AdvHat: Real-world adversarial attack on ArcFace Face ID system
About
In this paper we propose a novel easily reproducible technique to attack the best public Face ID system ArcFace in different shooting conditions. To create an attack, we print the rectangular paper sticker on a common color printer and put it on the hat. The adversarial sticker is prepared with a novel algorithm for off-plane transformations of the image which imitates sticker location on the hat. Such an approach confuses the state-of-the-art public Face ID model LResNet100E-IR, ArcFace@ms1m-refine-v2 and is transferable to other Face ID models.
Stepan Komkov, Aleksandr Petiushko• 2019
Related benchmarks
| Task | Dataset | Result | Rank | |
|---|---|---|---|---|
| Face Verification | FFHQ | ASR (IR152)13.77 | 42 | |
| Black-box Attack | CelebA-HQ | IRSE50 Score16.88 | 32 | |
| Face Verification | CelebA-HQ | ASR (IR152)0.0504 | 19 |
Showing 3 of 3 rows