LC-GAN: Improving Adversarial Robustness of Face Recognition Systems on Edge Devices

Abstract

Deep learning-based (DL-based) face recognition has become an important application in the internet of things (IoT) environment. However, recent studies demonstrate that elaborate adversarial examples can mislead the results of DLbased face recognition on mobile and edge devices. Such vulnerability threats the robustness of face recognition systems and causes security issues. Generative adversarial defense methods can reform adversarial examples before input into the face recognition model to improve the accuracy under adversarial attacks. Unfortunately, the existing generative adversarial defense methods cannot completely remove the misleading features of adversarial examples due to the lack of robust encoding ability. In this paper, we propose a Local Consistency Generative Adversarial Network (LC-GAN) framework by adding the constraint of local consistency to force the encoder to mine consistent features in each local area, achieving robust encoding ability consequently. The framework includes three main novel designs. First, we present a patch-wise contrastive learning-based refinement stage with local consistency loss to encode robust identity features from non-salient areas that are undamaged by adversarial attacks. Second, we use a powerful expert network to guide the training of LC-GAN for eliminating adversarial identity features. Third, we design a multi-level identity loss to enhance the identity preservation ability by unifying the local and global identity features. Experimental results on four widely used face datasets show that LC-GAN outperforms other generative adversarial defense methods.