ScienceGate Book Chapters
JOURNAL ARTICLE

Physical Transferable Attack against Black-box Face Recognition Systems

Dang NguyenNguyen Anh TienHieu Minh TranNhan Trong LeTho Quan

Year: 2021 Vol: 80 Pages: 1-6
DOI: 10.1109/mapr53640.2021.9585256
   Get Full-Text PDF    Get Analytical Report

Abstract

Recent studies have shown that machine learning models in general and deep neural networks like CNN, in particular, are vulnerable to adversarial attacks. Specifically, in terms of face recognition, one can easily deceive deep learning networks by adding a visually imperceptible adversarial perturbation to the input images. However, most of these works assume the ideal scenario where the attackers have perfect information about the victim model and the attack is performed in the digital domain, which is not a realistic assumption. As a result, these methods often poorly (or even impossible to) transfer to the real world. To address this issue, we propose a novel physical transferable attack method on deep face recognition systems that can work in real-world settings without any knowledge about the victim model. Our experiments on various state-of-the-art models with various architectures and training losses show non-trivial attack success rates. With the observed results, we believe that our method can enable further studies on improving adversarial robustness as well as security of deep face recognition systems.

Keywords:
Computer science Adversarial system Robustness (evolution) Facial recognition system Deep learning Artificial intelligence Deep neural networks Machine learning Face (sociological concept) Attack model Artificial neural network Transfer of learning Computer security Pattern recognition (psychology)

Metrics

0
Cited By
0.00
FWCI (Field Weighted Citation Impact)
78
Refs
0.15
Citation Normalized Percentile
Is in top 1%
Is in top 10%

Topics

Adversarial Robustness in Machine Learning
Physical Sciences →  Computer Science →  Artificial Intelligence
Face recognition and analysis
Physical Sciences →  Computer Science →  Computer Vision and Pattern Recognition
Domain Adaptation and Few-Shot Learning
Physical Sciences →  Computer Science →  Artificial Intelligence

Related Documents

JOURNAL ARTICLE

Transferable Black-Box Attack Against Face Recognition With Spatial Mutable Adversarial Patch

Haotian MaKe XuXinghao JiangZeyu ZhaoTanfeng Sun

Journal:   IEEE Transactions on Information Forensics and Security Year: 2023 Vol: 18 Pages: 5636-5650
JOURNAL ARTICLE

Towards Transferable Adversarial Attack Against Deep Face Recognition

Yaoyao ZhongWeihong Deng

Journal:   IEEE Transactions on Information Forensics and Security Year: 2020 Vol: 16 Pages: 1452-1466
JOURNAL ARTICLE

Sibling-Attack: Rethinking Transferable Adversarial Attacks against Face Recognition

Zexin LiBangjie YinTaiping YaoJunfeng GuoShouhong DingSimin ChenCong Liu

Year: 2023 Pages: 24626-24637
JOURNAL ARTICLE

Speech-GAN: Black-Box Attack against Automatic Speech Recognition Systems

Faraz M M MogalAli Osman TopalEnea MançellariVolker MüllerElmir AvdusinovicFranck Leprévost

Year: 2025 Pages: 225-232
JOURNAL ARTICLE

Multi-task Learning-based Black-box Adversarial Attack on Face Recognition Systems

Jiefang KongHuabin WangJiacheng ZhouLiang TaoJingjing Zhang

Year: 2024 Vol: 1050 Pages: 554-558
© 2026 ScienceGate Book Chapters — All rights reserved.