Using a GAN to Generate Adversarial Examples to Facial Image Recognition

TL;DR

This paper demonstrates how a simplified GAN can generate effective adversarial facial images to deceive recognition systems, with potential for mobile deployment due to reduced model size.

Contribution

It introduces a GAN-based method for creating adversarial facial images that bypass recognition, simplifying the model by removing the discriminator and employing knowledge distillation for efficiency.

Findings

Achieved high success rate in fooling facial recognition systems.

Reduced training time by removing the discriminator component.

Model size decreased significantly without performance loss.

Abstract

Images posted online present a privacy concern in that they may be used as reference examples for a facial recognition system. Such abuse of images is in violation of privacy rights but is difficult to counter. It is well established that adversarial example images can be created for recognition systems which are based on deep neural networks. These adversarial examples can be used to disrupt the utility of the images as reference examples or training data. In this work we use a Generative Adversarial Network (GAN) to create adversarial examples to deceive facial recognition and we achieve an acceptable success rate in fooling the face recognition. Our results reduce the training time for the GAN by removing the discriminator component. Furthermore, our results show knowledge distillation can be employed to drastically reduce the size of the resulting model without impacting performance indicating that our contribution could run comfortably on a smartphone