Robust Deep Facial Attribute Prediction against Adversarial Attacks

Face recognition has always been a hot topic in research, and has also widely been applied in industry areas and daily life. Nowadays, face recognition models with excellent performance are mostly based on deep neural networks (DNN). However, recently researchers find that images added invisible perturbations could successfully fool neural networks, which is known as the so-called adversarial attack. The perturbed images, also known as adversarial examples, are almost the same as the original images, but neural network could give different and wrong predictions with high confidence on these adversarial examples. Such a phenomenon indicates the vulnerable robustness of neural network and thus casts a shadow on the security of DNN-based face recognition models. Therefore, in this paper, we focus on the facial attribute prediction task in face recognition, investigate the influence of adversarial attack on facial attribute prediction and give a solution on improving the robustness of facial attribute prediction models. Extensive experiment results illustrate that the solution could indeed produce much more robust results in facial attribute prediction against adversarial attacks.

[1]  Ming Yang,et al.  DeepFace: Closing the Gap to Human-Level Performance in Face Verification , 2014, 2014 IEEE Conference on Computer Vision and Pattern Recognition.

[2]  Alan L. Yuille,et al.  Feature Denoising for Improving Adversarial Robustness , 2018, 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).

[3]  Xiaogang Wang,et al.  Deep Learning Face Attributes in the Wild , 2014, 2015 IEEE International Conference on Computer Vision (ICCV).

[4]  Li Meng,et al.  Face Recognition: From Traditional to Deep Learning Methods , 2018, ArXiv.

[5]  Erik Hjelmås,et al.  Face Detection: A Survey , 2001, Comput. Vis. Image Underst..

[6]  A. A. El-Harby,et al.  Face Recognition: A Literature Review , 2008 .

[7]  Tao Li,et al.  Learn Robust Features via Orthogonal Multi-Path , 2020, ArXiv.

[8]  Xiaoou Tang,et al.  Facial Landmark Detection by Deep Multi-task Learning , 2014, ECCV.

[9]  Boqing Gong,et al.  Improving Facial Attribute Prediction Using Semantic Segmentation , 2017, 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[10]  Wilhelm Burger,et al.  Digital Image Processing - An Algorithmic Introduction using Java , 2008, Texts in Computer Science.

[11]  Heng Tao Shen,et al.  Principal Component Analysis , 2009, Encyclopedia of Biometrics.

[12]  Deliang Fan,et al.  Parametric Noise Injection: Trainable Randomness to Improve Deep Neural Network Robustness Against Adversarial Attack , 2018, 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR).

[13]  Jonathon Shlens,et al.  Explaining and Harnessing Adversarial Examples , 2014, ICLR.

[14]  Xiangyu Zhu,et al.  Face Alignment in Full Pose Range: A 3D Total Solution , 2015, IEEE Transactions on Pattern Analysis and Machine Intelligence.