Discrete Point-wise Attack Is Not Enough: Generalized Manifold Adversarial Attack for Face Recognition

TL;DR

This paper introduces GMAA, a generalized manifold adversarial attack for face recognition that expands attack targets from discrete points to continuous manifolds, improving attack robustness and visual quality.

Contribution

The paper proposes GMAA, a novel attack method that generalizes face recognition attacks by expanding to multiple targets and continuous manifolds, enhancing effectiveness and generalization.

Findings

GMAA achieves higher attack success rates across various face recognition models.

The method improves the visual quality of adversarial examples.

GMAA demonstrates better generalization to unknown face states.

Abstract

Classical adversarial attacks for Face Recognition (FR) models typically generate discrete examples for target identity with a single state image. However, such paradigm of point-wise attack exhibits poor generalization against numerous unknown states of identity and can be easily defended. In this paper, by rethinking the inherent relationship between the face of target identity and its variants, we introduce a new pipeline of Generalized Manifold Adversarial Attack (GMAA) to achieve a better attack performance by expanding the attack range. Specifically, this expansion lies on two aspects - GMAA not only expands the target to be attacked from one to many to encourage a good generalization ability for the generated adversarial examples, but it also expands the latter from discrete points to manifold by leveraging the domain knowledge that face expression change can be continuous, which enhances the attack effect as a data augmentation mechanism did. Moreover, we further design a dual supervision with local and global constraints as a minor contribution to improve the visual quality of the generated adversarial examples. We demonstrate the effectiveness of our method based on extensive experiments, and reveal that GMAA promises a semantic continuous adversarial space with a higher generalization ability and visual quality