A Master Key Backdoor for Universal Impersonation Attack against DNN-based Face Verification
Wei Guo, Benedetta Tondi, Mauro Barni
TL;DR
This paper presents a novel backdoor attack on DNN-based face verification systems that enables universal impersonation without prior knowledge of specific victims, highlighting security vulnerabilities.
Contribution
It introduces the Master Key backdoor attack, allowing universal impersonation in open-set face verification systems by manipulating training to activate a hidden backdoor.
Findings
High success rate with as little as 0.01% poisoned data
Effective on Siamese-DNN face verification systems
Raises security concerns for DNN-based face verification
Abstract
We introduce a new attack against face verification systems based on Deep Neural Networks (DNN). The attack relies on the introduction into the network of a hidden backdoor, whose activation at test time induces a verification error allowing the attacker to impersonate any user. The new attack, named Master Key backdoor attack, operates by interfering with the training phase, so to instruct the DNN to always output a positive verification answer when the face of the attacker is presented at its input. With respect to existing attacks, the new backdoor attack offers much more flexibility, since the attacker does not need to know the identity of the victim beforehand. In this way, he can deploy a Universal Impersonation attack in an open-set framework, allowing him to impersonate any enrolled users, even those that were not yet enrolled in the system when the attack was conceived. We…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.