Device-aware Optical Adversarial Attack for a Portable Projector-camera System

TL;DR

This paper introduces a device-aware physical adversarial attack method for face recognition systems using portable projectors, improving attack success and robustness in real-world scenarios.

Contribution

It proposes a novel device-aware digital attack algorithm that enhances physical attack effectiveness against face recognition systems, addressing prior limitations.

Findings

Achieves high physical similarity scores in face recognition models.

Only 14% average score reduction from digital to physical attacks.

High success rate in both white- and black-box attack scenarios.

Abstract

Deep-learning-based face recognition (FR) systems are susceptible to adversarial examples in both digital and physical domains. Physical attacks present a greater threat to deployed systems as adversaries can easily access the input channel, allowing them to provide malicious inputs to impersonate a victim. This paper addresses the limitations of existing projector-camera-based adversarial light attacks in practical FR setups. By incorporating device-aware adaptations into the digital attack algorithm, such as resolution-aware and color-aware adjustments, we mitigate the degradation from digital to physical domains. Experimental validation showcases the efficacy of our proposed algorithm against real and spoof adversaries, achieving high physical similarity scores in FR models and state-of-the-art commercial systems. On average, there is only a 14% reduction in scores from digital to physical attacks, with high attack success rate in both white- and black-box scenarios.