Facial recognition targeted attack algorithm based on multiscale frequency decomposition and meta-learning
As the prevalence of facial recognition technology continued to grow, concerns about personal privacy breaches were also gradually intensifying. Despite recent studies attempting to safeguard photo privacy by generating adversarial examples to prevent unauthorized facial recognition systems from ide...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2025-02-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2025001 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Summary: | As the prevalence of facial recognition technology continued to grow, concerns about personal privacy breaches were also gradually intensifying. Despite recent studies attempting to safeguard photo privacy by generating adversarial examples to prevent unauthorized facial recognition systems from identifying individuals, these methods were often constrained by low attack success rates and weak transferability. To address this issue, a facial recognition targeted attack algorithm based on multiscale frequency decomposition and meta-learning was proposed. This algorithm initially devised a multiscale frequency decomposition module that meticulously partitioned the target facial image into frequency bands comprising distinct components. This module integrated frequency information with spatial information, thereby enabling the extraction of comprehensive information from the target facial image. Subsequently, a cycle-consistent generative adversarial networks (CycleGAN)-based adversarial attack algorithm with makeup transfer as its core was constructed. This algorithm employed a source facial image to generate high-quality makeup. During this process, a meta-learning attack module was introduced to calculate the loss function and update parameters. The meta-learning attack module enabled precise makeup processing, by which the target face's features were embedded into the makeup to create adversarial makeup images. This enabled the targeted attacks that were the focus of this study. The meta-learning attack module addressed the overfitting and generalization issues present in previous white-box model ensemble attacks, thereby enhancing the efficacy and generalization ability of the generated adversarial examples. The results of experimental analysis of different attack strategies demonstrate that the combination of multiscale frequency decomposition and meta-learning significantly enhances the success rate and robustness of attacks on facial recognition systems. |
|---|---|
| ISSN: | 2096-109X |