[1]林庚右,周星宇,潘志松.基于掩膜的人脸压缩重建对抗攻击增强方法[J].计算机技术与发展,2023,33(08):88-94.[doi:10. 3969 / j. issn. 1673-629X. 2023. 08. 013]
 LIN Geng-you,ZHOU Xing-yu,PAN Zhi-song.Mask-based Face Compression-reconstruction Adversarial Attack Enhancement Method[J].,2023,33(08):88-94.[doi:10. 3969 / j. issn. 1673-629X. 2023. 08. 013]
点击复制

基于掩膜的人脸压缩重建对抗攻击增强方法()

《计算机技术与发展》[ISSN:1006-6977/CN:61-1281/TN]

卷:
33
期数:
2023年08期
页码:
88-94
栏目:
网络空间安全
出版日期:
2023-08-10

文章信息/Info

Title:
Mask-based Face Compression-reconstruction Adversarial Attack Enhancement Method
文章编号:
1673-629X(2023)08-0088-07
作者:
林庚右1 周星宇2 潘志松1
1. 陆军工程大学 指挥控制工程学院,江苏 南京 210007;
2. 陆军工程大学 通信工程学院,江苏 南京 210007
Author(s):
LIN Geng-you1 ZHOU Xing-yu2 PAN Zhi-song1
1. School of Command & Control Engineering,Army Engineering University of PLA,Nanjing 210007,China;
2. School of Communication Engineering,Army Engineering University of PLA,Nanjing 210007,China
关键词:
对抗样本人脸识别深度神经网络对抗攻击压缩重建
Keywords:
adversarial exampleface recognitiondeep neural networkadversarial attackcompression & reconstruction
分类号:
TP391
DOI:
10. 3969 / j. issn. 1673-629X. 2023. 08. 013
摘要:
现有研究表明通过对输入的人脸图片施加扰动能够导致人脸识别系统发生误判,即对抗样本。 当前,许多对抗样本攻击方法通过在扰动生成过程中对扰动进行旋转、调整尺度、添加随机噪声等变换,以实现增强攻击性的目的。 该文首次发现对抗样本在由 ndarray 格式压缩为 PNG( Portable Network Graphics) 格式,再重建成 ndarray 格式时对抗性会得到增强。 基于此,提出了基于掩膜的人脸压缩重建对抗攻击增强方法———在对抗样本的迭代生成中,在预定迭代次数下设置断点,并在断点处反复地对对抗图片的掩膜区域进行压缩重建( Compression & Reconstruction,C&R)。 在 IFW 人脸检测数据集上分别进行了单模型攻击和集成模型攻击的实验,结果证明,该方法生成的对抗样本在白盒场景下攻击成功率最高提高了 2. 3% ,在黑盒场景中攻击成功率也有小幅提升。 最后,分别通过两组超参数实验探讨了参数的不同选取对该方法攻击效果的影响,并给出了最优参数以供后续研究参考。
Abstract:
Existing studies have shown that applying perturbations on the input face images can cause face recognition systems tomisjudge,that is,adversarial examples. Currently,many adversarial example attack methods achieve enhanced aggressiveness by rotating,rescaling,adding random noise and other transformations to the perturbation during perturbation generation. We find for the first time thatthe adversarial examples are enhanced when they are compressed from ndarray format to PNG ( Portable Network Graphics) format andthen reconstructed to ndarray format. Based on this, we propose a?
mask - based face compression - reconstruction adversarial attackenhancement method. In the iterative generation of the adversarial example,a break
point is set at a predetermined number of iterations,and the mask region of the adversarial image is repeatedly compressed and reconstructed at the breakpoint ( Compression &Reconstruction,C&R) . We conduct experiments on IFW face detection dataset for single-model attack and integrated-model attack respectively,and the results demonstrate that the adversarial samples generated by the method have a maximum improvement of 2. 3% inthe attack success rate in white-box scenarios and a small improvement in the attack success rate in black -box scenarios. Finally,weexplore the effects of different parameter selections on the attack effectiveness of the method through two sets of hyperparameterexperiments respectively,and give the optimal parameters for reference in subsequent studies.

相似文献/References:

[1]徐钊,吴光敏,覃世欢.基于AccelDSP的LBP算法在人脸识别中的应用[J].计算机技术与发展,2014,24(01):51.
 XU Zhao,WU Guang-min,QIN Shi-huan.Application of LBP Algorithm Based on AccelDSP in Face Recognition[J].,2014,24(08):51.
[2]时书剑 马燕.基于Gabor滤波和KPCA的人脸识别方法[J].计算机技术与发展,2010,(04):51.
 SHI Shu-jian,MA Yan.Face Recognition Based on Gabor Filters and Kernel Principal Component Analysis[J].,2010,(08):51.
[3]袁健 姚明海.基于简化局部二元法的人脸特征提取[J].计算机技术与发展,2009,(06):84.
 YUAN Jian,YAO Ming-hai.Facial Feature Extraction Based on Simplified Local Binary Patterns[J].,2009,(08):84.
[4]李伟.人脸识别算法在智能手机上的实现[J].计算机技术与发展,2008,(01):161.
 LI Wei.Implementation of Face Identification in Intelligent Mobile Telephone[J].,2008,(08):161.
[5]黄国宏 刘刚.一种新的基于Fisher准则的线性特征提取方法[J].计算机技术与发展,2008,(05):227.
 HUANG Guo-hong,LIU Gang.A New Linear Feature Extraction Method Based on Fisher Criterion[J].,2008,(08):227.
[6]孙晓玲 侯德文 储凡静.人脸识别中的眼睛定位方法[J].计算机技术与发展,2008,(10):46.
 SUN Xiao-ling,HOU De-wen,CHU Fan-jing.Eye Location in Face Recogniton[J].,2008,(08):46.
[7]王静 谭同德.基于梯度和模板二次匹配的人眼定位[J].计算机技术与发展,2007,(10):144.
 WANG Jing,TAN Tong-de.A Method to Eyes Location Based on Step- Direction and Templet - Matching[J].,2007,(08):144.
[8]高宏娟 潘晨.基于非负矩阵分解的人脸识别算法的改进[J].计算机技术与发展,2007,(11):63.
 GAO Hong-juan,PAN Chen.Improved Face Recognition Algorithm Based on Non- Negative Matrix Factorization[J].,2007,(08):63.
[9]徐勇 张海 周森鑫 王辉.基于统计学习理论的人脸识别方法研究[J].计算机技术与发展,2007,(11):118.
 XU Yong,ZHANG Hai,ZHOU Sen-xin,et al.Research on Face Recognition Based on Statistical Learning Theory[J].,2007,(08):118.
[10]马驰 阮秋琦.基于离散微粒群优化算法的SVM参数选择[J].计算机技术与发展,2007,(12):20.
 MA Chi,RUAN Qiu-qi.Parameter Selection for SVM Based on Discrete PSO[J].,2007,(08):20.

更新日期/Last Update: 2023-08-10