Applied Sciences (Jun 2024)

KRT-FUAP: Key Regions Tuned via Flow Field for Facial Universal Adversarial Perturbation

  • Xi Jin,
  • Yong Liu,
  • Guangling Sun,
  • Yanli Chen,
  • Zhicheng Dong,
  • Hanzhou Wu

DOI
https://doi.org/10.3390/app14124973
Journal volume & issue
Vol. 14, no. 12
p. 4973

Abstract

Read online

It has been established that convolutional neural networks are susceptible to elaborate tiny universal adversarial perturbations (UAPs) in natural image classification tasks. However, UAP attacks against face recognition systems have not been fully explored. This paper proposes a spatial perturbation method that generates UAPs with local stealthiness by learning variable flow field to fine-tune facial key regions (KRT-FUAP). We ensure that the generated adversarial perturbations are positioned within reasonable regions of the face by designing a mask specifically tailored to facial key regions. In addition, we pay special attention to improving the effectiveness of the attack while maintaining the stealthiness of the perturbation and achieve the dual optimization of aggressiveness and stealthiness by accurately controlling the balance between adversarial loss and stealthiness loss. Experiments conducted on the frameworks of IResNet50 and MobileFaceNet demonstrate that our proposed method achieves an attack performance comparable to existing natural image universal attack methods, but with significantly improved stealthiness.

Keywords