.

Findings

Adversarial attacks can deceive face recognition systems with imperceptible images.

Defense methods vary in effectiveness depending on attack type and scenario.

The survey highlights the need for robust countermeasures and identifies research gaps.

Abstract

Face recognition (FR) systems have demonstrated outstanding verification performance, suggesting suitability for real-world applications ranging from photo tagging in social media to automated border control (ABC). In an advanced FR system with deep learning-based architecture, however, promoting the recognition efficiency alone is not sufficient, and the system should also withstand potential kinds of attacks designed to target its proficiency. Recent studies show that (deep) FR systems exhibit an intriguing vulnerability to imperceptible or perceptible but natural-looking adversarial input images that drive the model to incorrect output predictions. In this article, we present a comprehensive survey on adversarial attacks against FR systems and elaborate on the competence of new countermeasures against them. Further, we propose a taxonomy of existing attack and defense methods based on different criteria. We compare attack methods on the orientation and attributes and defense approaches on the category. Finally, we explore the challenges and potential research direction.