research-article

Unpaired Image-to-Image Translation Network for Semantic-based Face Adversarial Examples Generation

Authors:

Junjie HouAuthors Info & Claims

GLSVLSI '21: Proceedings of the 2021 Great Lakes Symposium on VLSI

Pages 449 - 454

https://doi.org/10.1145/3453688.3461751

Published: 22 June 2021 Publication History

Abstract

Recent studies have shown that neural networks are vulnerable to adversarial example (AE) attacks. However, the existing AE generation techniques restrict the pixel perturbation to improve imperceptibility, resulting in low attack success rates. Although increasing perturbations can improve the attack success rate, the imperceptibility of AEs will be reduced. In order to mitigate this contradiction, we propose a new attack method, named AttAdvGAN, which uses adversarial-consistency loss for unpaired image-to-image translation to generate semantic-based AEs for faces, encouraging the generated image contains important features of the original image and hiding adversarial perturbations into shared feature in the target domain. Experiment results show that the proposed approach can generate imperceptible face AEs on the CelebA dataset with high attack success rate in fooling the state-of-the-art face recognition model. In addition, our proposed method can also be used for facial privacy protection.

References

[1]

Anand Bhattad, Min Jin Chong, Kaizhao Liang, Bo Li, and David A Forsyth. 2019. Unrestricted adversarial examples via semantic manipulation. arXiv preprint arXiv:1904.06347 (2019).

[2]

Tom B Brown, Dandelion Mané, Aurko Roy, Martín Abadi, and Justin Gilmer. 2017. Adversarial patch. arXiv preprint arXiv:1712.09665 (2017).

[3]

Ronan Collobert, Samy Bengio, and Johnny Mariéthoz. 2002. Torch: a modular machine learning software library. Technical Report. Idiap.

[4]

Francesco Croce and Matthias Hein. 2019. Sparse and imperceivable adversarial attacks. In Proceedings of the IEEE/CVF International Conference on Computer Vision. 4724--4732.

[5]

Yinpeng Dong, Fangzhou Liao, Tianyu Pang, Hang Su, Jun Zhu, Xiaolin Hu, and Jianguo Li. 2018. Boosting adversarial attacks with momentum. In Proceedings of the IEEE conference on computer vision and pattern recognition. 9185--9193.

[6]

Kevin Eykholt, Ivan Evtimov, Earlence Fernandes, Bo Li, Amir Rahmati, Chaowei Xiao, Atul Prakash, Tadayoshi Kohno, and Dawn Song. 2018. Robust physical-world attacks on deep learning visual classification. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition. 1625--1634.

[7]

I. J. Goodfellow, J. Pouget-Abadie, M. Mirza, X. Bing, and Y. Bengio. 2014a. Generative Adversarial Nets. MIT Press (2014).

[8]

Ian J Goodfellow, Jonathon Shlens, and Christian Szegedy. 2014b. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014).

[9]

Kaiming He, Xiangyu Zhang, Shaoqing Ren, and Jian Sun. 2016. Deep residual learning for image recognition. In Proceedings of the IEEE conference on computer vision and pattern recognition. 770--778.

[10]

Xun Huang, Ming-Yu Liu, Serge Belongie, and Jan Kautz. 2018. Multimodal unsupervised image-to-image translation. In Proceedings of the European conference on computer vision (ECCV). 172--189.

Digital Library

[11]

Phillip Isola, Jun-Yan Zhu, Tinghui Zhou, and Alexei A Efros. 2017. Image-to-image translation with conditional adversarial networks. In Proceedings of the IEEE conference on computer vision and pattern recognition. 1125--1134.

[12]

Mahmoud Kalash, Mrigank Rochan, Noman Mohammed, Neil DB Bruce, Yang Wang, and Farkhund Iqbal. 2018. Malware classification with deep convolutional neural networks. In 2018 9th IFIP international conference on new technologies, mobility and security (NTMS). IEEE, 1--5.

[13]

Danny Karmon, Daniel Zoran, and Yoav Goldberg. 2018. Lavan: Localized and visible adversarial noise. In International Conference on Machine Learning. PMLR, 2507--2515.

[14]

Ira Kemelmacher-Shlizerman, Steven M Seitz, Daniel Miller, and Evan Brossard. 2016. The megaface benchmark: 1 million faces for recognition at scale. In Proceedings of the IEEE conference on computer vision and pattern recognition. 4873--4882.

[15]

Alex Krizhevsky, Geoffrey Hinton, et al. 2009. Learning multiple layers of features from tiny images. (2009).

[16]

Alexey Kurakin, Ian Goodfellow, Samy Bengio, et al. 2016. Adversarial examples in the physical world.

[17]

Yann LeCun. 1998. The MNIST database of handwritten digits. http://yann.lecun. com/exdb/mnist/ (1998).

[18]

Aishan Liu, Xianglong Liu, Jiaxin Fan, Yuqing Ma, Anlan Zhang, Huiyuan Xie, and Dacheng Tao. 2019. Perceptual-sensitive gan for generating adversarial patches. In Proceedings of the AAAI conference on artificial intelligence, Vol. 33. 1028--1035.

Digital Library

[19]

Ziwei Liu, Ping Luo, Xiaogang Wang, and Xiaoou Tang. 2015. Deep learning face attributes in the wild. In Proceedings of the IEEE international conference on computer vision. 3730--3738.

Digital Library

[20]

Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. 2017. Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083 (2017).

[21]

Apostolos Modas, Seyed-Mohsen Moosavi-Dezfooli, and Pascal Frossard. 2019. Sparsefool: a few pixels make a big difference. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 9087--9096.

[22]

Ori Nizan and Ayellet Tal. 2020. Breaking the cycle-colleagues are all you need. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition. 7860--7869.

[23]

Shaoqing Ren, Kaiming He, Ross Girshick, and Jian Sun. 2016. Faster R-CNN: towards real-time object detection with region proposal networks. IEEE transactions on pattern analysis and machine intelligence, Vol. 39, 6 (2016), 1137--1149.

[24]

Karen Simonyan and Andrew Zisserman. 2014. Very deep convolutional networks for large-scale image recognition. arXiv preprint arXiv:1409.1556 (2014).

[25]

Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. 2013. Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199 (2013).

[26]

Chaowei Xiao, Bo Li, Jun-Yan Zhu, Warren He, Mingyan Liu, and Dawn Song. 2018. Generating adversarial examples with adversarial networks. arXiv preprint arXiv:1801.02610 (2018).

Digital Library

[27]

Weilin Xu, David Evans, and Yanjun Qi. 2017. Feature squeezing: Detecting adversarial examples in deep neural networks. arXiv preprint arXiv:1704.01155 (2017).

[28]

Yihao Zhao, Ruihai Wu, and Hao Dong. 2020. Unpaired image-to-image translation using adversarial consistency loss. In European Conference on Computer Vision. Springer, 800--815.

Digital Library

[29]

Jun-Yan Zhu, Taesung Park, Phillip Isola, and Alexei A Efros. 2017. Unpaired image-to-image translation using cycle-consistent adversarial networks. In Proceedings of the IEEE international conference on computer vision. 2223--2232.

Cited By

Park SLee SLim MHong PLee Y(2024)A Comprehensive Risk Analysis Method for Adversarial Attacks on Biometric Authentication SystemsIEEE Access10.1109/ACCESS.2024.343974112(116693-116710)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3439741
Zhang WLiu YWang CZheng CCui GGuo W(2024)EasyDAM_V4: Guided-GAN-based cross-species data labeling for fruit detection with significant shape differenceHorticulture Research10.1093/hr/uhae00711:3Online publication date: 10-Jan-2024
https://doi.org/10.1093/hr/uhae007
Deng ZLiu MLi X(2024)A Method Generating Adversarial Mark Based on Convolutional Neural NetworksProceedings of the 13th International Conference on Computer Engineering and Networks10.1007/978-981-99-9243-0_44(447-456)Online publication date: 2-Feb-2024
https://doi.org/10.1007/978-981-99-9243-0_44

Index Terms

Unpaired Image-to-Image Translation Network for Semantic-based Face Adversarial Examples Generation
1. Computing methodologies
  1. Machine learning
2. Security and privacy

Recommendations

Improving Adversarial Attacks on Face Recognition Using a Modified Image Translation Model
IVSP '21: Proceedings of the 2021 3rd International Conference on Image, Video and Signal Processing

Deep learning models have been widely applied in various computer vision tasks because of their remarkable achievements. However the appearance of adversarial examples reveals vulnerability of these deep neural networks (DNNs) and brings security ...
Adversarial examples: A survey of attacks and defenses in deep learning-enabled cybersecurity systems
Abstract
Over the last few years, the adoption of machine learning in a wide range of domains has been remarkable. Deep learning, in particular, has been extensively used to drive applications and services in specializations such as computer vision, ...
Highlights
- A taxonomy of cybersecurity applications is established.
- Adversarial machine learning is systematically overviewed.
- An extensive, curated list of cybersecurity-related datasets is provided.
- Methods for generating adversarial ...
Direction-aggregated Attack for Transferable Adversarial Examples
Deep neural networks are vulnerable to adversarial examples that are crafted by imposing imperceptible changes to the inputs. However, these adversarial examples are most successful in white-box settings where the model and its parameters are available. ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

GLSVLSI '21: Proceedings of the 2021 Great Lakes Symposium on VLSI

June 2021

504 pages

ISBN:9781450383936

DOI:10.1145/3453688

General Chairs:
Yiran Chen
Duke University, USA
,
Victor Zhirnov
Semiconductor Research Corporation, USA
,
Program Chairs:
Avesta Sasan
George Mason University, USA
,
Ioannis Savidis
Drexel University, USA

Copyright © 2021 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGDA: ACM Special Interest Group on Design Automation

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 22 June 2021

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Funding Sources

the National Natural Science Foundation of China
the Hunan Natural Science Foundation for Distinguished Young Scholars
the Hu-Xiang Youth Talent Program

Conference

GLSVLSI '21

Sponsor:

SIGDA

GLSVLSI '21: Great Lakes Symposium on VLSI 2021

June 22 - 25, 2021

Virtual Event, USA

Acceptance Rates

Overall Acceptance Rate 312 of 1,156 submissions, 27%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

3
Total Citations
View Citations
98
Total Downloads

Downloads (Last 12 months)4
Downloads (Last 6 weeks)0

Reflects downloads up to 25 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Park SLee SLim MHong PLee Y(2024)A Comprehensive Risk Analysis Method for Adversarial Attacks on Biometric Authentication SystemsIEEE Access10.1109/ACCESS.2024.343974112(116693-116710)Online publication date: 2024
https://doi.org/10.1109/ACCESS.2024.3439741
Zhang WLiu YWang CZheng CCui GGuo W(2024)EasyDAM_V4: Guided-GAN-based cross-species data labeling for fruit detection with significant shape differenceHorticulture Research10.1093/hr/uhae00711:3Online publication date: 10-Jan-2024
https://doi.org/10.1093/hr/uhae007
Deng ZLiu MLi X(2024)A Method Generating Adversarial Mark Based on Convolutional Neural NetworksProceedings of the 13th International Conference on Computer Engineering and Networks10.1007/978-981-99-9243-0_44(447-456)Online publication date: 2-Feb-2024
https://doi.org/10.1007/978-981-99-9243-0_44
Sheng Y(2021)Asymmetric CycleGAN for Unpaired Image-to-Image Translation Based on Dual Attention Module2021 3rd International Academic Exchange Conference on Science and Technology Innovation (IAECST)10.1109/IAECST54258.2021.9695748(726-730)Online publication date: 10-Dec-2021
https://doi.org/10.1109/IAECST54258.2021.9695748

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents