Abstract
Recent studies have shown that neural networks are vulnerable to adversarial example (AE) attacks. However, the existing AE generation techniques restrict the pixel perturbation to improve imperceptibility, resulting in low attack success rates. Although increasing perturbations can improve the attack success rate, the imperceptibility of AEs will be reduced. In order to mitigate this contradiction, we propose a new attack method, named AttAdvGAN, which uses adversarial-consistency loss for unpaired image-to-image translation to generate semantic-based AEs for faces, encouraging the generated image contains important features of the original image and hiding adversarial perturbations into shared feature in the target domain. Experiment results show that the proposed approach can generate imperceptible face AEs on the CelebA dataset with high attack success rate in fooling the state-of-the-art face recognition model. In addition, our proposed method can also be used for facial privacy protection.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
