Backdoor Attacks on Deep Learning Face Detection
Quentin Le Roux, Yannick Teglia, Teddy Furon, Philippe Loubet-Moundi
TL;DR
This paper investigates the vulnerability of face detection systems to object generation attacks, introduces a novel Landmark Shift Attack, and proposes mitigation strategies to enhance robustness against such backdoor threats.
Contribution
It presents the first Landmark Shift Attack on face detectors and offers mitigation methods, advancing understanding of backdoor vulnerabilities in face detection models.
Findings
Face Generation Attacks effectively deceive face detectors.
Landmark Shift Attack successfully backdoors coordinate regression.
Proposed mitigations improve robustness against these attacks.
Abstract
Face Recognition Systems that operate in unconstrained environments capture images under varying conditions,such as inconsistent lighting, or diverse face poses. These challenges require including a Face Detection module that regresses bounding boxes and landmark coordinates for proper Face Alignment. This paper shows the effectiveness of Object Generation Attacks on Face Detection, dubbed Face Generation Attacks, and demonstrates for the first time a Landmark Shift Attack that backdoors the coordinate regression task performed by face detectors. We then offer mitigations against these vulnerabilities.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsFace recognition and analysis · Adversarial Robustness in Machine Learning · Biometric Identification and Security