PuFace: Defending against Facial Cloaking Attacks for Facial Recognition Models
Jing Wen
TL;DR
PuFace is a novel image purification system that effectively defends against facial cloaking attacks by transforming cloaked images towards natural image manifolds, significantly reducing attack success rates without harming recognition accuracy.
Contribution
This paper introduces PuFace, a model-agnostic purification method that enhances facial recognition security against cloaking attacks by leveraging neural network generalization.
Findings
PuFace reduces attack success rate from 69.84% to 7.61%.
PuFace maintains recognition accuracy on natural images.
PuFace is effective against multiple state-of-the-art cloaking attacks.
Abstract
The recently proposed facial cloaking attacks add invisible perturbation (cloaks) to facial images to protect users from being recognized by unauthorized facial recognition models. However, we show that the "cloaks" are not robust enough and can be removed from images. This paper introduces PuFace, an image purification system leveraging the generalization ability of neural networks to diminish the impact of cloaks by pushing the cloaked images towards the manifold of natural (uncloaked) images before the training process of facial recognition models. Specifically, we devise a purifier that takes all the training images including both cloaked and natural images as input and generates the purified facial images close to the manifold where natural images lie. To meet the defense goal, we propose to train the purifier on particularly amplified cloaked images with a loss function that…
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsFace recognition and analysis