Transferable Adversarial Face Attack with Text Controlled Attribute

TL;DR

This paper introduces TCA$^2$, a novel method for generating realistic, text-guided adversarial face images that are highly transferable across different face recognition systems, enhancing impersonation attack capabilities.

Contribution

The paper presents a new text-controlled adversarial attack method using Style-GAN and augmentation strategies to improve transferability and control over face attributes.

Findings

High transferability of adversarial faces across models

Effective control of face attributes via natural language

Successful attacks on real-world face recognition systems

Abstract

Traditional adversarial attacks typically produce adversarial examples under norm-constrained conditions, whereas unrestricted adversarial examples are free-form with semantically meaningful perturbations. Current unrestricted adversarial impersonation attacks exhibit limited control over adversarial face attributes and often suffer from low transferability. In this paper, we propose a novel Text Controlled Attribute Attack (TCA$^2$) to generate photorealistic adversarial impersonation faces guided by natural language. Specifically, the category-level personal softmax vector is employed to precisely guide the impersonation attacks. Additionally, we propose both data and model augmentation strategies to achieve transferable attacks on unknown target models. Finally, a generative model, \textit{i.e}, Style-GAN, is utilized to synthesize impersonated faces with desired attributes. Extensive experiments on two high-resolution face recognition datasets validate that our TCA$^2$ method can generate natural text-guided adversarial impersonation faces with high transferability. We also evaluate our method on real-world face recognition systems, \textit{i.e}, Face++ and Aliyun, further demonstrating the practical potential of our approach.