A Random-patch based Defense Strategy Against Physical Attacks for Face Recognition Systems

TL;DR

This paper introduces a simple yet effective random-patch based defense strategy to detect physical attacks on face recognition systems, outperforming existing methods especially against adaptive and white-box attacks.

Contribution

The paper proposes a novel patch-based defense approach that enhances detection robustness without complex neural network modifications.

Findings

Superior detection of white-box attacks

Effective against adaptive physical attacks

Easy to implement in real-world systems

Abstract

The physical attack has been regarded as a kind of threat against real-world computer vision systems. Still, many existing defense methods are only useful for small perturbations attacks and can't detect physical attacks effectively. In this paper, we propose a random-patch based defense strategy to robustly detect physical attacks for Face Recognition System (FRS). Different from mainstream defense methods which focus on building complex deep neural networks (DNN) to achieve high recognition rate on attacks, we introduce a patch based defense strategy to a standard DNN aiming to obtain robust detection models. Extensive experimental results on the employed datasets show the superiority of the proposed defense method on detecting white-box attacks and adaptive attacks which attack both FRS and the defense method. Additionally, due to the simpleness yet robustness of our method, it can be easily applied to the real world face recognition system and extended to other defense methods to boost the detection performance.