Face Pasting Attack
Niklas Bunzel, Lukas Graner
TL;DR
This paper presents a face pasting attack method against black box face recognition models, achieving successful targeted attacks with minimal queries by pasting and manipulating target faces in source images.
Contribution
It introduces a face pasting attack technique that effectively fools face recognition models with low query counts, advancing attack strategies in black box settings.
Findings
Achieved 3rd place in the MLSec face recognition challenge.
Approximately 7.7 queries needed for a successful attack.
200 queries used for the highest scoring attack.
Abstract
Cujo AI and Adversa AI hosted the MLSec face recognition challenge. The goal was to attack a black box face recognition model with targeted attacks. The model returned the confidence of the target class and a stealthiness score. For an attack to be considered successful the target class has to have the highest confidence among all classes and the stealthiness has to be at least 0.5. In our approach we paste the face of a target into a source image. By utilizing position, scaling, rotation and transparency attributes we reached 3rd place. Our approach took approximately 200 queries per attack for the final highest score and about ~7.7 queries minimum for a successful attack. The code is available at https://github.com/bunni90/FacePastingAttack .
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Code & Models
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsFace recognition and analysis · Biometric Identification and Security · Forensic Anthropology and Bioarchaeology Studies