Adversarial Examples: Generation Proposal in the Context of Facial Recognition Systems

TL;DR

This paper investigates the vulnerability that facial recognition systems present to adversarial examples by introducing a new methodology from the attacker perspective, based on the use of the autoencoder latent space, organized with principal component analysis.

Abstract

In this paper we investigate the vulnerability that facial recognition systems present to adversarial examples by introducing a new methodology from the attacker perspective. The technique is based on the use of the autoencoder latent space, organized with principal component analysis. We intend to analyze the potential to craft adversarial examples suitable for both dodging and impersonation attacks, against state-of-the-art systems. Our initial hypothesis, which was not strongly favoured by the results, stated that it would be possible to separate between the "identity" and "facial expression" features to produce high-quality examples. Despite the findings not supporting it, the results sparked insights into adversarial examples generation and opened new research avenues in the area.

Figures (7)

• Figure 1: Sample images from dataset.
• Figure 2: Diagram flow for experimentation mechanism.
• Figure 3: Four representative principal components out of sixty-four
• Figure 4: Transition from average "Ignacio" first principal component value towards "Marina" first component value.
• Figure 5: Modification where original principal components' representation gets modified with reference values for all expected the first component.