Facial recognition targeted attack algorithm based on multiscale frequency decomposition and meta-learning
As the prevalence of facial recognition technology continued to grow, concerns about personal privacy breaches were also gradually intensifying. Despite recent studies attempting to safeguard photo privacy by generating adversarial examples to prevent unauthorized facial recognition systems from ide...
Saved in:
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
POSTS&TELECOM PRESS Co., LTD
2025-02-01
|
| Series: | 网络与信息安全学报 |
| Subjects: | |
| Online Access: | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2025001 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| _version_ | 1850057626315915264 |
|---|---|
| author | CAI Jun HUANG Tianqiang ZHENG Aokun YE Feng XU Chao |
| author_facet | CAI Jun HUANG Tianqiang ZHENG Aokun YE Feng XU Chao |
| author_sort | CAI Jun |
| collection | DOAJ |
| description | As the prevalence of facial recognition technology continued to grow, concerns about personal privacy breaches were also gradually intensifying. Despite recent studies attempting to safeguard photo privacy by generating adversarial examples to prevent unauthorized facial recognition systems from identifying individuals, these methods were often constrained by low attack success rates and weak transferability. To address this issue, a facial recognition targeted attack algorithm based on multiscale frequency decomposition and meta-learning was proposed. This algorithm initially devised a multiscale frequency decomposition module that meticulously partitioned the target facial image into frequency bands comprising distinct components. This module integrated frequency information with spatial information, thereby enabling the extraction of comprehensive information from the target facial image. Subsequently, a cycle-consistent generative adversarial networks (CycleGAN)-based adversarial attack algorithm with makeup transfer as its core was constructed. This algorithm employed a source facial image to generate high-quality makeup. During this process, a meta-learning attack module was introduced to calculate the loss function and update parameters. The meta-learning attack module enabled precise makeup processing, by which the target face's features were embedded into the makeup to create adversarial makeup images. This enabled the targeted attacks that were the focus of this study. The meta-learning attack module addressed the overfitting and generalization issues present in previous white-box model ensemble attacks, thereby enhancing the efficacy and generalization ability of the generated adversarial examples. The results of experimental analysis of different attack strategies demonstrate that the combination of multiscale frequency decomposition and meta-learning significantly enhances the success rate and robustness of attacks on facial recognition systems. |
| format | Article |
| id | doaj-art-4b78c181c52c4bcea21062028271aaca |
| institution | DOAJ |
| issn | 2096-109X |
| language | English |
| publishDate | 2025-02-01 |
| publisher | POSTS&TELECOM PRESS Co., LTD |
| record_format | Article |
| series | 网络与信息安全学报 |
| spelling | doaj-art-4b78c181c52c4bcea21062028271aaca2025-08-20T02:51:23ZengPOSTS&TELECOM PRESS Co., LTD网络与信息安全学报2096-109X2025-02-011112914086732098Facial recognition targeted attack algorithm based on multiscale frequency decomposition and meta-learningCAI JunHUANG TianqiangZHENG AokunYE FengXU ChaoAs the prevalence of facial recognition technology continued to grow, concerns about personal privacy breaches were also gradually intensifying. Despite recent studies attempting to safeguard photo privacy by generating adversarial examples to prevent unauthorized facial recognition systems from identifying individuals, these methods were often constrained by low attack success rates and weak transferability. To address this issue, a facial recognition targeted attack algorithm based on multiscale frequency decomposition and meta-learning was proposed. This algorithm initially devised a multiscale frequency decomposition module that meticulously partitioned the target facial image into frequency bands comprising distinct components. This module integrated frequency information with spatial information, thereby enabling the extraction of comprehensive information from the target facial image. Subsequently, a cycle-consistent generative adversarial networks (CycleGAN)-based adversarial attack algorithm with makeup transfer as its core was constructed. This algorithm employed a source facial image to generate high-quality makeup. During this process, a meta-learning attack module was introduced to calculate the loss function and update parameters. The meta-learning attack module enabled precise makeup processing, by which the target face's features were embedded into the makeup to create adversarial makeup images. This enabled the targeted attacks that were the focus of this study. The meta-learning attack module addressed the overfitting and generalization issues present in previous white-box model ensemble attacks, thereby enhancing the efficacy and generalization ability of the generated adversarial examples. The results of experimental analysis of different attack strategies demonstrate that the combination of multiscale frequency decomposition and meta-learning significantly enhances the success rate and robustness of attacks on facial recognition systems.http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2025001facial recognition targeted attack algorithmmultiscale frequency decompositionCycleGANmeta-learning |
| spellingShingle | CAI Jun HUANG Tianqiang ZHENG Aokun YE Feng XU Chao Facial recognition targeted attack algorithm based on multiscale frequency decomposition and meta-learning 网络与信息安全学报 facial recognition targeted attack algorithm multiscale frequency decomposition CycleGAN meta-learning |
| title | Facial recognition targeted attack algorithm based on multiscale frequency decomposition and meta-learning |
| title_full | Facial recognition targeted attack algorithm based on multiscale frequency decomposition and meta-learning |
| title_fullStr | Facial recognition targeted attack algorithm based on multiscale frequency decomposition and meta-learning |
| title_full_unstemmed | Facial recognition targeted attack algorithm based on multiscale frequency decomposition and meta-learning |
| title_short | Facial recognition targeted attack algorithm based on multiscale frequency decomposition and meta-learning |
| title_sort | facial recognition targeted attack algorithm based on multiscale frequency decomposition and meta learning |
| topic | facial recognition targeted attack algorithm multiscale frequency decomposition CycleGAN meta-learning |
| url | http://www.cjnis.com.cn/thesisDetails#10.11959/j.issn.2096-109x.2025001 |
| work_keys_str_mv | AT caijun facialrecognitiontargetedattackalgorithmbasedonmultiscalefrequencydecompositionandmetalearning AT huangtianqiang facialrecognitiontargetedattackalgorithmbasedonmultiscalefrequencydecompositionandmetalearning AT zhengaokun facialrecognitiontargetedattackalgorithmbasedonmultiscalefrequencydecompositionandmetalearning AT yefeng facialrecognitiontargetedattackalgorithmbasedonmultiscalefrequencydecompositionandmetalearning AT xuchao facialrecognitiontargetedattackalgorithmbasedonmultiscalefrequencydecompositionandmetalearning |