Advertisement

Ensemble of Predictions from Augmented Input as Adversarial Defense for Face Verification System

  • Laksono Kurnianggoro
  • Kang-Hyun JoEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11432)

Abstract

Face identification is employed in security system. Recently, it is gaining reliable result thanks to the deep learning method. However, the deep learning-based methods are prone against adversarial attack that leads to wrong prediction in presence of simple alteration on the pixel values. Thus the reliability of such system is compromised. This paper proposed a simple defense strategy to improve the reliability of a system in the presence of adversarial attack. By combining the prediction from few samples of altered input image, the effect of adversarial attack can be reduced effectively. The proposed method has been tested using public face dataset in the presence of strong attacks. Experiment results shows that the proposed method is reliable to suppress the adversarial attacks.

Keywords

Face identification Adversarial defense Deep learning Machine learning Neural network 

References

  1. 1.
    Athalye, A., Sutskever, I.: Synthesizing robust adversarial examples. In: Proceeding of International Conference on Machine Learning (2018)Google Scholar
  2. 2.
    Buckman, J., Roy, A., Raffel, C., Goodfellow, I.: Thermometer encoding: one hot way to resist adversarial examples (2018)Google Scholar
  3. 3.
    Cao, Q., Shen, L., Xie, W., Parkhi, O.M., Zisserman, A.: VGGFace2: a dataset for recognising faces across pose and age. In: 13th IEEE International Conference on Automatic Face & Gesture Recognition (FG 2018), pp. 67–74. IEEE (2018)Google Scholar
  4. 4.
    Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks. In: IEEE Symposium on Security and Privacy (SP), pp. 39–57. IEEE (2017)Google Scholar
  5. 5.
    Danelljan, M., Shahbaz Khan, F., Felsberg, M., Van de Weijer, J.: Adaptive color attributes for real-time visual tracking. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1090–1097 (2014)Google Scholar
  6. 6.
    Dong, Y., et al.: Boosting adversarial attacks with momentum. In: The IEEE Conference on Computer Vision and Pattern Recognition (CVPR) (2018)Google Scholar
  7. 7.
    Eykholt, K., et al.: Robust physical-world attacks on deep learning visual classification. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1625–1634 (2018)Google Scholar
  8. 8.
    Filonenko, A., Hernández, D.C., Jo, K.H.: Fast smoke detection for video surveillance using CUDA. IEEE Trans. Ind. Inform. 14(2), 725–733 (2018)CrossRefGoogle Scholar
  9. 9.
    Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. In: International Conference on Learning and Representation (2015)Google Scholar
  10. 10.
    Kingma, D.P., Ba, J.: Adam: a method for stochastic optimization. In: International Conference on Learning and Representation (2015)Google Scholar
  11. 11.
    Kurakin, A., Goodfellow, I., Bengio, S.: Adversarial examples in the physical world. arXiv preprint arXiv:1607.02533 (2016)
  12. 12.
    Liao, F., Liang, M., Dong, Y., Pang, T., Zhu, J., Hu, X.: Defense against adversarial attacks using high-level representation guided denoiser. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1778–1787 (2018)Google Scholar
  13. 13.
    Madry, A., Makelov, A., Schmidt, L., Tsipras, D., Vladu, A.: Towards deep learning models resistant to adversarial attacks. In: International Conference on Learning and Representation (2018)Google Scholar
  14. 14.
    Papernot, N., McDaniel, P., Wu, X., Jha, S., Swami, A.: Distillation as a defense to adversarial perturbations against deep neural networks. In: IEEE Symposium on Security and Privacy (SP), pp. 582–597. IEEE (2016)Google Scholar
  15. 15.
    Parkhi, O.M., Vedaldi, A., Zisserman, A., et al.: Deep face recognition. In: BMVC, vol. 1, p. 6 (2015)Google Scholar
  16. 16.
    Schroff, F., Kalenichenko, D., Philbin, J.: FaceNet: a unified embedding for face recognition and clustering. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 815–823 (2015)Google Scholar
  17. 17.
    Sharif, M., Bhagavatula, S., Bauer, L., Reiter, M.K.: Accessorize to a crime: real and stealthy attacks on state-of-the-art face recognition. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1528–1540. ACM (2016)Google Scholar
  18. 18.
    Szegedy, C., Vanhoucke, V., Ioffe, S., Shlens, J., Wojna, Z.: Rethinking the inception architecture for computer vision. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 2818–2826 (2016)Google Scholar
  19. 19.
    Szegedy, C., et al.: Intriguing properties of neural networks (2014)Google Scholar
  20. 20.
    Tramèr, F., Kurakin, A., Papernot, N., Goodfellow, I., Boneh, D., McDaniel, P.: Ensemble adversarial training: attacks and defenses. In: International Conference on Learning and Representation (2018)Google Scholar
  21. 21.
    Wahyono, W., Filonenko, A., Jo, K.H.: Unattended object identification for intelligent surveillance systems using sequence of dual background difference. IEEE Trans. Ind. Inform. 12(6), 2247–2255 (2016)CrossRefGoogle Scholar
  22. 22.
    Wahyono, W., Jo, K.H.: Cumulative dual foreground differences for illegally parked vehicles detection. IEEE Trans. Ind. Inform. 13(5), 2464–2473 (2017)CrossRefGoogle Scholar
  23. 23.
    Wei, S.E., Ramakrishna, V., Kanade, T., Sheikh, Y.: Convolutional pose machines. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 4724–4732 (2016)Google Scholar
  24. 24.
    Zhang, K., Zhang, Z., Li, Z., Qiao, Y.: Joint face detection and alignment using multitask cascaded convolutional networks. IEEE Signal Process. Lett. 23(10), 1499–1503 (2016)CrossRefGoogle Scholar
  25. 25.
    Zhong, Z., Zheng, L., Kang, G., Li, S., Yang, Y.: Random erasing data augmentation. arXiv preprint arXiv:1708.04896 (2017)
  26. 26.
    Zhu, C., Tao, R., Luu, K., Savvides, M.: Seeing small faces from robust anchors perspective. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (2018)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.Graduate School of Electrical EngineeringUniversity of UlsanUlsanSouth Korea

Personalised recommendations