Universal Adversarial Spoofing Attacks against Face Recognition

TL;DR

This paper introduces universal adversarial spoofing examples that can fool deep face recognition systems into recognizing multiple different identities, highlighting a significant security vulnerability.

Contribution

The authors propose a novel universal adversarial attack method that is effective across multiple identities and unknown faces, exposing critical security flaws in face recognition systems.

Findings

Achieved 99% success rate in spoofing identities

Universal adversarial examples work on unseen identities

Highlighting vulnerability of face recognition to multi-identity spoofing

Abstract

We assess the vulnerabilities of deep face recognition systems for images that falsify/spoof multiple identities simultaneously. We demonstrate that, by manipulating the deep feature representation extracted from a face image via imperceptibly small perturbations added at the pixel level using our proposed Universal Adversarial Spoofing Examples (UAXs), one can fool a face verification system into recognizing that the face image belongs to multiple different identities with a high success rate. One characteristic of the UAXs crafted with our method is that they are universal (identity-agnostic); they are successful even against identities not known in advance. For a certain deep neural network, we show that we are able to spoof almost all tested identities (99\%), including those not known beforehand (not included in training). Our results indicate that a multiple-identity attack is a real threat and should be taken into account when deploying face recognition systems.