Adversarial Camouflage

TL;DR

This paper introduces Adversarial Camouflage, a simple, efficient method to protect user privacy by creating patterns on faces that fool multiple face recognition systems in both simulated and real-world settings.

Contribution

It presents a novel physical-world adversarial pattern generation method that maximizes recognition errors across various face recognition architectures.

Findings

Degrades performance of state-of-the-art face recognition models

Achieves high transferability across different models

Shows promising real-world effectiveness

Abstract

While the rapid development of facial recognition algorithms has enabled numerous beneficial applications, their widespread deployment has raised significant concerns about the risks of mass surveillance and threats to individual privacy. In this paper, we introduce \textit{Adversarial Camouflage} as a novel solution for protecting users' privacy. This approach is designed to be efficient and simple to reproduce for users in the physical world. The algorithm starts by defining a low-dimensional pattern space parameterized by color, shape, and angle. Optimized patterns, once found, are projected onto semantically valid facial regions for evaluation. Our method maximizes recognition error across multiple architectures, ensuring high cross-model transferability even against black-box systems. It significantly degrades the performance of all tested state-of-the-art face recognition models during simulations and demonstrates promising results in real-world human experiments, while revealing differences in model robustness and evidence of attack transferability across architectures.