Skip to content

azrealwang/SGADV

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits

data

data

 
 

figures

figures

 
 

foolbox

foolbox

 
 

mat

mat

 
 

results

results

 
 

tools

tools

 
 

.gitignore

.gitignore

 
 

README.md

README.md

 
 

SGADV.py

SGADV.py

 
 

Repository files navigation

Similarity-based Gray-box Adversarial Attack Against Deep Face Recognition

Hanrui Wang, Shuo Wang, Zhe Jin, Yandan Wang, Cunjian Chen, Massimo Tistarelli

PDF

The majority of adversarial attack techniques perform well against deep face recognition when the full knowledge of the system is revealed (white-box). However, such techniques act unsuccessfully in the gray-box setting where the face templates are unknown to the attackers. In this work, we propose a similarity-based gray-box adversarial attack (SGADV) technique.

This is a single-task attack. We have a new Multi-task version, which targets more challenging scenarios.

scenario

Contents

Main Requirements

  • Python (3.9.13)
  • torch (1.13.1+cu116)
  • torchvision (0.14.1+cu116)
  • eagerpy (0.30.0)

The versions in () have been tested.

Data Preparation

Source image name must satisfy 00000_0.jpg. 00000 and _0 indicates the image id and user id/class/label, respectively. The image id must be unique and auto-increment from 00000. .jpg can be any image file format.

20 source samples have been prepared for the demo.

Pretrained Models

  • InsightFace: iresnet100 pretrained using the CASIA dataset; automatically downloaded

  • FaceNet: InceptionResnetV1 pretrained using the VggFace2 dataset; automatically downloaded

Usage

Run attack:

python SGADV.py

Objective function: foolbox/attacks/gradient_descent_base.py

New developed tools: foolbox/utils.py

Filter objects of CelebA: tools/fetch_celebAhq.py

Feature embeddings and save to .mat: tools/feature_embedding.py

Results

Attack Success Rate (ASR)

  • The results are obtained for 1,580 images.
Dataset EER (%) ASR - White box(%) ASR - Gray box(%)
FaceNet 1.2 100 98.74
InsightFace 6.23 100 93.23

Citation

If using this project in your research, please cite our paper.

@inproceedings{wang2021similarity,
  title={Similarity-based Gray-box Adversarial Attack Against Deep Face Recognition},
  author={Wang, Hanrui and Wang, Shuo and Jin, Zhe and Wang, Yandan and Chen, Cunjian and Tistarelli, Massimo},
  booktitle={2021 16th IEEE International Conference on Automatic Face and Gesture Recognition (FG 2021)},
  pages={1--8},
  year={2021},
}

Acknowledgement

  • The code in the folder foolbox is derived from the project foolbox.

  • Images in the folder data are only examples from LFW and CelebA dataset.

Contact

If you have any questions about our work, please do not hesitate to contact us by email.

Hanrui Wang: hanrui_wang@nii.ac.jp

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages