Transferability Analysis of an Adversarial Attack on Gender Classification to Face Recognition

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

3 Citations (Scopus)
53 Downloads (Pure)

Abstract

Modern biometric systems establish their decision based on the outcome of machine learning (ML) classifiers trained to make accurate predictions. Such classifiers are vulnerable to diverse adversarial attacks, altering the classifiers’ predictions by adding a crafted perturbation. According to ML literature, those attacks are transferable among models that perform the same task. However, models performing different tasks, but sharing the same input space and the same model architecture, were never included in transferability scenarios. In this paper, we analyze this phenomenon for the special case of VGG16-based biometric classifiers. Concretely, we study the effect of the white-box FGSM attack, on a gender classifier and compare several defense methods as countermeasures. Then, in a black-box manner, we attack a pre-trained face recognition classifier using adversarial images generated by the FGSM. Our experiments show that this attack is transferable from a gender classifier to a face recognition classifier where both were independently trained.
Original languageEnglish
Title of host publication2021 International Conference of the Biometrics Special Interest Group (BIOSIG)
Place of PublicationPiscataway, NJ
PublisherIEEE
ISBN (Electronic)978-1-6654-2693-0
ISBN (Print)978-1-6654-2694-7
DOIs
Publication statusPublished - 27 Sept 2021
Event20th International Conference of the Biometrics Special Interest Group, BIOSIG 2021 - Darmstadt (Virtual), Germany
Duration: 15 Sept 202117 Sept 2021
Conference number: 20

Publication series

NameInternational Conference of the Biometrics Special Interest Group (BIOSIG)
PublisherIEEE
Volume2021
ISSN (Electronic)1617-5468

Conference

Conference20th International Conference of the Biometrics Special Interest Group, BIOSIG 2021
Abbreviated titleBIOSIG 2021
Country/TerritoryGermany
CityDarmstadt (Virtual)
Period15/09/2117/09/21

Keywords

  • 2023 OA procedure

Fingerprint

Dive into the research topics of 'Transferability Analysis of an Adversarial Attack on Gender Classification to Face Recognition'. Together they form a unique fingerprint.

Cite this