Adv-Diffusion: Imperceptible Adversarial Face Identity Attack via Latent Diffusion Model

TL;DR

Adv-Diffusion introduces a novel latent diffusion-based framework for generating imperceptible adversarial face images that are highly transferable and stealthy, outperforming existing methods without additional training.

Contribution

The paper presents a unified latent diffusion approach for imperceptible adversarial face attacks, leveraging inpainting and semantic perturbations for improved transferability and stealthiness.

Findings

Achieves superior attack success rate compared to state-of-the-art methods.

Generates realistic adversarial images with high transferability.

Operates efficiently without extra generative model training.

Abstract

Adversarial attacks involve adding perturbations to the source image to cause misclassification by the target model, which demonstrates the potential of attacking face recognition models. Existing adversarial face image generation methods still can't achieve satisfactory performance because of low transferability and high detectability. In this paper, we propose a unified framework Adv-Diffusion that can generate imperceptible adversarial identity perturbations in the latent space but not the raw pixel space, which utilizes strong inpainting capabilities of the latent diffusion model to generate realistic adversarial images. Specifically, we propose the identity-sensitive conditioned diffusion generative model to generate semantic perturbations in the surroundings. The designed adaptive strength-based adversarial perturbation algorithm can ensure both attack transferability and stealthiness. Extensive qualitative and quantitative experiments on the public FFHQ and CelebA-HQ datasets prove the proposed method achieves superior performance compared with the state-of-the-art methods without an extra generative model training process. The source code is available at https://github.com/kopper-xdu/Adv-Diffusion.