Abstract:
Adversarial training based on adversarial examples has become an important means to improve model robustness and security recently. COVID-19 makes wearing masks the norm and occluded face recognition a practical need. Aiming at the problem of lacking an adversarial example generation method for occluded face recognition, an adaptive adversarial example generation method AOA (adversarial examples against occluded faces recognition based on adaptive method) is proposed. Firstly, it adjusts the adversarial example generation strategy according to the target model and automatically adjusts the interference area according to the input face. Secondly, by concentrating the disturbance on the area that has more significant impact on recognition and combining with the ensemble model and Gaussian filtering, black-box attacks conducted on local feature enhance ArcSoft and Baidu face recognition. Finally, the combination of dynamic masks and dynamic perturbation multiplier avoids redundant calculation in the attack process and ensures the sustainability of the attack. The generated perturbation makes the face inpainting occlusion recognition model wrongly segment the occlusion area, thereby reducing the model recognition accuracy. We build a face inpainting occlusion recognition model, called Arc-UFI. The experiments show that AOA is effective for attacking both local feature enhancement and face inpainting occluded face recognitions. In addition, AOA can provide useful support for model security adversarial training.