Adversarial Examples: Generation Proposal in the Context of Facial Recognition Systems

TL;DR

This paper explores a new method for generating adversarial examples targeting facial recognition systems, using autoencoder latent space and PCA, to assess vulnerabilities for dodging and impersonation attacks.

Contribution

Introduces a novel adversarial example generation technique based on autoencoder latent space organized with PCA for facial recognition systems.

Findings

Method showed potential but did not strongly separate identity and facial expression features.

Results provided insights into adversarial example generation.

Opened new research avenues in facial recognition security.

Abstract

In this paper we investigate the vulnerability that facial recognition systems present to adversarial examples by introducing a new methodology from the attacker perspective. The technique is based on the use of the autoencoder latent space, organized with principal component analysis. We intend to analyze the potential to craft adversarial examples suitable for both dodging and impersonation attacks, against state-of-the-art systems. Our initial hypothesis, which was not strongly favoured by the results, stated that it would be possible to separate between the "identity" and "facial expression" features to produce high-quality examples. Despite the findings not supporting it, the results sparked insights into adversarial examples generation and opened new research avenues in the area.