Artificial Immune System of Secure Face Recognition Against Adversarial Attacks

TL;DR

This work targets the vulnerability of deep-learning face recognition to adversarial attacks by introducing an artificial immune system (AIS)–inspired defense. The core idea is to treat adversarial noises as antigens and to generate customized antibodies, defined as eigenvector-based denoisers, guided by an antigen analyzer and a memory module; this is complemented by self-supervised adversarial training to progressively refine antibody selection. The method demonstrates superior robustness across general and task-specific attacks, with detailed analyses of antibody sparsity, mutation dynamics, and specificity, and it generalizes to other recognition models. The approach offers a principled, adaptive defense that can be extended to broader security tasks in face-related AI systems.

Abstract

Insect production for food and feed presents a promising supplement to ensure food safety and address the adverse impacts of agriculture on climate and environment in the future. However, optimisation is required for insect production to realise its full potential. This can be by targeted improvement of traits of interest through selective breeding, an approach which has so far been underexplored and underutilised in insect farming. Here we present a comprehensive review of the selective breeding framework in the context of insect production. We systematically evaluate adjustments of selective breeding techniques to the realm of insects and highlight the essential components integral to the breeding process. The discussion covers every step of a conventional breeding scheme, such as formulation of breeding objectives, phenotyping, estimation of genetic parameters and breeding values, selection of appropriate breeding strategies, and mitigation of issues associated with genetic diversity depletion and inbreeding. This review combines knowledge from diverse disciplines, bridging the gap between animal breeding, quantitative genetics, evolutionary biology, and entomology, offering an integrated view of the insect breeding research area and uniting knowledge which has previously remained scattered across diverse fields of expertise.

Figures (8)

• Figure 1: The architecture of the proposed adversarial defense method. The proposed adversarial defense model encompasses three key components: the antigen analyzer, the antibody generator, and the memory module.
• Figure 2: The process of using antibodies for noise removal (omitting $x_{mean}$ for brevity). The eigenvectors comprising antibodies have the ability to selectively filter facial features in an image, retaining the characteristics corresponding to these eigenvectors while removing the remaining information.
• Figure 3: The sticker attacking employs the adversarial sticker strategically overlaid on specific regions of facial images to induce mistakes in recognition models.
• Figure 4: The number of eigenvectors contained within antibodies during the training process. During the training process, the number of eigenvectors present in the antibodies initially rises and then declines. This progression enables the antibodies to first enhance their reconstruction capabilities, followed by a selective refinement of eigenvectors to bolster their denoising prowess. As a result, the antibodies achieve the remarkable ability to effectively eliminate adversarial noise while preserving vital facial features.
• Figure 5: Examples of the recovery performance of antibodies on input face images at different stages of training.