Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Face recognition confrontation attack method and device based on black box substitution model searching

A face recognition and replacement model technology, applied in the field of face recognition, can solve the problems that it is difficult to obtain the parameters and even the structure of the attacked model, and the confrontation samples are not universal and invalid, so as to achieve the effect of strengthening data security

Pending Publication Date: 2021-09-24
广州紫为云科技有限公司
View PDF5 Cites 2 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The disadvantage of white-box attacks is that the generated adversarial samples are not universal, and the adversarial samples generated under one face recognition model are likely to fail in another face recognition model
Moreover, in real scenarios, it is difficult for the attacker to obtain the parameters or even the structure of the attacked model, and can only obtain the input results of the attacked model

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Face recognition confrontation attack method and device based on black box substitution model searching
  • Face recognition confrontation attack method and device based on black box substitution model searching
  • Face recognition confrontation attack method and device based on black box substitution model searching

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0035] As shown in claim 1, this embodiment is divided into two processes: use MTCNN to perform face alignment on all faces in the LFW dataset and change the size to 128x128. Afterwards, the use of the adversarial algorithm requires that the adversarial samples have a large cosine distance from all face images under the identity.

[0036] First, in order to facilitate the operation of the subsequent confrontation algorithm, first use MTCNN to obtain the face frame coordinates and 5 face key points of all faces on the LFW face recognition dataset. For each picture that needs to be aligned, first set a source face as the position of the standard face key point, and then perform a similar transformation with each detected face key point, thus obtaining a transformation matrix M, Then use M as a parameter to perform affine transformation on the face to be aligned to obtain the aligned face picture.

[0037]Second, since face recognition is to compare the similarity of different f...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a face recognition confrontation attack method based on searching a black box substitution model, and aims to solve the problem that an existing face recognition confrontation attack scheme does not use a white box attack mode any more but turns to a black box attack mode with more practical application value, but the black box mode of the method is conversion from a black box to a white box. Essentially, a 'substitution model' is established for the black box. A picture is input into the face recognition model, and the attack can be successful only by accessing the face similarity score of the face recognition model. In addition, the method limits the area range of the adversarial sample for changing the pixels, so that the change of the generated adversarial sample is limited within a certain range, and the situation that too many pixels of the original image are changed, so that too much difference between the original image and the original image cannot be seen by naked eyes is avoided. After the face recognition confrontation sample is generated, the face recognition confrontation sample is used for retraining a face recognition model to resist other confrontation samples, so that the data security is enhanced.

Description

technical field [0001] The invention relates to the technical field of face recognition, in particular to a face recognition anti-attack method and device based on finding a black-box replacement model. Background technique [0002] The phenomenon of adversarial examples reveals the security holes of machine learning models, especially deep learning models. These security holes have a very important impact on data security. Especially now that access control machines, gates and other information security places have integrated face recognition systems. Once attacked by an adversarial example, the consequences will be disastrous. It is an effective preventive method to let the neural network learn against samples. Adversarial examples need to be obtained through adversarial methods. The most common adversarial methods are FGSM, PGD, C&W, etc. All of these methods require obtaining all the structures and parameters of the attacked model. This attack scenario is called a wh...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06K9/00G06K9/62G06N3/04G06N3/08
CPCG06N3/084G06N3/045G06F18/22G06F18/25G06F18/214
Inventor 顾友良李观喜杨子龙张磊苏鹏
Owner 广州紫为云科技有限公司
Features
  • Generate Ideas
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com